The world of automotive retail, including commercial vehicles, is changing fast, and digital adoption, once optional, is now central to every dealership. From online purchases to always-on laptops and cloud systems, dealerships today operate in a far more connected world than they did just a few years ago. But with this rapid digital shift comes a new kind of challenge: cybersecurity.[1]
Mr. Gokul Rajan, Chief Digital Officer, Hinduja Leyland Finance said, cybersecurity is no longer a technical concern; it has become a critical business priority that determines trust, continuity, and even survival. Dealerships that once worked with a handful of computers are now managing entire digital ecosystems. An 85-person team can mean 85 machines, multiple platforms, and constant data exchange. “We don’t need to visualize digital as something that is fancy and futuristic. The fact is that in every enterprise or every establishment, there is a digital footprint that is already present,” he said. The very process of buying a new vehicle for an end customer(s) including fleet operators, can seem quite scary looking at the amount of personal information that they put out in the hands of dealership employees. “This, I firmly believe exposes all the auto dealerships quite significantly. There is not a week that passes where we don’t see some news or the other about a digital arrest. We tend to see this as some news that is happening to someone else until the time when it happens to ourselves. It is going to catch every business owner unaware,” Mr. Rajan warned.
The Perfect Storm - This digital expansion sits on top of existing pressures such as inventory buildup, regulatory changes, EV readiness, and tight profit margins. Together, these forces have created what experts call a “perfect storm,” pushing dealerships deeper into digital tools while exposing them to rising cyber risks. And the threat is already real, digitally driven fraud is becoming a common complaint across the industry.
Globally, the impact of cyberattacks has been devastating. In 2022, a single breach at CDK Software brought over 15,000 North American dealerships to a standstill, causing a loss of nearly $4 billion in sales. Jaguar Land Rover faced a major shutdown that is estimated to cost the UK economy £1.9 billion. Auto Canada saw employee data leaked across 84 dealerships, and in the UK, Arnold Clark suffered a breach that exposed customer bank details, driving licenses, and vehicle records, resulting in losses of almost £50 million. These examples show that cyber threats are no longer rare events; they are business disruptors with severe economic and reputational consequences, he highlighted.
For dealerships, six major risks stand out. Ransomware can freeze critical systems like the DMS, shutting down operations for weeks and 60% of SMEs hit by such attacks do not recover. Phishing scams trick employees with fake emails pretending to be from OEMs or banks, leading to password theft or misdirected funds. Data breaches expose sensitive customer information such as PAN, Aadhar, or loan details, violating the Digital Personal Data Protection (DPDP) Act, 2023, and risking penalties of up to ₹250 crore. Vendors also pose risks: compromised CRM systems or malicious software updates can break into dealership networks. Weak passwords, shared systems, ex-employee access, unsecured USB devices, and data stored unofficially on phones add to the danger. And as vehicles become more connected, attacks can target everything from OTA updates to OBD ports, telematics links, and even EV charging systems, he clarified.
Governance - But the path to protection is clear. Mr. Rajan suggested that the first step is governance, larger dealerships need dedicated security personnel, while others can consider shared security services. Employees must be regularly trained, with cybersecurity awareness becoming part of routine skill-building. Infrastructure security is equally important, and many dealerships are turning to Security Operation Centers (SOCs) that monitor devices in real time and alert teams before damage spreads. Vendor selection must also be rigorous, ensuring CRM providers and other partners follow strong cybersecurity standards. Continuous monitoring, through SOCs and automated tools, helps keep systems safe around the clock.
Mr. Rajan recommended for some kind of “cyber liability insurance” that may be worthwhile for all of the automotive dealerships to consider. Federation of Automobile Dealers Associations (FADA) can also evaluate whether improved commercial arrangements with the insurance industry can enhance this protection, he said. According to him, cyber liability insurance is emerging as a must-have safeguard, with industry bodies like FADA exploring group options and access to expert guidance.
In an increasingly digital future, cybersecurity is not just about firewalls and passwords. It is about protecting customer trust, ensuring business continuity, and securing the long-term health of the dealership. As the industry transforms, those who build strong digital defense today will be the ones who stay resilient tomorrow.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.motorindiaonline.in/in-todays-connected-world-cybersecurity-is-dealerships-best-defence/
Comments