Login
Login
MidAtlantic IADA- (717) 238-9002
- Mon-Fri 8:30am-4:30pm
04
December
2024
Dealerships Unprepared for Cybersecurity Breach
Following a recent cybersecurity breach, most auto dealerships are now less willing to rely on their Dealer Management Systems (DMS) for handling sales and finance processes, citing concerns over cybersecurity vulnerabilities. Although dealerships are more focused on protecting customer data, many still lack comprehensive vendor security assessments and feel only moderately prepared for future breaches.
The majority of auto dealerships are less likely to want their DMS to handle most of their sales and finance processes today than they were before the recent CDK security breach, according to a new snapshot survey of auto dealers from automotive fintech innovator eLEND Solutions. And, while auto dealerships are concerned about cybersecurity vulnerabilities, the survey reveals a disconnect between these concerns and current security measures: most auto dealership respondents report that they are not feeling fully prepared for future cybersecurity breaches.
“Last June’s cybersecurity breach severely disrupted operations across more than 15,000 car dealerships and was the ‘canary in the coal mine’ for even more destructive cybersecurity events in the future,” said Pete MacInnis, founder and CEO, eLEND Solutions. “This survey underscores that today’s dealerships are increasingly worried about protecting customer’s PII but lack confidence in the security provided by their vendors, or the measures to fully protect their single system platforms from future cyberattacks.”
The snapshot survey, which was fielded online by eLEND Solutions among US auto dealers in September 2024, found that 86% of auto dealerships surveyed rely on a single system for managing critical operations such as Sales, Finance, Service/ Parts, Inventory, Accounting/Payroll, but that, after the recent cybersecurity breach, 76% are less likely to want their DMS (Dealer Management System) to handle their Sales and Finance processes, agreeing that diversification could be beneficial and reduce risk.
Consumer PII (personally identifiable information), and vendor protection of that data is a specific concern of the auto dealers surveyed, with 62% of respondents saying that the cybersecurity of customer’s PII is much more important in their process for evaluating and selecting vendor partners today than it was two years ago.
To that end, 93% say that vendor partners who have access to their consumer PII data should be required to provide information security protection, assessments. Astonishingly, however, most do not have those security assessments in place, with only 8% saying all, or nearly all, of their vendors provide them.
Not surprisingly, when asked about the cybersecurity threats that worried them the most, ‘Data Breaches’ topped the list, followed closely by ‘Phishing Attacks’. And, although the vast majority of dealerships, 95%, say they have a documented cybersecurity policy in place, 58% say they are only somewhat, or not very prepared to manage a potential cybersecurity breach in the future.
“It is not a question of if, but when, the next serious cybersecurity breach will happen – and being partially protected, like the majority of dealers in our survey, is really not being protected at all. But it is not a problem one dealership or one vendor can fix, nor is it just an infrastructure hardware/ software issue, or just a DMS issue,” continued MacInnis. “The good news is that we can mitigate most risks if we are vigilant and come together as an industry to solve it - and that means vendor security assessments checked and double checked, ironclad compliance and data safeguards, full integration of all touchpoints as data moves across processes and workflow - from the initial point of the customer journey to its end.”
