Cybercrime in Automotive… What You Need to Know

Published On: November 16th, 2022|Categories: Articles|4 min read|

Think about all the consumer data your dealership collects… names, phone numbers, addresses, work details, salary, social security numbers; financial details about their vehicle purchase; and even credit card information from service. The list goes on and on. This is what makes dealerships a prime target for cyberattacks. Let’s break down cybercrime in automotive.

How are dealerships being attacked?

  • Ransomware is the most common form of attack in automotive.
  • Email is the number one method for gaining access to a dealership’s network.

So what exactly is ransomware… It’s a type of malicious software that gets into the dealership’s network, encrypts and often steals data, and then demands a ransom payment in order to get it back.

Think about it, your sales people are answering online inquiries daily. They get an email; they respond without questioning it. That is their job after all. Your Business Office folks communicate with various lenders and vendors, receiving and making payments. Fixed Ops is no exception.

That’s what makes email such an easy and successful method. So how do hackers do it?

Hackers have become so sophisticated, they are actually able to get inside your network and monitor what’s going on. They identify a contact whom you email frequently, maybe you receive an invoice or report from them weekly. After months of monitoring from the inside, they will send you a message disguised as the typical email you get. It might have an attachment that looks like the invoice or report you typically receive, but as soon as you click it, a malicious download begins in the background.

Having the appropriate cybersecurity measures and employee training in place will determine how far into your network these hackers can get. Let’s assume you have very basic protection, and they are able to officially ransom your data… what are the consequences?

Real World Consequences to Automotive Cybercrime

  • The average ransomware remediation costs are $1,400,000.1
  • Business are down after a ransomware attack for an average of 21 days.2
  • 84% of consumers would not buy another vehicle from a dealership after their data had been compromised.3

You arrive at your dealership on a beautiful Thursday morning. It’s month end, and you’re excited because you have a truck full of inventory coming today – it’s the first time in weeks. But, you aren’t able to log in. You start receiving phone calls from employees who either can’t log in or have a strange message on their screens. Your entire dealership is down… you can’t sell or service cars, you can’t close deals, you can’t pay bills or accept payments.

The cost of this event could be days with no operations at all. Lost customers who go to another store for a vehicle purchase or service work. Angry customers whose vehicles are in for service, but they now can’t get them for days. Then once you finally do get back up and running, it’s a slow process, getting computers back online, getting your data off the back-ups that are hopefully current, and making sure everything is accurate.

Once the dust has settled, you can finally start to think about your reputation and the impact this will have on future business. Think of the customers you’ll have to notify, and the friends they’ll share this news with.

You might now be wondering, “How do I ensure this doesn’t happen?”

Protecting Your Dealership From Cybercrime

  • 30% of dealerships are not up-to-date on their security software.4
  • Only 21% of security professionals think their current security controls are adequate.5

The right cybersecurity program could be the make-or-break element in an event like this. It all starts with a strong perimeter firewall to protect your network.  Then, if something manages to get through your firewall, the next layer of protection is advanced email security that is able to identify and filter out suspicious emails. Additionally, if something does get through to email, a comprehensive system should alert the monitoring team so they can step in and take action if needed.

Taking it a step further, endpoint detection and response will protect each of the individual computers and mobile devices your team uses every day. To cap it all off, your employees should be trained to look for suspicious email triggers. They are your first line of defense.

Consider your dealership, the legacy that has either been passed down for generations or that you plan to one day pass down yourself. One cyberattack could change all of that. Protect your dealership, protect your legacy, before it’s too late.

1 Sophos, The State of Ransomware 2022
2 Coveware report,, Buckle up – automotive dealerships unprepared for cybercrime
3 Total Dealer Compliance
4 Total Dealer Compliance
5 Forrester Research, 2020

This article was first published in Auto Dealer Today magazine.



Let’s Talk

Together in your 20-minute free consultation, we’ll:

  • Discuss your current IT posture and goals
  • Review tactics you could implement today to improve your overall results
  • Discuss how Proton Dealership IT may be able to help or point you to valuable tools and resources

In order to effectively review your dealership and IT challenges prior to the call, please tell us a bit about you first.