Auto Dealerships Face Growing Cybersecurity Threats, New Report Reveals

A startling 21% of automobile dealerships reported cyberattacks in the past year, as digital transformation outpaces security readiness, according to the CDK State of Dealership Cybersecurity 2025 report released Tuesday. Despite 90% of dealers rating cybersecurity as "very or extremely important," only 48% feel confident in their protections.

The findings expose a troubling reality for an industry increasingly dependent on connected vehicles, cloud-based management systems, and digital workflows. As dealerships store valuable consumer data including financial records, Social Security numbers, and driver's license information, they've become prime targets for sophisticated attackers seeking high-value payloads. This situation mirrors challenges faced by many small and medium businesses struggling with cybersecurity implementation and budget constraints.

Evolving Threats and Declining Security Readiness

Ransomware and phishing dominate the threat landscape for dealerships, with 67% reporting ransomware and 66% identifying email phishing as top concerns. PC viruses and malware jumped to the third most common threat (46%), up from fifth place last year.

More concerning is the decline in employee cybersecurity training, dropping from 80% of dealerships offering staff training in 2024 to just 70% in 2025. Thirteen percent of dealerships provide no cybersecurity training whatsoever, while inclusion of security topics during new-hire orientation has decreased.

"No matter how strong the systems are, people can still be tricked. Phishing and social engineering continue to get through," one dealership leader stated in the report.

The sophistication of attacks continues to evolve, with threat actors employing highly targeted social engineering techniques. Attackers are now impersonating employees, spoofing bank phone numbers, and embedding malware in fake job applications. Some dealerships reported phishing emails disguised as communications from the U.S. Social Security Administration, demonstrating how adversaries are customizing attacks for the automotive retail environment.

Despite these escalating threats, dealership cybersecurity budgets remain modest:

• 3–5 rooftop operations spend approximately $1,765 monthly
• Larger dealership groups (11+ locations) spend about $1,916 monthly
• Most allocate less than 5% of operational budgets to cybersecurity

These figures place cybersecurity spending below advertising, customer relationship management systems, dealership management system licensing, and even printing costs – a dangerous misalignment given the valuable data at stake.

Industry Comparison and Benchmarking

To put these findings in perspective, the retail industry as a whole spends an average of 6-8% of IT budgets on cybersecurity, according to recent Gartner research. Auto dealerships falling below this benchmark may find themselves particularly vulnerable, especially considering the high value of the customer data they maintain.

Third-party Vulnerabilities Create Additional Risk

The report highlights significant dependency on external providers, with 56% of dealerships using both an internal IT manager and a managed service provider (MSP) for cybersecurity. More than half employ between two and four different providers, with some using as many as eight.

This complex web of third-party relationships creates additional attack vectors, as evidenced by the massive 2024 CDK Global outage that affected dealerships nationwide. Attackers increasingly target MSPs to gain access to multiple dealership networks simultaneously – a strategy that maximizes their impact while minimizing effort.

"Attackers go after vendors because dealerships have fewer internal controls," the report notes, identifying third-party weaknesses as "the fastest path in" for cybercriminals.

Small and medium-sized dealerships face particular challenges as they often lack dedicated security personnel to manage these vendor relationships effectively. As with comprehensive business data protection strategies, dealerships must implement strict vendor assessment protocols to mitigate this risk.

Supply Chain Security Considerations

The automotive industry's extensive supply chain presents unique cybersecurity challenges. Parts suppliers, logistics partners, and software vendors all represent potential entry points for attackers. Dealerships should consider extending their security requirements to these partners, particularly those with direct access to dealership networks or data.

Practical Security Improvements for Dealerships

The report outlines several priority areas for dealerships seeking to strengthen their security posture:

1. Continuous security awareness programs – Implementing quarterly simulations, new-hire training, and phishing tests customized for the automotive industry

2. Zero Trust access – Establishing network segmentation between sales, finance, service departments, and guest Wi-Fi

3. Multi-factor authentication – Deploying MFA across all critical systems, especially dealership management systems, CRM platforms, and payroll access

4. Vendor risk management – Developing formal protocols for vetting and monitoring the security practices of technology partners

5. Modern endpoint and email security – Implementing endpoint detection and response (EDR) solutions and advanced email filtering

6. Incident response planning – Creating response plans tailored to dealership-specific workflows including sales operations, service scheduling, and loan applications

Currently, only 48% of dealerships have a formal incident response plan in place – a significant gap that could lead to extended downtime and higher recovery costs following an attack.

Customer Data Protection Strategies

Given the sensitive financial and personal information collected during vehicle transactions, dealerships should implement specialized e-commerce security measures to safeguard customer data. This is particularly important for dealerships with online sales platforms or digital financing applications.

Key protective measures should include:

• Data minimization policies that limit collection to only essential information
• Encryption of sensitive customer data both in transit and at rest
• Regular security audits of customer-facing applications and portals
• Compliance verification with relevant regulations like GLBA and CCPA

How to Use This Information

For dealership owners and managers, this report serves as a wake-up call to reassess security priorities. Consider conducting a security assessment that specifically addresses the vulnerabilities highlighted in this report, particularly around employee training and third-party risk.

For consumers, understanding the cybersecurity challenges facing dealerships might prompt more questions about how your personal and financial data is protected during vehicle purchases. Don't hesitate to ask dealers about their security practices before sharing sensitive information.

For security professionals supporting the automotive retail sector, the report offers a roadmap for where to focus resources – particularly on employee awareness programs, which show concerning decline despite their critical importance in preventing social engineering attacks.

As one security expert put it, the automotive retail sector is experiencing its "Target moment" – referring to the retailer's massive 2013 data breach that transformed cybersecurity across the retail industry. Whether dealerships will respond with similar urgency remains to be seen.