Subscribe to a WardsAuto newsletter today!
Get the latest automotive news delivered daily or weekly. With 6 newsletters to choose from, each curated by our Editors, you can decide what matters to you most.
Steering Clear of CyberthreatsSteering Clear of Cyberthreats
Last year’s CDK cyberattack was a wake-up call for dealerships, experts say.
2 Min Read
Cybersecurity pros are critical to modern dealerships, experts say.Getty Images
Car dealership information-technology staffers are rarely cybersecurity pros, too.
Expecting them to take on that additional, specialized role is asking – and risking – a lot, says Erik Nachbahr, founder and president of Helion Technologies, a cybersecurity firm.
It’s one thing to be an IT staffer – an important dealership job tasked with keeping the store’s computer systems up and running.
But a cybersecurity professional has more advanced skills, says Nachbahr, who has worked with dealerships for 30 years and counts 1,000 of them as clients.
“Building your own cyber team is costly and difficult,” he says.
“Most people on the tech side are IT people, not security people. We’ve seen dealers dabbling in cybersecurity. Don’t try to build your own security team. It’s difficult and costly.”
Cybersecurity pros, who earn about $130,000 annually on average, have become a necessary expenditure for modern dealerships. They potentially save dealerships millions they might otherwise payout during a cyberattack.
The Federal Trade Commission’s enhanced Red Flag Rules require dealerships to take concerted steps to guard against hackers trying to steal customer data, especially financial information. But some dealers do a better job of protecting data than others.
Botdoc, a secure file transfer and identity verification provider, says its 2025 Auto Dealership Cybersecurity Survey shows gaps in dealership preparedness.
The report says that while some surveyed dealerships use basic security measures such as antivirus software and firewalls, they lack more advanced protection.
Nearly 20% of polled dealerships have been victims of data breaches or cyberattacks, the report says. More than 40% aren’t sure if they have been compromised.
Auto-retailing cybersecurity was pushed into the forefront with last year’s major CDK Global hack attack. It affected thousands of the software and data company’s dealer clients.
It was “a wake-up call,” says Botdoc CEO Karl Falk.
“Cyber protection demands a combat-like mindset,” says Terry Dortch, founder and CEO of Automotive Risk Management Partners.
“It means bringing smart weapons to the front lines to protect digital assets. Invasive data missiles are launched every second against organizations like dealerships.”
Nachbahr cites common dealership cybersecurity pitfalls – and how to avoid them. Among them:
Chasing magical solutions. “The only thing that works is developing, implementing and maintaining a comprehensive information security program to safeguard customer data,” he says.
Cobbling together different technologies. That can lead to security breaches, compliance issues and reduced productivity. In that respect, Nachbahr quotes management consultant Peter Drucker, who said, “Nothing is quite so useless as doing with great efficiency what should not have been done.”
Getting lost in a jungle of Software as a Service (SaaS) licenses. Those are subscription-based rather than one-time fees from vendors. “Dealers are over-licensed,” Nachbahr says. To defray costs, dealers, in many cases, should extend access to particular software to management. “One client was spending $1,000 a month on licenses it didn’t need. It adds up.”
Failing to remove former employees’ access to systems. That seems obvious. But Nachbahr tells of a large dealership with 400 ex-employees who still had system access.
About the Author
You May Also Like