Cyber threats grew quickly last year, affecting industries that depend on sensitive data and digital systems. Finance, healthcare, and government agencies are still major targets. 

However, auto dealerships are now also facing more cyber attacks. With a global market value over $3 trillion, dealerships handle large amounts of customer and financial data. This makes them prime targets for ransomware, phishing, and other cyber attacks.

In this episode of One Step Beyond Cyber, Scott Kreisberg speaks with Kevin McAdam. They discuss the growing cybersecurity threats in the automotive retail industry.

 

 

Auto dealerships, regardless of size, share one critical vulnerability—they manage vast amounts of sensitive data. From customer financial records to sales transactions and inventory systems, dealerships operate with valuable information that cyber criminals actively seek.

The CDK Global cyber attack in June 2024 exposed just how vulnerable the industry is. The ransomware attack affected about 15,000 dealerships in the U.S. and Canada. Many businesses could not access important data for almost three weeks.

Some dealerships resorted to pen-and-paper operations to stay afloat, while others had to shut down entirely. The financial impact was staggering—over $1 billion in combined dealership losses, not including reputational damage, customer fallout, and legal costs.

 

 

 

Hackers have often targeted big companies like banks and hospitals. But as these industries improved their security, cyber criminals moved to easier targets, such as auto dealerships. 

Many dealerships are family-owned and have leaders from different generations. This often leads to old cybersecurity measures and limited IT resources. As a result, they struggle to defend against advanced cyber threats. 

As dealerships depend more on digital systems for sales, financing, and customer management, they face more cyber risks. The CDK attack was a wake-up call. Without better cybersecurity, auto dealerships are easy targets for the next big breach.

Read more about CDK Global

 

The Cost of Cyber crime in the Automotive Sector 

Cyber crime against auto dealerships has skyrocketed. Experts estimate that cyber-related losses in the industry will exceed $500 billion in 2024. Recent breaches show that this amount likely has already surpassed expectations.

In December, cyber attacks on auto dealers rose by 55% from the previous year. This shows a trend of breaking records.

Beyond financial losses, cyber attacks cause reputational damage. A survey by Total Dealer Compliance revealed that 84% of consumers would  not buy another car from a dealership after their data had been compromised. Unlike car theft, where insurance covers most losses, a cyber breach can damage trust and business operations. 

Take a closer look here.

 

What Makes Dealerships Vulnerable to Cyber Attacks?

  1. Lack of Cybersecurity Investment – Many auto dealerships do not prioritize cybersecurity due to historically minimal digital threats.

  2. High Visibility and Financial Transactions – Dealerships are prominent businesses with significant cash flow, making them attractive to cyber criminals.

  3. Numerous Attack Vectors – Dealerships have a vast number of computers, from reception to sales, parts, and service departments. Each endpoint is a potential entry point for cyber threats.

  4. Weak Internal Security Practices – Employees handling sensitive data may not follow best security practices, such as proper password management or secure document handling.

  5. Outdated IT Infrastructure – Many dealerships rely on outdated or poorly secured systems, making them more susceptible to attacks.

Explore the top 5 Cybersecurity Threats Facing Auto Dealerships Today

 

The Hidden Risks of Relying on Third-Party Software in Car Dealerships

Auto dealerships rely on third-party software like Dealer Management Systems (DMS). These systems help with important tasks such as payroll, sales processing, inventory management, and customer records.

These platforms are convenient and efficient. However, they also bring serious cybersecurity risks. They create single points of failure that dealerships cannot control easily.

The CDK Global ransomware attack happened in June 2024. It showed that dealerships are vulnerable.

This is especially true when they rely on a single third-party provider. One of the leading DMS providers was hacked – leaving 15,000 dealerships unable to access important business systems for weeks.

 

 

 

A robust backup system is an essential part of any dealership’s cybersecurity strategy. Without a proper backup solution, a ransomware attack or data breach could result in permanent data loss, crippling operations. A good backup plan helps keep a business running. It reduces downtime if there is a cyber attack, hardware failure, or data loss.

The CDK Global attack proved that auto dealerships can’t afford to blindly trust third-party software providers. Dealerships can protect their operations, customers, and profits from cyber threats. They should use proactive security measures. It's also important not to rely on just one vendor.

 

Compliance and Legal Consequences of Cyber Breaches

Auto dealerships are heavily regulated under the FTC Safeguards Rule due to their handling of financial and personal data. Compliance failures can result in significant legal and financial repercussions. Additionally, falsifying compliance records—intentionally or unintentionally—can lead to severe penalties, as seen in legal cases where businesses faced prosecution for misrepresenting their cybersecurity measures.

Post-breach litigation costs can exceed millions of dollars, even for smaller businesses. Dealerships must proactively safeguard their operations to avoid regulatory fines, lawsuits, and reputational damage.

Does Meeting Compliance Requirements Mean You’re Safe?

 

Proactive Steps Dealerships Can Take to Protect Themselves

 

 

 

  1. Conduct a Vulnerability Assessment – Identify and address weaknesses before cyber criminals exploit them.

  2. Implement Multi-Layered Security – Firewalls, endpoint protection, email security, and continuous monitoring should all be part of the security strategy.

  3. Use Third-Party Security Experts – Internal IT teams often lack specialized cybersecurity expertise. Outsourcing to professionals ensures continuous protection.

  4. Separate Security and IT Management – Security oversight should be independent from general IT management to prevent conflicts of interest.

  5. Strengthen Compliance Efforts – Ensure adherence to FTC regulations and regularly audit security measures.

  6. Enhance Employee Training – Make security awareness a routine part of the dealership culture.

  7. Plan for Business Continuity – Develop and test incident response plans to minimize downtime in the event of an attack.

 

Auto dealerships must recognize that cybersecurity is no longer optional—it is a business necessity. Cyber criminals will continue to exploit vulnerabilities in the industry unless dealerships take proactive measures to fortify their defenses. By implementing strong security practices, conducting regular assessments, and working with cybersecurity experts, dealerships can protect their data, their reputation, and their bottom line.

Your dealership relies on more than just excellent vehicles—it depends on data. Discover ways to enhance your dealership’s security, Schedule You Call, Today!

Tune in to the One Step Beyond Cyber Podcast on:

BuzzSprouts | Spotify | Apple Podcast | Amazon Music | YouTube