Cyberattacks Increase in Auto Dealerships as Hackers Take Advantage of Gaps in Protection

October 12, 2022

2nd Annual CDK Global State of Cybersecurity in the Dealership report shows sharp uptick in investment of preventative measures ahead of FTC Safeguards Rule implementation

HOFFMAN ESTATES, Ill. – Oct. 12, 2022 – Cybercriminals are getting craftier as auto retailers continue to fall victim to well-disguised attacks. According to the second annual dealership cybersecurity study by CDK Global Inc., a leading automotive retail software provider, 15% of dealers have experienced a cybersecurity incident in the past year. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue. The consistent cyberthreats have auto retailers concerned about securing their networks as they prepare for the upcoming Federal Trade Commission (FTC) Safeguards Rule implementation on Dec. 9.

“Consumers are continuously shifting to a more mobile environment, requiring automotive dealerships to streamline their sales and service online. Unfortunately, it can lead to creating gaps in IT networks for securing data,” said Joe Bell, vice president and general manager of IT Solutions Product & Technology, CDK Global. “Updating a dealership’s IT infrastructure, establishing an incident readiness plan and identifying qualified individuals to oversee the requirements are important steps for auto retailers in meeting the upcoming FTC compliance deadline.”

The amended FTC Safeguards Rule outlines compliance measures that includes securing customer data and implementing a comprehensive information security program. Having a solid cybersecurity plan in place is key for dealers to meet the Safeguards Rule, yet the study found that only 37% of auto retailers are confident in the current protection, resulting in a 21% decrease in preparedness compared to CDK Global’s 2021 study. With the Rule compliance deadline fast approaching, dealerships are getting serious about their cybersecurity measures.

The CDK Global State of Cybersecurity in the Dealership report found nearly 60% of dealers plan to prioritize upgraded investments in IT infrastructure, including:

  • Anti-virus and malware protection increased by 31% compared to 2021, followed by establishing secure networks with consistent updates and patching.
  • Dealers plan to update cybersecurity measures to combat top cyberthreats, such as email phishing, ransomware, lack of employee awareness, theft of business data, PC virus or malware, and stolen or weak passwords.
  • Additional action plans include securing endpoint devices, investing in cybersecurity insurance and continued staff training.

Dealerships are preparing for the influx of possible attacks to their infrastructure, including hiring cybersecurity experts both in-house and externally and educating staff on detecting potential cyber threats.

“With the recent surge of ransomware attacks around the world and the advancement of security protocols we have made, cybersecurity remains a huge priority,” said Preston Petersen, general manager and partner at Team Automotive Group in Baton Rouge, Louisiana. “The risk to businesses and our industry is at an all-time high, and we take that risk very seriously.”

Ensuring that dealers will be FTC compliant by Dec. 9 remains uncertain, as many auto retailers are finding the Safeguards Rule to be difficult to understand or complete. CDK’s State of Cybersecurity report found that only 35% of dealers fully comprehend the new ruling and less than half are well-prepared. While 71% were familiar with protection mandates including multi-factor authentication, data encryption, and data and systems inventory, several requirements remain cloudy, including compliance on mitigation, threat detection and response.

“Partnering with a managed service provider can assist dealerships in eliminating the guesswork for FTC compliance, ensuring a safer, more secure and up-to-date IT infrastructure,” said Bell.

Andrew McClure, director of IT Operations of The Patrick Dealer Group locations in Illinois, echoed Bell’s recommendation on dealer cybersecurity safeguarding. “Engage with a chief information security officer who aligns with (analytic models) FAIR/NIST/CISA standards, research best practices and follow directions on structuring a layered cybersecurity program for your business,” McClure suggested. “Cybersecurity investments will pay dividends in threat/risk reductions.”

About the 2nd Annual CDK Global Inaugural Dealership Cybersecurity Report
The CDK Global inaugural Dealership Cybersecurity Report was conducted in June 2022 among a national sample of 201 dealerships. The interviews were conducted online by CDK Research & Insights. Participants included dealer executives, IT decision makers and departmental influencers within the dealerships. To view CDK’s Dealership Cybersecurity Report, please visit State of Cybersecurity in the Dealership.

About CDK Global Inc.
CDK Global is the preferred enabler of automotive commerce, delivering a comprehensive, modern dealer management software platform and suite of solutions designed to help automotive dealers and manufacturers run their businesses successfully and create great experiences for consumers. The company serves over 15,000 retail automotive locations in North America and is a subsidiary of Brookfield Business Partners, the flagship listed vehicle of Brookfield Asset Management’s Private Equity Group. Brookfield Partners owns and operates high-quality businesses like CDK that provide essential products and services and which benefit from a strong competitive position.

Media Contact:
Lisa Finney