FBI Warning: Dealership Cybersecurity Risks Are Rising

There’s a dangerous assumption that still exists in many dealerships: “We have cybersecurity tools in place — we’re probably fine.”

The latest data suggests otherwise.

The FBI’s Internet Crime Complaint Center (IC3) just released its annual report, and the numbers are hard to ignore. Cybercrime losses jumped 26% year-over-year, reaching a staggering $20.88 billion in 2025. That’s not theoretical risk. That’s real money, lost by real organizations — many of which believed they had protections in place.

And here’s what’s different now: AI is accelerating everything.

This Isn’t Just More Attacks — It’s Smarter Attacks

Cybercriminals have always been opportunistic. What’s changed is their efficiency and sophistication.

AI is giving attackers the ability to:

• Create highly convincing phishing emails in seconds
• Clone voices to impersonate executives
• Generate fake identities, profiles, and conversations
• Automate reconnaissance and attack planning

In the past, many scams failed because something “felt off.” Poor grammar. Strange phrasing. Obvious red flags.

That safety net is disappearing.

Today, a phishing email can sound exactly like your GM. A phone call can sound like your CFO. A vendor request can look completely legitimate.

And it’s all happening at scale.

The FBI reported more than 22,000 complaints tied specifically to AI-enabled cybercrime, with losses nearing $900 million. That number will grow.

Why Dealerships Are Squarely in the Crosshairs

Dealerships present a unique and highly attractive target:

• Large volumes of financial transactions
• Frequent wire transfers
• Sensitive customer data
• Complex vendor ecosystems
• Often decentralized operations across rooftops

This is exactly the kind of environment where Business Email Compromise (BEC) thrives — and BEC remains one of the largest sources of financial loss.

In fact, AI is making BEC dramatically more effective.

A criminal no longer needs deep technical skills. With tools like ChatGPT, they can:

• Mimic executive communication styles
• Draft convincing, context-aware emails
• Personalize messages using publicly available data

Layer in voice cloning, and now that same attacker can follow up with a phone call that sounds like your leadership team — applying urgency and pressure to push a fraudulent transaction through.

This isn’t hypothetical. It’s already happening.

The Bigger Shift: Automation of Cyberattacks

Perhaps the most concerning development isn’t just better phishing — it’s the automation of entire attack chains.

AI agents are now being used to:

• Scan environments for vulnerabilities
• Identify weak credentials
• Map out network structures
• Launch attacks with minimal human involvement

In other words, attackers are starting to operate more like security teams — but at scale, and without limitations.

This lowers the barrier to entry. Less skilled attackers can now execute more advanced attacks. And experienced attackers can move faster than ever before.

The result? More attacks, more often, with higher success rates.

The False Sense of Security Is the Real Risk

Here’s where this becomes especially relevant for dealerships.

Most dealerships today do have cybersecurity tools in place:

• Endpoint protection
• Firewalls
• Email filtering
• MFA

On paper, it looks solid.

But what we consistently see is this: tools that are deployed, but not fully configured, not actively monitored, and not continuously improved.

That creates a false sense of security — and in today’s environment, that’s dangerous.

Because AI-powered attacks don’t need a wide-open door.  They just need:

• A misconfigured setting
• An unpatched vulnerability
• A missed alert
• A compromised credential

And once they’re in, they don’t smash their way through systems… they log in and operate like a legitimate user.

What Needs to Change

This isn’t a “buy another tool” problem.

If anything, most dealerships already have enough tools.

What’s required now is a shift in approach:

1. From reactive to proactive
Security can’t just respond to alerts — it needs to anticipate and detect abnormal behavior in real time.

2. From deployment to management
Tools don’t protect you. Proper configuration, monitoring, and continuous tuning do.

3. From siloed efforts to integrated defense
IT, cybersecurity, and compliance must work together. Gaps between them are exactly where attackers succeed.

4. Back to fundamentals — executed consistently
Even in an AI-driven threat landscape, many attacks still succeed because:

• Systems aren’t patched
• Permissions are too broad
• Accounts aren’t properly secured
• Vulnerabilities remain unaddressed

AI doesn’t replace these fundamentals — it exploits when they’re ignored.

The Bottom Line

Cybercriminals are evolving faster than ever. AI is amplifying their capabilities, increasing the volume of attacks, and making them harder to detect.

At the same time, many dealerships are operating under the assumption that their current defenses are “good enough.”

That gap — between perception and reality — is exactly where risk lives.

The question isn’t whether your dealership has cybersecurity tools in place.  The question is:  Are those tools truly protecting you in a world where attacks are faster, smarter, and increasingly automated?

Because in today’s environment, confidence without validation isn’t security. It’s exposure.