The State of Dealership Cybersecurity
Cyber Crime at a Glance 2020
11 Sec
91%
71%
Why cyber criminals target dealerships
Think of all the data that’s collected and stored at your dealership.
The customer names, addresses, email addresses, and phone numbers in your CRM; the bank information and social security numbers collected by your finance and insurance departments; your employees’ usernames and passwords.
Your day-to-day operations require you to gather and store private information for thousands if not tens of thousands of customers and employees.
In other words, your dealership is a data goldmine for cyber criminals. And sometimes, all it takes to gain access to this data is a simple email phishing attack. Why wouldn’t you be a target?
So who’s behind these attacks? When you imagine a cyber attack, do you think of a teenager hacking into someone’s server out of boredom? If so, you’re grossly underestimating today’s cyber criminals.
The truth is, you’re up against some tough characters. The people who want to exploit your data security weaknesses are much more sophisticated than you might think.
Most “hackers” today are employees of large multinational crime organizations, some of which are state-sponsored. Around the world, smart and tech-savvy people are being lured by the promise of huge salaries.
Entry-level cybercriminals make about $40,000 per year (which is an excellent salary in many countries). But the real payoff comes with experience, with seasoned cybercriminals raking in $1-2 million per year.
Read full articleIn most cases, dealerships aren’t doing nearly enough to protect themselves.
Rather than spending the necessary resources to expand their security controls and policies, many dealers just ignore the problem or cross their fingers. They still see cybersecurity as an expense to be controlled, and that means they’re leaving their businesses vulnerable to cyber attacks.
How cybersecurity can affect dealer reputation
When your dealership is left open to a data breach, there’s obviously time and money at stake — it takes resources to respond to and recover from a cyber attack.
But you’re also risking something else: your reputation.
Most dealerships sell the same vehicles at similar price points, so when consumers need to choose between dealerships, reputation is one of the only differentiators.
And if you think customers don’t care about a data breach, think again: 84% of consumers say that they would not purchase another car from a dealership whose data has been compromised.
If your dealership were to experience a data breach, word would get out fast. Between online reviews and social media, customers can communicate with one another quicker than ever. Your reputation could take a huge hit.
This means that just one data breach could sink your dealership.
Here’s just how important reputation is for dealerships:
Dealer data privacy and compliance
We’ve talked about time, money, and reputation, but there’s another thing at stake in the event of a cyber attack.
Due to new data privacy legislation, a data breach could lead to legal trouble, including fines and/or lawsuits.
Laws such as the CCPA in California, the SHIELD Act in New York, and the Data Protection Act in Ohio have already been passed, and there’s also a federal consumer data privacy act in the works.
Luckily, many of these dealership privacy laws require similar things, including baseline cybersecurity controls. By implementing these controls now, you can be prepared for new and evolving regulations.
Over 150 consumer data privacy bills were introduced in U.S. state legislatures across at least 25 states in 2019 alone. More bills are expected in 2020
U.S. data privacy regulations
*Map updated February 2020