Seventy five percent of dealers who updated their security policies to meet the FTC’s June 2023 compliance deadline are already seeing vast improvements.
Data privacy is a critical factor to continued success for dealers in 2023, but a new study from CDK Global reports that 17% of dealers admitted to having experienced a cyberattack or data security incident in the past year alone. As staggering as that nearly 1-in-5 claim is, the general assumption among data experts is that the real number is much, much higher, with cybercriminals evolving the methods they use to steal customer and client data by exploiting vulnerabilities many dealers didn’t even know they had. So, what’s to be done? We’re glad you asked.
In Dealers + Data Privacy Part 1, we discussed using the FTC Safeguards Rule as a prescription to help get your data in order. In this article, we’ll look at one tool that can help dealers do that while, at the same time, helping them buy sufficient cyber insurance coverage to navigate future threats.
Understanding Your Assets
More than 60% of known cybersecurity breaches were fundamentally due to known software vulnerabilities in which a patch was available through a software update, but that the update had not been applied. That’s according to a report from Ohio University based on data collected by the Ponemon Institute — an independent research group dedicated to advancing the responsible use of consumer information and data privacy management practices within businesses.
So, why is software not being updated? In dealers across North America, the answer is often as simple as: “We didn’t know we had that.”
“As dealerships get acquired and consolidated, their technology stack can get shuffled around in pretty significant ways,” explains Dirk Shaw, one of the co-founders of SecondSight.ai. “Things can get lost in that shuffle, I.T. departments can experience turnover, contracts can get canceled, etc. and any one of those scenarios can lead to an update being missed.”
That’s one of the reasons we recommend SecondSight to auto dealers. “This solution was developed, first and foremost, to help businesses obtain cyber insurance coverage,” explains Tim Hayden, CEO of Brain+Trust. “As we learned more about the tool, we realized that SecondSight’s Digital Asset Inventory, Risk Scoring, and ‘always-on’ vulnerability monitoring features could be of great value to dealerships and other “financial institutions” months after using the software for its originally intended, for obtaining cyber coverage.”
The Digital Asset Inventory feature of SecondSight monitors all of a dealership’s digital assets, all the digital tools and platforms it’s using, from a single workbench, enabling the dealer principal or GM to delegate responsibility for each asset to a specific person at the store (for example: payroll software to the HR manager, social media apps to the internet manager, etc.), making the store’s technology stack more manageable on a day-to-day basis while automagically creating a “virtual binder” to make migrating from one I.T. manager (or contractor) to another a smooth operation.
“The auto industry had a 46% staff turnover in 2022, and 2023 won’t be much better. That’s why any tool that can help manage data access and easily transition management to new I.T. staff is worth its weight,” offers Tim. “And, of course, having adequate cyber coverage is more important than ever.”
By The (Scary) Numbers
“Data theft and extortion has skyrocketed in the past four years,” reads the CDK Global report titled ‘DRIVING INTO DANGER: CDK GLOBAL 2023 CYBERSECURITY REPORT REVEALS RISE IN AUTO DEALERSHIP CYBERATTACKS‘. That same report claims that the average cybercriminal’s financial payout dramatically increased from “just” $44,000 in 2019 to a whopping $740,144 in 2023 — and the dealers are scrambling, both to secure their customer information and obtain cyber insurance coverage, as well.
“Unfortunately, it is no longer a matter of ‘if’ but ‘when’ a cyber breach arises (at a dealership),” explains David LaGreca, senior vice president and general manager of IT Solutions at CDK Global. “Having the necessary preventative measures in place, along with a trusted partner to manage I.T. infrastructure, can help minimize a dealership’s [financial] impact when an attack does occur.”
It’s Not All Bad News
Instead of looking at FTC compliance as an obstacle to overcome and focusing on the negative aspects of cyber-attacks, remember that a proactive approach towards FTC Safeguards Rule compliance can result in more confident operations and compliance, providing direction for data management such as CDPs and artificial intelligence, better data governance leading to more impactful marketing success campaigns, reduced customer acquisition costs, and ultimately sales growth. As we said in Dealers + Data Privacy Part 1, data regulations are a prescription for getting your data in order, enabling you to more fully understand the true lifetime value of your customers, build more trust, and increase sales.
Click here to find out more about how Brain+Trust leverages tools like SecondSight to help your dealership secure the best possible cyber insurance coverage, and come back for Part 3, where we’ll look at some of the ways the best CDPs can help your dealership improve both fixed and variable operations and dramatically increase your return on ad spend.
ORIGINAL CONTENT FROM BRAIN+TRUST.