OEM brand equity and dealer networks are both under threat from cyber criminals, who could exploit weak security systems to obtain personal customer information.
Research has found that nearly 85% of consumers would not go to a car dealership for the second time if their data had been compromised during their first visit. There is a
tangible cost to dealers of non-compliance. According to Max Zanan, President of compliance auditing firm Total Dealer Compliance (TDC), a lack of compliance costs dealerships an average of US$792,000 in lost profit.
The survey, the second by TDC, polled 200 consumers and 500 car dealers representing 20 brands across America. “As car dealerships continue to be a real target for cybercriminals, and with
fewer data-protection measures in place than most other industries, we set out to discover the effect this is having on a car dealership’s bottom line,” says Zanan. “Our report found that more than 70% of dealers are not up to date on their anti-virus software, and nearly a third of consumers lack confidence that their personal data is secure when purchasing a vehicle.”
TDC also found that only 30% of dealers employ a network engineer with computer security certifications, and 23% have a compliance officer. Customers care, according to the survey, which found that some 73% of consumers are more comfortable dealing with dealership staff that has completed compliance training and has certificates on display.
The survey’s other highlights include findings that nearly 85% of dealers have a contract with a third party vendor to handle more complex IT work. Only 25% of the dealers polled had hired a third party vendor to try and hack into their networks to test their vulnerability. More than 80% employ an IT engineer to handle basic day-to-day work. And more than 70% of dealers are not up to date on their anti-virus software.
From a consumer perspective, nearly 33% of customers are not confident in the security of their personal and financial data when making a purchase at a car dealership. And, just under 84% of consumers will not go back to buy another car from a dealership after their data has been compromised.
TDC says that dealerships should regularly conduct IT vulnerability scans, Windows security checks, provide online courses on networking, as well as implement a solid computer security policy. TDC conducts vulnerability scans by using independent “White Hat” hackers to discover a dealership's cyber vulnerabilities and based on those vulnerabilities discovered, create policy. “Car dealerships need to put procedures in place to help prevent cybersecurity attacks. We help dealers focus on social engineering and how not to fall victim to hacking,” says Zanan. “As ever, our report turns a spotlight on the hot topic of data security, revealing the necessity of having strict policies and procedures in place that are being adhered to by all employees to ensure consumer confidence and loyalty.”
TDC was launched in 2015 with a comprehensive solution to help dealers mitigate risks faced from both cyber criminals and proactive regulators, and also to create a compliance culture that will reduce exposure. The solution includes on-site compliance audits and an e-learning platform offering more than 20 online courses. Dealership staff completing courses and passing required tests receive TDC certification. By working with TDC, car dealers can be fully compliant with Federal regulations across sales, BDC, F&I, fixed ops, HR, and IT departments.
TDC’s Advisory Board includes auditors, attorneys, and automotive industry veterans whose sole mission is to protect car dealers’ interest and improve operations. TDC works closely with its Board to help car dealerships of all sizes by providing a variety of packages including:
“Federal regulators see car dealers as low hanging fruit, and every dealership is having internal meetings about regulations across all departments,” says Zanan. “TDC will improve the industry, benefit both dealerships and consumers, and help weed out all the bad apples.”