CYFI Auto Logo

Here are the 9 steps that auto dealerships must follow under the FTC Safeguard Rule:

  1. Designate an employee to coordinate your dealership's information security program.
  2. Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks.
  3. Design and implement information safeguards to control the identified risks, including measures to:
    • Ensure the security and confidentiality of customer information
    • Protect against any anticipated threats or hazards to the security or integrity of such information
    • Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer
  4. Regularly monitor and test the effectiveness of the safeguards' key controls, systems, and procedures.
  5. Evaluate and adjust your information security program in light of relevant circumstances, including changes in your dealership's business or operations, or the results of security testing and monitoring.
  6. Train your employees on the importance of information security and how to follow the dealership's information security policies and procedures.
  7. Select service providers that are capable of maintaining appropriate safeguards, and require those safeguards by contract.
  8. Establish procedures for periodically obtaining written assurances from your service providers that they have implemented and are maintaining appropriate information security practices.
  9. Evaluate and adjust the information security program whenever there is a material change in your dealership's operations or business arrangement, including material changes to the services provided by service providers.
Download Full Report

Cyberattacks on auto dealerships have been on the rise in recent years. Auto dealerships are becoming increasingly digitized, and as a result, they are becoming more vulnerable to cyberattacks. Here are some statistics that demonstrate the rise in cyberattacks on auto dealerships:

The average cost of a data breach for an automotive dealership can vary depending on several factors, such as the type and scope of the breach, the size and location of the dealership, and the amount and type of data compromised. However, according to a 2020 report by IBM and the Ponemon Institute, the average cost of a data breach for the automotive industry was $4.5 million, which includes direct and indirect costs such as investigation, legal fees, lost business, and reputational damage. It's important to note that the cost of a data breach can be even higher for smaller businesses, such as individual dealerships, as they may not have the same resources or security measures in place as larger organizations.

According to a report by KPMG, auto dealerships are now one of the top targets for cybercriminals. In 2020, the auto retail industry was ranked as the third-highest industry in terms of the number of reported cyberattacks.

A report by Bitdefender found that automotive organizations were targeted in over 20% of all cyberattacks in 2020. This is a significant increase from the previous year, where automotive organizations were targeted in only 8% of all cyberattacks.

The National Automobile Dealers Association (NADA) has reported that over 80% of auto dealerships have experienced some form of cyberattack, with the most common being ransomware attacks.

A study by Juniper Research found that the total cost of cybercrime to the global automotive industry is expected to reach $11 billion by 2023.

These statistics demonstrate that cyberattacks on auto dealerships are a growing concern and that it is becoming increasingly important for auto dealerships to implement robust cybersecurity measures to protect themselves from these attacks.

Auto Dealership Cybersecurity Statistics That Will Drive You To Action

Auto dealership cybersecurity is crucial in today's digital age, with the rise of connected cars and the increasing use of digital technologies in the automotive industry. Here are some statistics that highlight the importance of cybersecurity for auto dealerships:

  • A survey conducted by the National Automobile Dealers Association (NADA) found that 84% of dealerships store sensitive customer information on their computer systems, making them a prime target for cyber attacks.
  • In a study by Synopsys, 35% of all vulnerabilities found in automotive software were classified as high or critical risk.
  • The FBI's Internet Crime Complaint Center (IC3) reported that auto dealership fraud was responsible for $34 million in losses in 2018.
  • A survey by Cox Automotive found that only 54% of dealerships have a cybersecurity policy in place, and just 42% have conducted cybersecurity training for their employees.
  • The 2021 Verizon Data Breach Investigations Report found that the transportation industry, which includes auto dealerships, was the second most common target of cyber attacks (behind only the financial sector).
  • These statistics demonstrate the urgent need for auto dealerships to prioritize cybersecurity and take proactive measures to protect themselves and their customers. It is essential that auto dealerships implement robust security measures, such as regular software updates and employee training, to reduce their risk of a cyber attack and mitigate the potential impact of a data breach.

91% of all dealerships cyber-attacks come from phishing emails.

Phishing emails are fraudulent messages designed to trick individuals into revealing sensitive information, such as login credentials or financial information. It's important to be cautious and not provide sensitive information via email. It's always a good idea to double-check the sender's email address and to verify any requests with the appropriate company or department before acting. Here are a few examples of phishing emails:

"Urgent Request from a Customer" - This email may appear to be from a customer who is interested in purchasing a car and asks for sensitive information such as the dealership's credit card processor, payment processing procedures or even bank account details. The email may contain a sense of urgency or a request for an immediate response to try and catch the dealership off guard.

"IT Security Alert" - This email may appear to be from the dealership's IT department or an outside security company and may request that the dealership click on a link or download a file to install new security software. Once the link or file is opened, it could install malware onto the dealership's computer system, giving the hackers access to sensitive information.

"Manufacturer Recall" - This email may appear to be from a well-known car manufacturer and inform the dealership of a recall on a certain model. The email may request that the dealership click on a link to access more information, but the link could instead take the dealership to a fake website designed to capture login credentials or other sensitive information.

"Suspicious Account Activity" - This email may appear to be from the dealership's bank or financial institution and inform the dealership of suspicious activity on their account. The email may ask the dealership to click on a link to verify their account information or provide personal details such as social security numbers, login credentials or other sensitive information.

How CYFI Auto Can Help You

  • Perform a Cyber Security Risk Assessment
  • Mitigate Risk
  • Develop an Action Plan to comply with regulatory obligations to protect confidential data.

Speak with one of our experts today at 215-957-1650 and begin your journey to understanding how to safeguard your data.