There’s good news and bad news in CDK Global’s 2023 State of Cybersecurity in the Dealership Study.

The good news is that dealers are getting serious about cybersecurity, with 90% of the respondents saying it is very important or extremely important relative to other operational areas and 53% of respondents being confident in their current protection — up 16% from the 2022 study.

The bad news? Cyberattacks continue to rise. The survey of 175 dealerships, including dealer executives, IT decision-makers and departmental influencers, found 17% of them had experienced a cyberattack or incident in the past year, an increase from 15% the previous year.

The automotive retail software provider said its survey reveals a concerning trend: cybercriminals are evolving their methods to steal user and client data.

Email phishing scams were cited by dealers as the top threat for the third consecutive year, while lack of employee awareness — No. 3 on the list last year — surpassed ransomware for second in the new report.

CDK said fake emails supposedly from trusted internal and external sources are creating “substantial” risks to auto retailers, including IT-related business interruptions, ransom demands, financial loss and damage to the dealership’s reputation.

“Cybercriminals are increasingly targeting auto retailers using sophisticated methods meant to appear from secure and trusted sources,” CDK Global senior vice president and general manager of IT Solutions David LaGreca said.

“Unfortunately, human error can waylay the best-laid plans and put a dealership at serious risk. Employee awareness training should play an integral role in a dealership’s plan to prevent potential cyber threats.”

Other threats cited by dealers include PC virus/malware, theft of business data, stolen/weak passwords and vehicle cyberattacks.

Among dealerships that experienced an incident, 32% said they experienced a cyberattack that resulted in information theft. The top areas affected by those attacks included sales transaction data (56%), customer personally identifiable information (22%) and F&I data (22%).

Of those that experienced a cyberattack, 46% said it resulted in a negative financial/operational impact that included employee downtime (69%), hardware/software replacement (46%) and damaged dealership reputation (31%).

Three-fourths of dealers who updated their security policies to meet the FTC’s June 2023 compliance deadline said they are already seeing improvements as a result. The top action cited for that improvement was appointing a qualified individual to oversee and be accountable for the dealership’s cybersecurity (85%), followed by implementing ongoing cybersecurity training for employees (73%) and multifactor identification (72%).

The survey also found 51% of auto retailers plan to increase their cybersecurity budget in the next year, and 59% are now using managed service providers for cybersecurity and IT infrastructure, up 11% from 2022.

“Unfortunately, it is no longer a matter of if, but when a cyber breach arises,” LaGreca said. “Having the necessary preventative measures in place, along with a trusted partner to manage IT infrastructure, can help minimize a dealership’s impact when an attack does occur.”

The full report is available at