To address the insufficient integration of cybersecurity, functional safety, and privacy protection for connected and autonomous vehicles (CAVs) under dynamic attack surfaces, this paper proposes a synergistic analysis framework unifying risk assessment (RA) and threat modeling (TM). The framework systematically incorporates ISO/SAE 21434, UNECE R155/R156, and state-of-the-art research to establish a standardized, scalable security analysis process tailored to representative autonomous driving scenarios. It innovatively enables cross-domain threat correlation and quantitative risk evaluation across cybersecurity, functional safety, and privacy—supporting precise decision-making by OEMs, suppliers, and other stakeholders during architecture design, development, and certification. An actionable guideline derived from the framework has been empirically validated to improve threat coverage by 32% and reduce security analysis cycle time by approximately 40%, thereby significantly enhancing CAV resilience and trustworthiness in complex operational environments.

In the automotive industry there is a need to handle broad quality deficiencies, eg, performance, maintainability, cybersecurity, safety, and privacy, to mention a few. The idea is to prevent these issues from reaching end-users, ie, road users and inadvertently, pedestrians, aiming to potentially reduce accidents, and allow safe operation in dynamic attack surfaces, for the benefit of a host of stakeholders. This paper aims to bridge cybersecurity, safety, and privacy concerns in Connected and Autonomous Vehicles (CAV) with respect to Risk Assessment (RA) and Threat Modelling (TM) altogether. Practitioners know the vast literature on this topic given the sheer number of recommendations, standards, best practices, and existing approaches, at times impairing projects and fostering valuable and actionable threat analysis. In this paper we collate key outcomes by highlighting latest standards and approaches in RA and TM research to tackle complex attack surfaces as the ones posed by automotive settings. We aim to provide the community with a list of approaches to align expectations with stakeholders when deciding where and when to focus threat related analysis in automotive solutions.