Cybersecurity threats are on the rise, with criminals becoming more sophisticated and targeting a wider range of industries. Between 2021 and 2023, data breaches increased by 72%, which is a record high (1), and the cost per breach was at $5.09 million per.
Auto dealerships being new to regulations and not having all the bases covered yet have become an ideal target for phishing scams, ransomware and cyber-attacks as they hold a wealth of sensitive customer data. “Cyberattacks continue to increase and our experience is that industries that are less prepared are more vulnerable.” said Jonathan Steenland, Co-CEO of ForceNow formerly the Chief Information Security Officer (CISO) at Fujitsu. “Ransomware attacks specifically are becoming more prevalent and increased by 68% year-over-year in 2023, affected companies experienced more than six days of downtime after the attack, and 40% paid a ransom of at least $1 million.” (1)
These numbers reflect only detected attacks. Many go unreported. Financial disruption, privacy violations, and business downtime are the most common outcomes. According to the FTC, “The Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.” This includes, among other things, encrypting customer information both in transit and at rest.
With any newly regulated industry it can take time for businesses to adapt to these changes. Companies can be averse to change due to the costs, risks, and disruptions associated with implementing new processes, technologies, or strategies, as well as potential resistance from employees.
“We see this in the other regulated industries we've supported over the last decade like Banking, Lending, Insurance, Investments, Healthcare and Education where some companies look at regulatory changes similar to the adoption of technological change,” says Botdoc CEO, KarlFalk. “Some companies ‘wait to see’ or only implement some protections, not all, and unfortunately that is the wrong approach when it comes to regulations, especially around security…for the company and the consumers' privacy.”
Dealerships are facing a do or die situation on two fronts. They must comply with the new cyber security regulation, and if not possible fall to investigations and fines by the FTC. In addition, dealerships must also realize the impact of non-compliance leading to a breach, exposure and weighing the cost of the trust of their customers and even lawsuits from private consumer groups. The U.S. government can no longer protect the U.S. consumer on their own from cyber criminals and must rely on industry to do their part.
Regulatory change must be a prioritized strategy as the lack of adhering can put the business at risk.
“Cybersecurity isn't a one-time fix or just checking the box approach. It's a forward-thinking roadmap, constantly adapting to the ever-changing cyber threats.” Says Steenland, “Instead of just reacting to problems, you need a proactive strategy that assesses your company's digital landscape for the next 2, 4, or even 6+ years. This ensures you're prepared for what's coming, not just what's already happened.”
This is why it is important to hire a Strategy Team to help mitigate risk in the business as well as assistance from trusted experts or professional organization who have worked in other regulated industries and know not just compliance but Cyber Security.
Companies like KPA and Botdoc are dedicated to providing solutions that can help dealerships safeguard data and maintain customer trust with a combination of solutions, such as training, simulated phishing attacks, vulnerability scanning, service provider assessments, information security programs, incident response programs, and more.
“The ultimate responsibility for protecting consumer information is on the dealership,” said Adam Crowell, Vice President of Legal and Corporate Development at KPA. “Whether the data is living on your systems and networks, or on the systems and networks of your service providers, it is your customers’ data, and you will need to ultimately report the data breach of your customers’ information if a data breach is confirmed, so this must be taken seriously,” said Crowell.
If a dealership thinks it won't happen to them…it's not a matter of if but when and the impact depends on if they were proactive and prepared, or not.
Join our exclusive webinar with KPA to gain actionable insights and strategies from industry experts Adam Crowell with KPA and Karl Falk and Jonathan Steenland from Botdoc. Learn how to protect your dealership from cyber-attacks and ensure compliance with the latest regulations.
Register Now and take the first step towards safeguarding your business and maintaining customer trust.
References:
[1] https://www.cobalt.io/blog/cybersecurity-statistics-2024
For more stories like this, bookmark www.NADAheadlines.org as a favorite in the browser of your choice and subscribe to our newsletter here:
