“Dealership cybersecurity” probably sounds like a never-ending to-do list filled with confusing jargon, expensive tools, and compliance checkboxes. It’s easy to feel buried under what the experts from the Center for Internet Security (CIS) call “the fog of more.” More threats, more rules, more tools, more noise — and not enough clarity on what actually matters.

Here’s the good news: most cybersecurity problems can be prevented by focusing on just a few key actions that deliver most of the protection. That’s where the Pareto Principle — also known as the 80/20 rule — comes in.

The Pareto Principle says that 80% of results come from 20% of effort. Applied to cybersecurity, it means that the majority of attacks can be prevented by focusing on the small number of actions that make the biggest difference. CIS built its CIS Controls framework around this idea — a prioritized list of actions any organization (including dealerships) can use to dramatically strengthen defenses.

But Here’s the Catch…

The Pareto Principle makes perfect sense — but most dealerships don’t actually follow it.
Why? Because the “fog of more” gets in the way. There’s so much noise, so many products, so many supposed “must-haves,” that dealership IT and cybersecurity teams often spread themselves thin across dozens of small tasks instead of focusing on the few that really matter.

And let’s be honest — many dealership managers simply assume this is being handled. They place responsibility for IT and cybersecurity somewhere (maybe a vendor, maybe an internal person) and trust that it’s taken care of. But the reality is that technology is now mission-critical to selling and servicing cars and trucks. It’s no longer something you can afford to ignore.

That means managers need to be more curious — to ask better questions about how cybersecurity is being handled. A great way to do that is to use the Pareto Principle as your guide:
Is your team focusing on the 20% of actions that deliver 80% of your protection? Or are they buried in the 80% that doesn’t move the needle?

What That 20% Looks Like

CIS calls out the First 5 Controls as the foundation of strong cyber hygiene. Here’s what those look like in plain English:

1. Know what’s on your network. You can’t protect what you don’t know you have. Keep an accurate inventory of every device — laptops, tablets, phones, even printers.
2. Know what software is running. Only allow approved software. Random downloads are one of the easiest ways malware sneaks in.
3. Lock down system settings. Default settings favor convenience, not security. Reconfigure systems using industry-approved standards.
4. Patch and update regularly. Hackers love outdated software. Use automated tools to apply updates and fix vulnerabilities fast.
5. Limit who has high-level access. Only give admin privileges to people who truly need them — and monitor how those accounts are used.

Why This Matters for Dealerships

Cyber threats might seem technical or abstract, but they directly impact your ability to sell cars, service vehicles, and earn customer trust. Most breaches don’t happen because of brilliant hackers — they happen because of overlooked basics like weak passwords or unpatched systems.

So take a step back and ask yourself:
Is your dealership’s cybersecurity strategy focused on the vital few, or scattered across the trivial many?  Do you know which of those “few” things your IT and cybersecurity teams are prioritizing?

You don’t have to be an expert to lead with confidence — you just need to be curious. Use the Pareto Principle as your guide to start asking the right questions and ensure your team is focusing on the things that truly protect your business.