“From ransomware to data breaches, dealerships are experiencing an unprecedented number of cybersecurity concerns. Protecting your data has never been more important,” says a new report from CDK Global.

Dealerships may not even be thinking of cybersecurity, with issues such as the lack of vehicle availability weighing them down. However, walk into a dealership today. You may still find inventory car keys in a drawer or an unsecured cabinet even though companies like Keycafe provide secured key storage and access. Securing data isn’t top of mind if a dealership or fleet company doesn’t plan to prevent key theft.

Theft of any kind disrupts business and damages profits. But, as the CDK report states, IT-related interruptions can cost a dealership’s reputation and bring lawsuits because customer data hasn’t been secured.

Immediate actions can help

Although protecting dealership data from ransomware can seem overwhelming, there are some immediate steps that dealers, or any business, can implement.

Related: Is your dealership vulnerable to a cyber attack? Tiffany Simonsen weighs in.

First, update and patch your operating system

Not every dealership has an IT department, and computer operating systems patches will pile up. They often take time to update and will stop the flow of work if done during the day. Updating operating systems may require a significant amount of capital funds, but updates and patches are essential to protecting data. The CDK report says hackers are on the lookout for unpatched systems. And only 63% of dealerships have their systems updated.

Back up data

dataIt’s simple, but few companies do it well. Backup system data and customer data every day and at different times of the day. Keep the backups offline and test them regularly to make sure data isn’t corrupted. Some companies, like CDK, IBM, and Rubrik, will backup and store your data online and give you the ability to restore it to a known point in time. This type of service is essential when recovering from cyberattacks, ransomware, or even mistaken data deletion.

Have a response plan

Do you know what your plan is, should you have a cyberattack? The CDK report says, “only 27% of dealers have a plan and of those dealerships who do, only 45% have their networks segmented.” Those dealerships have opened the door to hackers with no way of ever getting their data back.

Dealers who update their systems, back up their data, and have a response plan are well on the road to security. Testing those plans regularly by a third-party intrusion test will give dealerships peace of mind and help discover vulnerabilities.

The cost of doing nothing

It’s easy for a dealership to say it’s not part of a massive dealership network, so no one will attack it. But unfortunately, hackers take the low-hanging fruit first. And when that’s you, expect at least 16 days of downtime because of a ransomware attack. According to CDK, the average payout to thieves now averages $220,298, and, worse yet, 84% of customers say they would never go back to buy another vehicle once a dealer has compromised their data.

If dealers don’t create a plan, a hacker already has one for them. Recovery, however, isn’t part of it.

Did you enjoy this article from Steve Mitchell? Read other articles on CBT News here. Please share your thoughts, comments, or questions regarding this topic by submitting a letter to the editor here, or connect with us at

Be sure to follow us on Facebook and Twitter to stay up to date or catch-up on all of our podcasts on demand.

While you’re here, don’t forget to subscribe to our email newsletter for all the latest auto industry news from CBT News.