Why Fleet Cybersecurity Is Not Just an IT Problem

When a fleet operator thinks about cybersecurity, the instinct is to look towards the IT department and the familiar territory of firewalls, password policies, and email phishing training. That framing made sense when vehicles were mechanical assets and the only connected system was the office network.

That framing no longer reflects how a modern fleet actually operates. A connected fleet generates, transmits, and depends on data at every point in its operation, from GPS positioning and telematics diagnostics through to driver identification, cargo condition monitoring, and remote vehicle commands. None of these systems sit inside the IT department’s traditional perimeter. They sit in vehicles, on roads, connected through cellular networks to cloud platforms that the fleet manager may never have evaluated for security.

The question is not whether fleet cybersecurity matters. It is whether fleet operators recognise that the exposure is operational, not technological, and that the person who bears the consequences is more likely to be the fleet manager than the IT director.

Where the exposure to fleet cybersecurity actually sits

Upstream Security’s 2026 Global Automotive and Smart Mobility Cybersecurity Report analysed 494 publicly reported cybersecurity incidents across the automotive and mobility sector in 2025. Two findings stand out for fleet operators: 67% of those incidents involved telematics and cloud systems as attack vectors, and 92% of attacks were conducted remotely with no physical proximity to the vehicle required.¹

These incidents are not targeting office servers. They target the systems that fleet operations depend on daily, including GPS tracking platforms, telematics dashboards, over-the-air update channels, and the APIs that connect fleet management software to vehicle hardware. When these systems are compromised, the consequences are felt in the yard, on the road, and at the customer’s loading dock, not in the server room.

Consider what a GPS spoofing attack means in practical terms for a logistics operation in Southeast Asia. A vehicle’s reported position shifts, and the dispatcher sees it progressing along its route while the vehicle is somewhere else entirely. Geofence alerts fail to trigger, arrival time estimates become unreliable, and for everyday delivery operations, the damage compounds quietly through eroded schedule accuracy, disputed delivery times, and a growing gap between what the dashboard reports and what is actually happening on the ground.

Or consider the CAN bus, the internal communication network that connects a vehicle’s subsystems. Malware targeting the CAN bus can interfere with engine diagnostics, tamper with odometer readings, or disable safety systems. For fleet operators in the Gulf states, where extreme heat accelerates component wear and makes accurate diagnostics essential to safe operations, compromised CAN bus information is particularly consequential. Maintenance decisions built on false inputs mean vehicles that appear healthy may not be, and in operating environments where a missed fault can strand a vehicle in 45-degree heat, the margin for error is narrow.

The gap between IT security and fleet security

Most fleet operators have some level of IT security in place, typically covering the office network with firewalls, enforcing multi-factor authentication on email accounts, and running annual awareness training for staff. These measures protect the corporate environment and they are necessary, but they do not extend to the fleet itself. Fleet cybersecurity requires a different approach because the systems at risk are different.

The telematics device fitted to each vehicle communicates over cellular networks to a cloud platform operated by a third-party provider. The fleet management dashboard pulls data through APIs, driver mobile applications connect to dispatch systems, and cargo sensors transmit temperature and condition data throughout the day. Each of these connections represents an attack surface, and none of them fall within the scope of a standard corporate IT security policy. Telematics security, in particular, sits in a gap between what the IT department manages and what the fleet operations team assumes is handled.

The Upstream report found that ransomware accounted for 44% of automotive and mobility cybersecurity incidents in 2025, more than double the previous year’s figure.¹ In the most severe cases, a single ransomware incident rippled outward through manufacturers, their suppliers, and the fleet operations that depended on the same compromised platforms. Ransomware does not distinguish between a multinational OEM and a 200-vehicle logistics fleet using the same telematics provider. If the platform goes down, every fleet connected to it is affected.

What fleet operators can do now

The first step is not purchasing a cybersecurity product but understanding what connected systems your fleet depends on and who is responsible for securing each one.

Know your connected systems. List every device, platform, and data connection in your fleet operation, from GPS trackers and telematics units through to dashcams, cargo sensors, driver apps, fleet management software, and the APIs connecting them. Most fleet operators have never conducted this inventory.

Ask your providers the right questions. Find out whether your telematics provider holds ISO 27001 certification, what their incident response plan looks like, how over-the-air updates are authenticated before deployment, and whether they have any mechanism to detect manipulation of the telemetry data your fleet generates. If your provider cannot answer these questions clearly, that is information worth having. TTMI publishes a structured provider evaluation guide with twelve questions covering data protection, incident response, telemetry integrity, and regulatory readiness, designed to take into your next vendor conversation. The guide is available at ttmi.com.sg/cybersecurity.

Separate fleet systems from corporate IT. Network segmentation between your corporate environment and your fleet management systems limits the damage if either side is compromised. This is a practical measure that IT departments can implement, but only if fleet operations identifies the requirement.

Treat cybersecurity as an operational discipline. Driver briefings, maintenance scheduling, fuel management, and route planning are all operational disciplines with defined processes and accountability. Cybersecurity for connected fleet systems belongs in the same category, managed by the people who understand the operational impact rather than delegated entirely to a department that may not know a telematics unit from a temperature sensor.

The regulatory landscape is moving

UN Regulation No. 155 (UN R155), developed under the UNECE World Forum for Harmonisation of Vehicle Regulations (WP.29), represents the most significant piece of connected vehicle cybersecurity legislation to date, requiring vehicle manufacturers to implement a Cybersecurity Management System (CSMS) covering the entire vehicle lifecycle.² The regulation applies across the 54 contracting parties to the 1958 UNECE Agreement, including Japan, South Korea, Thailand, and Malaysia.³

UN R155 is directed at manufacturers rather than fleet operators, but its requirements cascade through the supply chain. Vehicles entering production must meet cybersecurity standards, and the telematics and connected systems fitted to those vehicles must be included in the manufacturer’s cybersecurity assessment. Fleet operators purchasing new vehicles in markets that have adopted R155 will increasingly find that cybersecurity documentation accompanies the vehicle, much as emissions compliance documentation does today.

For fleet operators, the practical implication is straightforward. The connected systems you rely on are coming under regulatory scrutiny, and understanding what that scrutiny covers, and where your own responsibilities begin, is no longer optional.

Further reading

TTMI publishes plain-language reference guides on the cybersecurity standards and regulations that affect connected fleet and IoT systems. Start with the ISO 27001 Reference Guide for an overview of information security management requirements, or explore the UN R155 overview for a summary of vehicle cybersecurity type approval obligations. To find out how TTMI approaches cybersecurity for connected fleets, visit ttmi.com.sg/cybersecurity. If you want to put these principles into practice with your own providers, our Connected Fleet Cybersecurity: Questions to Ask Your Technology Providers guide is available at the same address.

Sources

1. Upstream Security, 2026 Global Automotive and Smart Mobility Cybersecurity Report, Birmingham, MI, 18 February 2026.

2. United Nations Economic Commission for Europe, UN Regulation No. 155: Uniform provisions concerning the approval of vehicles with regards to cyber security, Supplement 3, entry into force 10 January 2025.

3. UNECE, Status of the 1958 Agreement: Contracting Parties and UN Regulations, accessed April 2026. 54 contracting parties including Japan, South Korea, Thailand, and Malaysia.