Most Irish car dealership IT support partners agree it is not a matter of IF but WHEN the next dealership will fall victim to a cyber-attack involving malware, ransomware, social engineering, or other schemes.
Based on a CDK Global 2018 dealership cybersecurity study, 85% of internal and external IT support contractors and employees say their dealership was the target of a cyber-attack within the last two years, despite 67% of respondents being confident in cybersecurity efforts prior to the attack this overconfidence or view that they are a small Irish dealership and are unlikely to be a target can prove to be a costly false assumption.
Seven of 10 respondents said their dealerships invest in cyber-security measures. But more than 60% acknowledged their dealerships haven’t conducted a formal risk assessment to identify foreseeable internal and external cybersecurity risks, don’t conduct regular tests for security systems and processes failure or don’t have a formal process to respond to security incidents unique to the Irish motor trade.
Dealerships have been victims of cyber-attacks that can access sensitive information, such as dealership bank account numbers, routing numbers, login credentials, and customer credit card numbers, tax, and credit scores along with GDPR implications regarding client information such as internal and external email, client contact details and addresses lists.
In addition to potential legal actions and GDPR fines and court cases, a cyber-attack can jeopardise reputations and permanently drive away customers. In Irelands competitive car sales industry with clients in short supply at certain times of the year, and with high demands for payroll and overheads that can prove fatal for a multimillion-euro car dealership.
Typically, 84% of consumers surveyed said they would not buy another car from a dealership that experienced a data security breach with personal data.
Risk Mitigation
Below are steps Irish car dealerships can take to combat cyber-attacks:
- Conduct periodic security awareness training for all personnel this is best carried out by an external cybersecurity partner. Employee training is just as critical to the overall success of a cybersecurity policy as the actual hardware, software, and vendors providing the service.
- Perform a comprehensive Threat Vulnerability Risk Assessment, Irish dealerships need to determine what are there cybersecurity and data compliance weak points.
- Develop a top-down policy playbook to cover reported incidents and how to properly address and deal with them.
- Irish Dealerships need to determine and identify the risk and do this on a regular basis throughout the year, that can be difficult to dedicate time with a sales and customer service focused dealership that is why it is better to call in a reputable cybersecurity partner.
- Make sure to choose a cybersecurity partner that does not just sell cybersecurity products. These firms may push dealerships to purchase tools both hardware and software that may not be ideal for the dealership’s specific security issues or environment. They tend to focus on products and not on cybersecurity assessments risk mitigation and planning.
We can cover all car dealerships north and south of Ireland for more information on our Cybersecurity services and managed IT plans contact us today!