Imagine a year's worth of traffic car deaths, in multiple countries all over the world, during a single, horrifying span of ten minutes. And how ready is your underfunded public transit system to cope with a large proportion of the city's cars being unusable during the few days it takes the company to deal with the hack while everybody is going at them with pitchforks both legal and more or less literal?

But this is a science-fictional premise that's already been used in fiction more than once. In the real world, the whole of our critical software infrastructure is practically impervious to any form of attack, and, if nothing else, companies take the ethical responsibilities inherent in their control over data and systems with the seriousness it demands, even lobbying for higher levels of regulation than less technically sophisticated public and governments demand. And, while current on-board software systems are known to be ridiculously vulnerable to remote attacks, it's only to be expected that more complex programs running on heterogeneous large-scale platforms under overlapping spheres of regulation and oversight will be much safer.

So nothing to worry about.