Pub. 21 2022 Issue 1

Acting With Urgency Against Cyber Threat

Acting With Urgency Against Cyber Threat to Auto Dealers

Cyber-attacks on dealerships are becoming more and more prevalent and are costing hundreds of thousands of dollars, lost customers, and reputational damage. You probably already know of a dealership that has been a victim of this growing crime.

With the increasing reliance on technology and the growing threat of cyber-attacks, it’s more important than ever that you have the right strategy, technology, and resources in place to survive a data breach and its potential multimillion-dollar impact.

What is the risk and why the urgency?

  • 84% of car buyers say they would not return to a dealership whose data had been breached
  • On an average day, 153 viruses and 84 malicious spam emails are blocked by technology on a dealership’s network
  • 70% of dealers are not up to date on their anti-virus software, leaving consumer data at risk of being exposed during a cyber-attack

A data breach can hit businesses with less than 1,000 employees, with disproportionately higher costs, compared to organizations with 25,000 or more employees. Breaches of smaller organizations cost an average of $2.65 million or $3,533 per employee.

Why are auto dealerships attractive targets for cybercriminals?
Dealerships have become very attractive targets for cybercriminals because they have several key potential vulnerabilities that potential thieves can exploit:

  • The data dealers possess represents a treasure of information to hackers. Dealerships store large amounts of confidential, personal data, including financing and credit applications, customer financial information, and home addresses.
  • Some dealerships lack basic cyber-security protections and use outdated systems and/or software. Unsecure networks can act as gateways to stealing information.
  • In addition, dealership systems are often interconnected to external interfaces and portals, such as external service providers.
  • Finally, dealership employees may lack training in the most frequent cyber-attack phishing scams. Phishing campaigns and ransomware attacks have seen big increases, with email and other communications aimed at tricking users into opening malicious attachments or, in some cases, making wire transfers on behalf of their company.

More than 90% of cyber breaches start with phishing or social engineering campaigns.

Assessing your exposure and managing the risk
Dealers must be diligent in cyber protection and response capabilities. Building resilient systems is the best preparation for the next cyber-attack. Taking a multi-department approach that includes strengthening protections and educating employees on the scope of the threat can thwart efforts to break into dealership networks.

The National Institute of Standards and Technology (NIST) established its Cybersecurity Framework in 2014, in response to a 2013 executive order. The framework is aimed at reducing risk to critical infrastructure and is a great resource dealers can use to identify risk and protect operations prior to a cyber incident, as well as detect, respond and recover should an incident occur.

National Institute of Standards and Technology (NIST) Cybersecurity Framework


Steve McLaughlin is Area Sales Manager in Philadelphia for Zurich North America. He can be reached at 610.716.2609 or via email at