.png)
.webp)
In June, a cyberattack struck CDK Global, a software provider serving over 15,000 car dealerships across North America, causing widespread operational disruption. The attack, which occurred over two days, forced the company to take its systems offline, leaving dealerships scrambling to function. Many dealers reverted to manual methods, slowing down transactions and frustrating customers.
Beyond the immediate chaos, the cyberattack poses serious concerns for recent car buyers. If your dealership uses CDK Global software, personal data such as your Social Security number, employment details, and home address—may have been compromised. If your dealer was subject to this attack, experts recommended freezing your credit as a precautionary step to protect against identity theft.
Auto Dealerships Face an Escalating Threat Landscape
The attack on CDK Global is not an isolated incident but part of a troubling rise in cyber threats targeting the auto industry. Dealerships are increasingly becoming prime targets for hackers, and this is driving heightened awareness of attacks within the industry. According to a recent CDK Global study, 85% of dealerships now see cybersecurity as a top priority. However, only 37% of dealers feel confident in their current security measures—a significant decline in confidence compared to previous years.
The financial and operational toll from cyberattacks is massive. On average, ransomware attacks on dealerships lead to 16 days of downtime, with an average payout of over $228,000. But perhaps the most serious impact is the erosion of customer trust. A staggering 84% of customers say they would refuse to buy another vehicle from a dealership that failed to protect their data.
Why Are Dealerships Particularly Vulnerable?
One of the leading threats to auto dealerships is phishing, accounting for 36% of data breaches within the industry. This type of cyberattack often exploits human error, which is especially concerning for dealerships, given the high employee turnover rates they experience. With an average turnover rate of 24%, according to the National Automobile Dealers Association, training staff to recognize phishing attempts and adhere to cybersecurity protocols becomes a continuous challenge.
Dealerships also face vulnerabilities related to unsecured networks. Many offer free Wi-Fi for customers waiting for service, but these networks can provide an easy point of entry for hackers looking to access sensitive customer data. Failing to secure these wireless networks tends to leads to data breaches.
How Dealerships Are Responding
In response to the growing threats, dealerships are beginning to make critical investments in cybersecurity. Nearly 60% of dealerships plan to increase their IT infrastructure investments, with an emphasis on antivirus and malware protection, both of which saw a 31% boost in investment since 2021. Additionally, dealerships are focusing on securing endpoint devices, investing in cybersecurity insurance, and providing ongoing employee training to prevent phishing attacks.
These investments are not just about reacting to past breaches—they’re also essential for compliance. Auto dealerships fall under the Federal Trade Commission’s (FTC) Safeguards Rule, which requires non-bank financial institutions to implement robust cybersecurity measures. Initially set to take effect in December 2022, the deadline for compliance was extended to June 2023, giving dealerships additional time to meet the requirements.
What Dealerships Need to Do to Comply with the FTC Safeguards Rule
To comply with the Safeguards Rule, dealerships must create comprehensive security programs designed to protect sensitive customer data. Specific steps they need to take include:
- Appointing a qualified individual to manage their cybersecurity program
- Conducting a detailed risk assessment
- Monitoring and limiting access to sensitive data
- Encrypting sensitive information
- Training staff on cybersecurity best practices
- Developing an incident response plan
- Regularly assessing the security practices of third-party service providers
- Implementing multifactor authentication or equivalent security measures to safeguard customer information
The Way Forward: Reducing Vulnerabilities in Auto Dealerships
The cyberattack on CDK Global is a critical reminder of the urgent need for improved cybersecurity in the auto industry. As hackers become more sophisticated and attacks more frequent, dealerships must shift from a reactive approach to a proactive one. This means not only meeting regulatory requirements but also investing in long-term solutions that protect their business and their customers.
By prioritizing security improvements—whether by enhancing employee training, securing networks, or updating IT infrastructure—dealerships can safeguard themselves from future breaches. As more customers become aware of cybersecurity risks, the dealerships that prove they can protect sensitive data will protect their reputation and stand to benefit from customer loyalty.
In an age where trust is becoming as important as product quality, auto dealerships must adapt to the new reality of cyber risk, using today’s challenges as a steppingstone toward a more secure future.
