Your dealership likely holds an extensive amount of sensitive data on your buyers – and, for that reason, cybercrime in the automotive industry is becoming increasingly worrying.

Dealership software and network security weaknesses, for example, continue to present open goals for cyber criminals seeking personal and financial information they can sell or use for fraudulent purposes.

In this article, we’ll take a look at why dealerships are such prime targets for cyber criminals, and what your dealership can do to protect itself – and your customers – amid ever-evolving threats.

Why Dealerships Are in the Cyber Crosshairs

Overall, cybercrime is expected to cost businesses up to $15.63 trillion, by the end of the decade. Within the automotive industry, worrying research claims that fewer than four out of ten dealerships are confident that they have enough cybersecurity protection in place. In addition, CDK Global’s Second Annual Global State of Cybersecurity Report claims that 84% of customers will boycott a dealer if their data is compromised.

The report makes for stark reading – with claims that dealerships are paying an average of over $228,000 to recover from ransomware attacks. It’s clear that firms need to do more to prevent such attacks from taking hold.

What Hackers Are After in Your Dealership

Hackers are attacking dealerships for the sensitive details they hold and process, such as addresses, employment data, social security numbers, and cardholder and bank data. What’s more, dealerships process large financial transactions – and because they handle significant amounts of money, they’re at high risk of attack from ransomware (software that locks down data until a ransom is paid).

On top of this, dealerships rely on complex software and systems to handle and process customer details and transactions. Therefore, there are many potential in-roads for hackers to exploit, especially if software isn’t regularly updated. Research shows that attacks on car dealerships are only increasing. By around September 2024 attacks reached a level around 155% higher than the yearly average.

However, to combat these increasing attacks, dealership owners need to understand the most common vectors and strategies.

Common Cyberattack Methods in the Automotive Space

Malware and phishing remain two of the most common cyberattack methods facing the automotive industry and dealerships in general right now. Phishing – which involves tricking personnel into giving up sensitive information through false links – is responsible for more than a third of data breaches, according to CDK Global.

Ransomware is perhaps the most worrying malware vector for car dealerships as we head further into 2025. These concerns have been exacerbated by a 2024 attack that CDK Global itself experienced in 2024, which led to 15,000 dealerships experiencing operational disruption.

Other threat vectors dealerships are at risk from include brute force attacks, where hackers force passwords by guessing millions of times to try and gain access to systems and databases. What’s more, dealerships are also at risk of attacks made upon the automotive supply chain, which relies on many complex moving parts and participating companies.

What Dealerships Can Do Right Now (That Doesn’t Break the Bank)

Car dealership owners can start to protect their data by thoroughly auditing passwords and user controls to prevent brute force attacks and take a strong stance to back up data regularly to ensure swift recovery. Dealerships should also take care to research and vet software providers for their security credentials, and work with companies on supply chains that have robust protocols in place to prevent attacks from reaching their infrastructures.

Beyond this, strengthening physical access control – such as by using scannable IDs and biometrics, where possible – can also help to prevent data theft. Multi-factor authentication, or MFA – where dealerships require users to pass at least two stages of security to access sensitive data – is also recommended. Training, of course, is always a must. With phishing being such a prevalent issue, it’s wise to ensure any personnel who handles sensitive information understands how to spot hoaxes and confidence tricks. It’s worth investing in, as research claims that training in phishing awareness can reduce human errors by up to 60%.

Investing in Long-Term Cyber Resilience

While the above tips can effectively help dealerships protect themselves from, and bounce back from, cyberattacks, it’s always wise to invest heavily in cybersecurity long term. This is especially true given the fact that attacks are not only increasing but are growing more sophisticated thanks to the rise of generative AI.

Investing in long-term cyber resilience, by partnering with a cybersecurity firm or team of professionals, ensures there is always a safety net on standby. Dealerships should also think carefully about running vulnerability scans and penetration tests, which help them to spot system weaknesses and fix up hidden problems fast.

Naturally, investing in cybersecurity long term will require upfront and ongoing capital. But, as we’ve explored above, the costs of losing data and reputation to cyber-attacks is likely to be much more costly in the long run.

Cybersecurity is a Competitive Advantage

Dealerships with strong security postures are much less likely to experience downtime, lose revenue, and lose face with customers. By proactively securing your company with professional testing and risk management, you can ensure you’re competitive against other firms that take security less seriously.

In 2025, it’s never been more important to invest in cybersecurity – regardless of the size of your dealership. Protect your customers, your revenue, and ensure you stay compliant with regulators, by working closely with security teams you can trust.

Related Stories:

• Why You Must Scrutinize Vendors’ Cyber Security
• Peopleware is an Often-Neglected Aspect of Dealership Cybercrime Prevention