How Auto Dealerships Can Navigate the Perilous Road of Cybersecurity

Within the world today, the automotive industry faces a growing and alarming threat—cybersecurity risks. Auto dealerships, in particular, have been grappling with this issue, driven by new regulations and a significant surge in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global paints a concerning picture of the industry's vulnerability. According to the report, 85% of dealerships emphasize that cybersecurity is now considered very important, surpassing other operational areas. Furthermore, 89% of dealerships acknowledge that cybersecurity's importance has escalated compared to the previous year, marking a 12% increase. However, confidence in the current protection measures is plummeting, with only 37% of auto retailers feeling secure, indicating an alarming 21% decrease since 2021.

The CDK Global study also reveals the grave consequences of cyberattacks on dealerships. Following a ransomware attack, dealerships endured an average of 16 days of downtime, incurring a substantial cost averaging above $200,000. Yet, the most impactful outcome of these attacks is their potential to erode customer loyalty. A staggering 84% of customers assert they would not consider purchasing another vehicle from a dealership if their data was compromised in a breach.

Phishing is the dealership's primary concern, contributing to 36% of data breaches. This is primarily attributed to user error and employee turnover, which remains relatively high within the industry. Despite recent reductions, the National Automobile Dealers Association Workforce Study reports an annual turnover rate of 24%. The persistently high turnover rate continues to burden dealerships' training and compliance efforts.

Another significant vulnerability arises from dealerships' provision of unsecured wireless networks for customers. Although this is a customer-friendly feature, it inadvertently opens the door for hackers to access sensitive customer data. Implementing password-protected guest networks can significantly enhance data security and reduce this risk.

Dealerships have recognized the pressing need to invest in their IT infrastructure. Approximately 2/3 of dealerships have plans to increase their investments in this area. Top priorities include deploying antivirus and malware protection tools, which have witnessed a 31% increase from 2021. Cybersecurity measures aimed at mitigating the top threats, such as phishing and ransomware, are also on the agenda. Dealerships likewise focus on securing endpoint devices, procuring cybersecurity insurance, and providing ongoing staff training.

The urgency to address cybersecurity issues is further underscored by the looming deadline for compliance with the FTC Safeguards Rule. Initially scheduled to take effect in December 2022, auto dealerships were granted an extension until June 2023 to meet the requirements. Falling under the category of non-bank financial institutions, auto dealerships are mandated to adhere to the Safeguards Rule, which demands establishing a comprehensive security program to safeguard customer information.


To comply with these regulations, dealerships must designate a qualified individual to oversee their information security program, develop a written risk assessment, limit and monitor those who can access sensitive customer information, encrypt all sensitive data, train security personnel, create an incident response plan, periodically assess the security practices of service providers, and implement multifactor authentication or an equivalent protection method for individuals accessing customer information.

In conclusion, the automotive industry's heightened concern about cybersecurity reflects the ever-increasing importance of protecting sensitive customer information. With the increasing frequency of cyberattacks and evolving regulations, auto dealerships must prioritize cybersecurity to safeguard their customers, maintain their reputation, and ensure business continuity. This ongoing battle underscores the critical importance of adapting to the rapidly changing digital landscape to secure the auto industry's future.

Michael Markulec

technology executive, cyber-security guru, politician, rugby player, deadhead, brewer, former army officer, crossfitter, and hard-drinking calypso poet.