Defending against cyberattacks: Top current risks for auto dealerships

Cybercrime has become an incredibly lucrative business for threat actors and hackers. The current risk picture for auto dealers reveals emerging cyber schemes as well as tried-and-true tactics cybercriminals continue to use. Here are some major risks and some guidance on how to best protect your dealership against cyberattacks.

Top current cyber risks for auto dealerships

1. Business email compromise (BEC)

This is cybercrime in which a scammer uses email to trick someone into sending money or divulging confidential company information. BEC scams pose a serious threat to the auto industry, as shown by a Maine man who lost nearly $20,000 in 2024 after receiving a convincing but fraudulent email with payment instructions that mimicked a trusted car dealership.¹

This case highlights how BEC scammers can closely imitate real communications within the automotive sector, tricking even vigilant individuals into wiring money to criminals. Always verify sender details and payment information before transferring funds, especially in auto transactions. In 2024, there were 21,442 complaints received by the FBI due to business email compromises.²

2. Ransomware

Ransomware is malicious software that encrypts data and systems, holding them hostage for ransom. In June 2024, CDK Global suffered a ransomware attack that shut down its software systems, disrupting thousands of car dealerships’ operations across North America. The incident halted sales and services, highlighting the serious impact of cyberattacks on essential business technology.³

Ransomware is among the most lucrative hacking tactics and will likely remain one of the greatest threats to dealerships of every size for the foreseeable future.

3. Third-party impacts

When a supplier, vendor, customer or other trusted third party falls victim to a cyber incident, it has serious downstream impacts.

In 2025, a ClickFix attack embedded into video browsers of an advertising campaign run by an automotive group compromised more than 100 auto dealership websites. Once clicked, a pop-up reCAPTCHA appeared and users clicked on it, allowing malicious code to be copied into the clipboard. Then the users ran a prompt given to them through CAPTCHA and the prompt executed, spreading malware.⁴

Cybercrime trends and predictions for the near future

Artificial Intelligence

AI presents a unique security risk, as its advanced capabilities can be leveraged by attackers to bypass traditional defenses or automate sophisticated cyberattacks. Recent studies show that AI-related security incidents are more costly. For example, IBM’s 2025 Cost of a Data Breach Report found that incidents involving shadow AI within an organization increased breach costs by $200,321 on average.⁵ Adversarial threats like data poisoning, model inversion, and prompt injection continue to grow, highlighting the importance of dedicated controls. As AI adoption accelerates, the risk landscape evolves, making it essential to recognize and address the vulnerabilities inherent in these powerful technologies.

Supply chain risks

With the advent of cloud migration, companies are increasingly incorporating third-party software solutions into their infrastructure. Many cybersecurity professionals are wary of the risks incurred by this decision, viewing supply chain/third-party risks as a top cyber threat to their organization. Recently, the World Economic Forum (WEF) included “software vulnerabilities introduced by third parties” as one of the five key risk factors stemming from supply chain interdependencies.⁶

Human error

Human error is expected to remain a major factor in cybersecurity threats. One study showed 60% of breaches in 2024 involved human error, with 22% of those stemming from social engineering.⁷ Phishing schemes — often conducted via fraudulent emails — remain among the most common types of social engineering attacks.

These attacks exploit the potential for human error by influencing workers into performing actions or revealing confidential information that can lead to security breaches. According to the WEF Global Cybersecurity Outlook Survey, respondents said over 40% of them have already suffered a successful social engineering attack in the past year.⁸

How can you defend your dealership against a cyberattack?

Top 10 cybersecurity controls

1. Encryption

A data-centric security strategy focuses on protecting data at rest, in transit, and in use, protecting your data when it’s on your network, sent anywhere within your network, or outside your company. This strategy encompasses elements of data discovery, access management, data protection, loss prevention, data governance and compliance.

2. Connected devices

Cybersecurity for operational technology (OT) and Internet of Things (IoT) is a field of study and practice to prevent the unauthorized access, manipulation, and disruption of OT and IoT devices/platforms. Cybersecurity programs for OT and IoT are commonly independent from IT cybersecurity programs, but many controls and objectives overlap. These devices can be very tough to protect because they were never designed to be networked. The most common solution for connected devices is segmentation of your network.

3. SOC monitoring

A Security Operations Center (SOC) is a centralized function provided to an organization that employs people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.

This function, especially those under-resourced, can be enhanced and achieve a higher level of effectiveness with the addition of artificial intelligence (AI).

4. Risk management

Governance, Risk and Compliance (GRC) is a structured way to align IT with business goals while managing risks and meeting all industry and government regulations. It includes tools and processes to unify an organization's governance and risk management functions with technological innovation and adoption. Companies use GRC to achieve organizational goals reliably, remove uncertainty, and meet compliance requirements.

5. Security and awareness training

Humans are the weakest link in any cybersecurity program. The purpose of security awareness and training is to educate users on how to identify, report and prevent potential cyberattacks such as phishing and other social engineering. A well-designed security awareness and training program uses a variety of delivery formats to create a strong security culture. These formats include, but are not limited to, mandatory training at hire and at least annually thereafter, regular phishing exercises, and periodic reminders.

6. Zero Trust

Zero Trust is a security framework requiring all users, whether on or off an organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture in order to obtain and maintain access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or follow a hybrid model.

7. Identity and Access Management

Identity and Access Management (IAM) is performed by implementing business processes, policies, and technologies to manage identities, roles, access rights, and authentication protocols. This includes those for users, administrators, third parties, etc., irrespective of location.

8. Cloud security

Cloud security is a collection of procedures and technology designed to address external and internal threats to an organization’s cloud-based resources. Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services as part of their infrastructure.

9. Email security

Email security is a term for describing different procedures and techniques to protect email accounts, content, and communication against unauthorized access, data loss, or compromise. Email is often used to spread malware, spam, and phishing attacks. Web security refers to the protective measures and protocols used to protect an organization from cybercriminals and threats that use the web channel.

10. Business continuity and disaster recovery planning

Though often used interchangeably, business continuity and disaster recovery are different processes with unique goals:

• Business continuity: Keeping critical business operations and functions running during a disaster.
• Disaster recovery: Restoring data and IT systems after a disaster.

Only by combining the two processes, along with a strong data backup strategy, can organizations comprehensively prepare for and limit the impact of a disaster.

Considering the wide-ranging cyber schemes and the number of controls and actions to be taken, it may be difficult to know where to begin to protect your dealership. Contact Zurich’s team of cyber risk specialists at CyberRE@zurichna.com for help getting started.

References

1. Lampariello, Dan. “Sophisticated wire scam targets Maine car buyer with 'spoofed' dealership email.” WGME TV, Portland, Maine. 31 July 2025.
2. Federal Bureau of Investigation Internet Crime Report 2024.
3. Grantham-Philips, Wyatte. “Car dealerships in North America revert to pens and paper after cyberattacks on software provider.” Associated Press. 24 June 2024.
4. Arghire, Ionut. “100 Car Dealerships Hit by Supply Chain Attack.” 17 March 2025.
5. IBM. “Cost of a Data Breach Report 2025: The AI Oversight Gap.” 2025.
6. Tuteja, Akhilesh. “5 risk factors from supply chain interdependencies in a complex cybersecurity landscape.” World Economic Forum. 31 January 2025.
7. Verizon Business. “2025 Data Breach Investigations Report.”
8. “Global Cybersecurity Outlook 2025 Insight Report.” World Economic Forum. January 2025.