Automotive Cybersecurity: 3 Companies compared

Automotive cybersecurity companies protect connected and software-defined vehicles across their lifecycle. From ECUs, in-vehicle networks, and telematics to cloud backends, fleets, and EV charging. This guide compares the firms that OEMs…

3 companies|Updated May 2026

Looking specifically for vehicle pen testing? Read our deep-dive on automotive penetration testing. Scope, standards, Pwn2Own, and the firms doing the research.

Automotive Pen Testing guide →

Quick comparison

All automotive cybersecurity companies side by side, alphabetical.

CompanyFoundedEngagementSpecialismStandards / accreditations
PCA Cyber Security2019Project-based engagementsOEMs and suppliers that need elite offensive testing, TARA, and managed monitoring for co…TISAX Assessment Level 3ISO/SAE 21434UNECE R155
Upstream Security2017Subscription (custom)OEMs and fleet operators that want cloud-scale detection, response, and a managed Vehicle…ISO/SAE 21434UNECE R155UNECE R156
VicOne2022Subscription (custom)OEMs and suppliers wanting a broad, lifecycle automotive security portfolio backed by an…ISO/SAE 21434UNECE R155Automotive SPICE (ASPICE) Level 2

PCA Cyber Security

Automotive Cybersecurity
Best fit for

OEMs and suppliers that need elite offensive testing, TARA, and managed monitoring for connected vehicles and embedded products

PCA Cyber Security (formerly PCAutomotive) is a Budapest-based specialist in offensive security and threat intelligence for vehicles and embedded systems. The firm runs dedicated CyberLab and CyberGarage research facilities and has built a strong public reputation through repeated Pwn2Own Automotive participation and disclosed vehicle vulnerability research, including 21 vulnerabilities across Skoda and Volkswagen vehicles and their cloud backend. While rooted in automotive, PCA has expanded into fintech, manufacturing, consumer electronics, and energy. It is a services-led firm focused on penetration testing, TARA, verification and validation, and managed product SOC monitoring rather than off-the-shelf software.

Founded

2019

Engagement

Project-based engagements

Standards & accreditations

TISAX Assessment Level 3ISO/SAE 21434UNECE R155

Upstream Security

Automotive Cybersecurity
Best fit for

OEMs and fleet operators that want cloud-scale detection, response, and a managed Vehicle SOC for connected fleets

Upstream Security operates a cloud-native, agentless AI platform purpose-built for connected vehicles and mobility IoT. It ingests telematics, OTA, diagnostic, and dealership data to deliver cybersecurity detection and response (V-XDR), automotive threat intelligence, and data-driven applications. Upstream pairs its platform with a managed 24/7 Vehicle Security Operations Center and monitors tens of millions of vehicles, making it one of the largest-scale players in connected-vehicle security. Because it works server-side without in-vehicle agents, it is typically deployed alongside embedded ECU protection rather than replacing it.

Founded

2017

Engagement

Subscription (custom)

Standards & accreditations

ISO/SAE 21434UNECE R155UNECE R156

VicOne

Automotive Cybersecurity
Best fit for

OEMs and suppliers wanting a broad, lifecycle automotive security portfolio backed by an established cybersecurity parent

VicOne is a wholly-owned subsidiary of Trend Micro dedicated exclusively to automotive cybersecurity for connected and electric vehicles. It leverages Trend Micro's 30-plus years of security expertise and the Zero Day Initiative's vulnerability research network. The same program behind Pwn2Own Automotive. To give OEMs and suppliers lifecycle protection from development and production through in-vehicle operation. Its portfolio covers an in-vehicle IDPS, a managed VSOC, threat intelligence, SBOM and vulnerability management, and penetration testing services.

Founded

2022

Engagement

Subscription (custom)

Standards & accreditations

ISO/SAE 21434UNECE R155Automotive SPICE (ASPICE) Level 2TISAX Assessment Level 3

Related guides

Other categories you might be evaluating alongside automotive cybersecurity.

About this listing

Automotive Cybersecurity companies, listed alphabetically and compared on public information. How we work →

Frequently Asked Questions

Automotive cybersecurity protects vehicles and the systems around them from cyber attacks. It spans the electronic control units (ECUs) and in-vehicle networks inside the car, the telematics and connectivity that link it to the outside world, the cloud backends and mobile apps that serve it, and the EV charging and fleet infrastructure it depends on. Specialist firms provide a mix of penetration testing, embedded protection software, managed monitoring, and compliance tooling.

ISO/SAE 21434 is the international standard for cybersecurity engineering of road vehicles, defining how manufacturers build a cybersecurity management system (CSMS) across the vehicle lifecycle. UNECE R155 is a UN regulation that makes a certified CSMS mandatory for vehicle type approval in many markets. Most automotive cybersecurity companies position their services and products to help OEMs and suppliers meet these requirements.

It depends on where your risk and resources sit. Embedded products such as intrusion detection agents and ECU runtime protection defend the vehicle itself but require integration into hardware. Cloud platforms and managed Vehicle SOCs detect and respond to threats across a connected fleet without an in-vehicle footprint. Penetration testing and TARA services validate security before and after launch. Most mature programs combine all three rather than picking one.

The primary buyers are vehicle manufacturers (OEMs) and Tier-1 suppliers that must meet type-approval requirements and secure increasingly software-defined vehicles. Fleet operators, EV charging networks, insurers, and connected-device manufacturers also use these firms, since the same embedded and connected-system risks apply well beyond passenger cars.