eLEND Solutions survey: Majority of dealers not fully prepared for next cybersecurity breach
A new dealer survey from eLEND Solutions showed how much dealerships have changed their views about operational technology for financing and more in recent months.
The majority of dealerships are less likely to want their dealer management system (DMS) to handle most of their sales and finance processes today than they were before the recent CDK Global security breach, according to a new snapshot survey of dealers from eLEND Solutions.
And, while auto dealerships are concerned about cybersecurity vulnerabilities, the survey revealed a disconnect between these concerns and current security measures. Most auto dealership respondents reported that they are not feeling fully prepared for future cybersecurity breaches.
“Last June’s cybersecurity breach severely disrupted operations across more than 15,000 car dealerships and was the ‘canary in the coal mine’ for even more destructive cybersecurity events in the future,” said Pete MacInnis, founder and CEO, eLEND Solutions.
“This survey underscores that today’s dealerships are increasingly worried about protecting customer’s PII, but lack confidence in the security provided by their vendors, or the measures to fully protect their single system platforms from future cyberattacks,” continued MacInnis, who is among the industry experts and executives schedule to appear during Used Car Week, which begins on Nov. 18 in Scottsdale, Ariz.
The snapshot survey, which was fielded online by eLEND Solutions among dealers in September, found that 86% of dealerships surveyed rely on a single system for managing critical operations such as sales, finance, service/parts, inventory, accounting and payroll.
But after the recent cybersecurity breach, 76% are less likely to want their DMS to handle their sales and finance processes, agreeing that diversification could be beneficial and reduce risk.
Consumer personally identifiable information (PII) and vendor protection of that data is a specific concern of the auto dealers surveyed, with 62% of respondents saying that the cybersecurity of customer’s PII is much more important in their process for evaluating and selecting vendor partners today than it was two years ago.
To that end, 93% said that vendor partners who have access to their consumer PII data should be required to provide information security protection assessments.
However, most do not have those security assessments in place, with only 8% saying all, or nearly all, of their vendors provide them.
Not surprisingly, when asked about the cybersecurity threats that worried them the most, data breaches topped the list, followed closely by phishing attacks.
Although the vast majority of dealerships — 95% to be exact — said they have a documented cybersecurity policy in place, 58% told eLEND Solutions that they are only somewhat, or not very, prepared to manage a potential cybersecurity breach in the future.
“It is not a question of if, but when, the next serious cybersecurity breach will happen — and being partially protected, like the majority of dealers in our survey, is really not being protected at all. But, it is not a problem one dealership or one vendor can fix, nor is it just an infrastructure hardware/software issue, or just a DMS issue,” MacInnis said.
“The good news is that we can mitigate most risks if we are vigilant and come together as an industry to solve it — and that means vendor security assessments checked and double checked, ironclad compliance and data safeguards, full integration of all touchpoints as data moves across processes and workflow — from the initial point of the customer journey to its end,” MacInnis went on to say.
Here again are the major findings from the survey orchestrated by eLEND Solutions:
—86% of dealers were relying on a single system for managing critical dealership operations (sales, finance, service/parts, inventory, accounting/payroll, etc.) before the recent cybersecurity breach.
—76% say that after the recent cybersecurity breach they are less likely to want their DMS to handle sales and finance processes, agreeing diversification could be beneficial and reduce risk.
— 96% say that the cybersecurity (of customer’s PII – personally identifiable information) is ‘somewhat/much more’ important in their process for evaluating and selecting vendor partners compared to two years ago.
—93% say that vendor partners who have access to their consumer PII data should be required to provide information security protection assessments.
—Only 8% of dealers say that ‘nearly all or all’ of their vendor partners who handle customer PII data provide their dealership with security assessments.
—Data breaches (59%) and phishing attacks (56%) are the top two future cybersecurity threats that worry dealers the most.
—Only 42% of auto dealership respondents say that their dealership is fully prepared to manage a potential cybersecurity breach in the future, 58% are ‘somewhat/not very’ prepared.