Seventeen per cent of automotive retailers fell victim to a cyber attack or incident in the past year, a new study from CDK Global revealed.
The 2023 State of Cybersecurity in the Dealership Study, the company’s third annual report, was released as part of Cybersecurity Awareness Month. It indicates that the three main consequences of cyber attacks on dealership financials and operations are employee downtime (69 per cent), the need to replace or buy hardware or software (46 per cent), and a damaged reputation (31 per cent).
“Cybercriminals are increasingly targeting auto retailers utilizing sophisticated methods meant to appear from secure and trusted sources,” said David LaGreca, Senior Vice President and General Manager of IT Solutions at CDK Global, in a statement. “Unfortunately, human error can waylay the best-laid plans and put a dealership at serious risk.”
LaGreca added that employee awareness training should play “an integral role in a dealership’s plan to prevent potential cyber threats.”
CDK Global listed email phishing as the top threat of 2023, followed by lack of employee awareness and ransomware. In fourth place is PC Virus Malware, in fifth is theft of business data, and in sixth place is stolen/weak passwords. Number seven on the top threats for this year is vehicle cyber attacks.
The average amount a company must pay criminals to “deal” with the issue has also increased, from $44,000 in 2019 to $740,144 in 2023. The uptick from the first quarter of 2023 alone was 126 per cent.
“Dealers are left scrambling to secure customer information, resulting in an average 3.4 weeks in downtime and nearly a quarter of impacted auto retailers failing to retrieve the stolen data,” said the company.
The full report is available here.