Fifteen percent of car dealers have experienced a cybersecurity incident in the past year. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue.

The 2022 State of Cybersecurity in the Dealership report from CDK Global Inc. surveyed business and IT executives at 201 car dealerships in the United States about their current cybersecurity posture.

The study found that 37% of auto retailers are confident in their current cybersecurity protection, resulting in a 21% decrease in preparedness compared to CDK Global’s 2021 study. The report found nearly 60% of dealers plan to prioritize upgraded investments in cybersecurity infrastructure, including:

  • Anti-virus and malware protection increased by 31% compared to 2021, followed by establishing secure networks with consistent updates and patching.
  • Dealers plan to update cybersecurity measures to combat top cyberthreats, such as email phishing, ransomware, lack of employee awareness, theft of business data, PC virus or malware, and stolen or weak passwords.
  • Additional action plans include securing endpoint devices, investing in cybersecurity insurance and continued staff training.
  • Dealerships are preparing for the influx of possible attacks to their infrastructure, including hiring cybersecurity experts both in-house and externally and educating staff on detecting potential cyber threats.

“With the recent surge of ransomware attacks around the world and the advancement of security protocols we have made, cybersecurity remains a huge priority,” said Preston Petersen, General manager and Partner at Team Automotive Group in Baton Rouge, Louisiana. “The risk to businesses and our industry is at an all-time high, and we take that risk very seriously.”

Andrew McClure, Director of IT Operations at The Patrick Dealer Group locations in Illinois, echoed Bell’s recommendation on dealer cybersecurity safeguarding. “Engage with a chief information security officer who aligns with FAIR/NIST/CISA standards, research best practices and follow directions on structuring a layered cybersecurity program for your business,” McClure suggested. “Cybersecurity investments will pay dividends in threat/risk reductions.”

For more report insights, click here.