Two years after General Motors hired its first Chief Product Cyber Security Officer the auto industry released its first ever cybersecurity best practices guide. With the cybersecurity threat expanding rapidly we have to ask ourselves…what’s next?

Cybersecurity is a well-known threat, especially to the auto industry. It is not only the auto dealer’s internal operational and financial systems, but the cars themselves, that pose a cybersecurity threat. As reported by Forbes, it is expected that by the Mid-2020s all new vehicles will have data connections. We have seen significant communication advances between manufacturers and cars. Current products exist where auto dealerships can download and monitor activity of their customers’ vehicles on a real time basis. Faced with statistics like this, now is a more critical time than ever, to take steps to get ahead of hackers.


The rising state of autonomous connected vehicles has made cybersecurity a huge issue in the auto industry. Realizing this threat, the auto industry released their first ever cybersecurity best practices guide in 2016. In this guide the Automotive Information Sharing and Analysis Center (AUTO-ISAC) identified seven key areas where dealers should narrow their focus; governance, risk management, security by design, threat detection and protection, incident response, awareness and training, and information sharing and collaboration. Although challenging, there are steps that auto dealers can take to get and stay ahead of hackers.

Understanding the Unique Financial Nature of the Auto Industry

Challenges and Risks

The nature of the digital age is founded in constant evolution. Which means that security risks are constantly changing, and increasing at an alarming rate. This requires auto dealers to be proactive and adaptable allowing for fraud detection, 24/7 monitoring, and real-time risk assessments. 

Examples of risks specific to dealerships:

What can you do to manage cyber security risks?

A dealership needs to make sure that its cybersecurity efforts are coordinated throughout its entire operational / financial system(s) with a top down approach. As recommended by the National Cyber Security Alliance, a top down approach requires corporate management to lead prioritization of cybersecurity practices. Other ways to mitigate a date breach / cyber security attack: 

  1.  Identify the most valuable information you collect from your customers, and the threats and risks facing that information, and their probability of occurrence. 
  2. Assess the damage your dealership could incur if customer data was lost or wrongfully exposed, and your ability to recover.
  3. Proactively detect any infamous activities on your network. 
  4. Dealerships should continuously monitor their exposure to risk. Information regarding employees, customers, suppliers contractors, etc. may all include sensitive information. What makes this data even more sensitive is how it is stored. When stored on removable media, mobile devices and hard drives it becomes easily transferable into the wrong hands. We recommend that our clients establish safeguards such as encryption and remote device wipe technology. 
  5. Conduct external penetration tests.
  6. Without a high level of user adoption the most robust cybersecurity program will be limited. We advise our clients on how to implement programs company-wide, so their employees understand the risks, their responsibilities and action that needs to be taken. 
  7. Make sure you understand what risk based scenarios your insurers will cover.


In today's world it is of critical importance that dealership management teams are proactively assessing the company’s current state of cyber security readiness including the ability to identify, protect, detect, respond, and recover from an incident.   For more information on how DKB can help view our Automobile Dealership services here.