Upstream Secures $62M Series C Funding to Scale Automotive Cybersecurity

The Rise of Automotive Cybersecurity: Upstream's $62 Million Funding

In 2015, a pivotal event highlighted vulnerabilities in automotive software. Researchers Charlie Miller and Chris Valasek successfully hacked a Jeep Cherokee remotely, demonstrating potential risks to the auto industry. This demonstration, conducted with Wired reporter Andy Greenberg driving the vehicle, spurred calls for improved automotive cybersecurity.

The consequences were significant for Fiat Chrysler, Jeep’s parent company. A recall of 1.4 million vehicles was initiated, accompanied by $105 million in fines levied by the National Highway Traffic and Safety Administration.

Financial Impact and Upstream's Response

Yoav Levy, CEO of Upstream, estimates the Jeep hack’s total cost to the automaker exceeded $1 billion, factoring in recall expenses and damage to brand reputation. Responding to this growing threat, Israel-based Upstream announced a $62 million Series C funding round on Tuesday.

These funds will be allocated to strengthening Upstream’s cloud-based security solutions, aiming to prevent similar remote hacking incidents from occurring in the future. The company’s core mission is to proactively safeguard vehicles against cyberattacks.

How Upstream's Technology Works

“We monitor all data transmitted to the vehicle from the automaker’s cloud,” explained Levy to TechCrunch. “Our system blocks malicious messages before they reach the car, ensuring a secure connection.”

Upstream analyzes connected car data and telematics, including information from mobile apps and over-the-air updates. The system identifies anomalies within this data stream, flagging potential security breaches.

Expanding Beyond Security: Data Analytics and Insights

Beyond bolstering its security operations, Upstream intends to leverage the new funding to broaden its service offerings. This includes expanding into data analytics, insurance telematics, predictive analytics, and business intelligence.

Levy noted that anomalies detected during security analysis often reveal insights unrelated to cybersecurity. This presents an opportunity to develop additional applications for Original Equipment Manufacturers (OEMs), providing valuable data-driven insights.

A Growing Market Driven by Regulation

The automotive cybersecurity market is experiencing substantial growth, projected to rise from $1.9 billion in 2020 to $4 billion in 2025. This expansion is partly fueled by increasing regulatory mandates.

The World Forum for Harmonization of Vehicle Regulations (WP 29) has established cyber vehicle regulation compliance. This requires manufacturers selling vehicles in Europe, Japan, and Korea to continuously monitor their vehicles using a Vehicle Security Operations Center (VSOC).

A VSOC functions as a central control room, staffed by analysts who monitor infrastructure, cloud systems, data flows, and firewalls around the clock. While the U.S. currently lacks similar mandates, automakers are proactively investing in cybersecurity to protect their brands.

Upstream's Current Reach and Future Growth

Upstream currently supports nearly four million connected vehicles from six different OEMs across the United States, Europe, and Japan. The company anticipates continued growth as the number of connected vehicles on the road increases.

“The amount of data collected by cars is doubling annually,” Levy stated. “Increasing complexity, including vehicle-to-vehicle communication and advanced driver-assistance systems (ADAS), creates more opportunities for software vulnerabilities.”

The Evolving Threat Landscape

While the prospect of a remotely hijacked vehicle is alarming, Levy clarified that most hackers are primarily interested in data, not causing physical harm. Ransomware attacks are a common manifestation of this threat, particularly targeting fleets.

“Imagine a last-mile delivery company unable to unlock doors or start engines on Christmas Eve,” Levy explained. “This disruption can have severe business consequences.”

Cloud-based security provides a comprehensive overview of a fleet, enabling the detection of malicious activity and protecting connected devices. It offers a broader perspective than analyzing individual vehicles.

Focus on OEMs and Fleet Opportunities

Upstream’s primary focus remains on convincing car manufacturers of the necessity of its technology. However, the company sees significant potential in the fleet market within the next year.

To date, Upstream has raised a total of $105 million since its founding in 2017. The Series C funding round was led by Mitsui Sumitomo Insurance, with participation from I.D.I. Insurance, 57 Stars’ NextGen Mobility Fund, and La Maison Partners.

Existing investors, including Glilot Capital, Salesforce Ventures, Volvo Group Venture Capital, Nationwide, Delek US, and others, also contributed to the round. Notably, several of Upstream’s investors are also its customers.

Upstream’s investor base includes Alliance Ventures (Renault, Nissan, Mitsubishi), Volvo Group Venture Capital, Hyundai, Nationwide Insurance, Salesforce Ventures, MSI, CRV, Glilot Capital Partners, and Maniv Mobility.