“Automotive production is now a systemically relevant target for global cyber actors. Production downtime causes damage in the double-digit millions – per day,” explains Stefan Bratzel, keynote speaker at the most recent EUROGUSS Executive Circle 2025. The current study on cybersecurity in automotive production, prepared by CAM in cooperation with Cisco, shows how strongly the supply chain is coming into focus. According to VicOne data cited in the study, 56.9 percent of attacks in the automotive environment in 2024 were directed at suppliers.
The attack surface emerges in the process
The networking of modern foundries is intentional. Die casting machines, robots, dosing and spraying systems, temperature control units, X-ray inspection, ERP and remote maintenance are interconnected. Process data helps reduce scrap, digital inspection records provide evidence, and remote access shortens downtime. For OEMs, this transparency is attractive because it improves quality, traceability and planning reliability.
But the more closely systems, data and external access points are connected, the larger the attack surface becomes. Attacks are aimed specifically at the weakest link in the IT ecosystem of automotive production. A service provider access point, a poorly segmented network or an outdated controller can have consequences for production. Remote work is also highly relevant as a vulnerability: In a Techconsult survey commissioned by Diconium among 200 cybersecurity experts and IT decision-makers from the automotive industry, 19.5 percent named security in the cloud and in remote work as the greatest challenge.
More than encrypted systems
Ransomware and malware attacks are among the key threats. Systems are encrypted, production comes to a halt. But these are not the only possible scenarios: Die casting depends on stable parameters, reproducible processes and documented quality. If inspection records are unavailable, batches cannot be traced or process data is damaged, this creates problems for approvals and customer communication. Design data, tool data, process windows and simulation models are also sensitive. Companies that lose them lose their competitive edge.
For suppliers, the decisive question will be how they can demonstrate their cyber resilience. In the automotive world, information security has long been part of supplier relationships. The VDA ISA catalogue, the German Association of the Automotive Industry’s catalogue of requirements for information security, and TISAX, the related assessment and exchange procedure for assessment results, provide an established framework.
At the same time, current attack patterns show that formal evidence alone is not enough. What matters is whether a company knows its critical processes, controls access, prepares restart processes and understands cybersecurity as part of its ability to deliver.
What matters now
The CAM and Cisco whitepaper describes a model of four central competence areas for empirically assessing a company’s cybersecurity performance: Competencies, Cooperations, Culture & Organisation and Cyber Strategy. For die casting foundries, this provides a pragmatic path forward. They need to know which systems, controllers, interfaces and remote access points are critical to their ability to deliver. They need to clarify which partners have access. And they need to anchor cybersecurity organisationally – not only in IT, but also in production, quality, purchasing and management.


