Auto dealers look to increase security measures amid rising cyberthreats
With rising concerns of ransomware and phishing attacks impacting businesses across the U.S., nearly half of automotive dealers surveyed plan to increase their investments in cybersecurity in 2022, compared to only 24% of dealers that invested in security measures in 2020, according to a study by CDK Global, Inc., a leading automotive retail technology company.
“Meeting consumer demand for online automotive retailing while operating on an outdated framework can create a perfect storm for a cybersecurity breach,” said Joe Bell, vice president of IT Solutions and Global Network Architecture, CDK Global. “By adding protective layers of security through integrated visibility and monitoring tools, dealerships can mitigate their risk of lengthy downtime for data recovery.”
IT-related business interruptions can be costly errors for dealerships, impacting businesses an average of 16 days in lost revenue if targeted by a cyberattack. Recovering from a data breach and restoring a dealer’s reputation is both costly and time-intensive, and automotive retailers may fall prone to meeting cybercriminals’ demands to keep their dealerships running. In fact, recent data by ransomware specialty company Coveware shows that payouts by businesses nearly quadrupled from 2019 to 2020, jumping from nearly $44,000 to $169,000. CDK’s cybersecurity report highlights the need for dealerships to put necessary preventative measures in place to stem future incidents:
- While dealerships recognize there is an increased sense of urgency to prioritize cybersecurity relative to other operational areas (85%), only 49% believe they currently have adequate protection against cyberattacks.
- Employee email phishing remains the biggest perceived threat to dealer businesses (66%), but less than a third of employees have received formal security training on how to avoid it. Additional concerns include ransomware (48%) and malware (30%).
- A total of 65% of dealerships are regularly backing up data, system images and configurations and keeping the backups offline, but 73% are not testing their cyberattack incident response plan.
“Investing in modernizing aging security products, educating employees on increasingly sophisticated and frequent threats, and solidifying disaster recovery plans before an incident occurs can uphold a dealership’s reputation in the marketplace,” said Bell. “If an automotive retailer’s cybersecurity plan for prevention, protection and response is firmly in place, dealerships can focus on strengthening the consumer buying experience while building trust.”