The automobile dealership sector continues to evolve digitally with connected vehicles, cloud-based dealership management systems (DMS), online financing, and electronic sales workflows. But the newly released CDK State of Dealership Cybersecurity 2025 report shows a sector still struggling to keep pace with threat actors who increasingly target these high-value, high-data retail environments.
Despite gains in awareness and investment, dealerships face widening gaps in employee readiness, third-party risk, and operational resilience. For security teams supporting dealerships—or vendors serving them—the report offers critical insights and warnings.
For the fifth year running, dealership leaders overwhelmingly say cybersecurity is "very or extremely important" (90%)—essentially unchanged from 2024's 91%. But only 48% feel confident in their protections, up from 40% last year yet still below the 53% confidence peak in 2023.
This confidence gap underscores a harsh reality: cyber threats are outpacing capability, even as dealerships invest more in tools and services.
One in five dealerships hit by a cyberattack in 2025
A striking 21% of dealerships reported being victims of a cyberattack or security incident in the past year—consistent with 2023's rate despite better awareness and technology adoption. Top threats in 2025, according to the report, are:
-
Ransomware (67%)
-
Email phishing (66%)
-
PC virus/malware (46%)—up from #5 last year
-
Theft of business data (44%)
-
Employee awareness gaps (44%)
-
Stolen/weak passwords (26%)
-
Vehicle cyberattacks (11%)
Leaders described increasingly sophisticated social engineering, such as attackers impersonating employees, spoofing bank numbers, or embedding malware in fake resumes. One dealership noted phishing emails impersonating the U.S. Social Security Administration—an indicator of adversaries tailoring schemes to dealership environments.
While six of eight security safeguards saw increased usage in 2025, employee training dropped significantly—from 80% of dealerships offering staff cyber training in 2024 to 70% in 2025.
Even more concerning:
-
13% of dealerships still offer no training at all—higher than in 2023.
-
Inclusion of cybersecurity during new-hire orientation decreased.
-
Quarterly training is down from its 2023 high.
As one leader said, "No matter how strong the systems are, people can still be tricked. Phishing and social engineering continue to get through."
Dealers seem aware of the gap: enhancing employee training ranks as the #1 cybersecurity priority for the next 12 months.
Dealerships spend relatively little on cybersecurity—typically less than 5% of operational budgets—ranking it below advertising, CRM systems, DMS licensing, and even printing costs.
Average monthly spend in 2025 was:
-
3–5 rooftops: $1,765/month
-
11+ rooftops: $1,916/month
Despite this modest baseline, no dealerships plan to reduce cybersecurity investment, and nearly half expect a 1–10% increase next year.
Given the scale of dealership operations—and the financial payload of consumer data, insurance information, and vehicle financing—budgets remain dangerously out of sync with actual risk.
Third-party and MSP dependency: growing and necessary
Dealerships rely heavily on external providers:
-
56% use both an IT manager and an MSP for cybersecurity.
-
More than half use 2–4 providers, and some use as many as eight.
FTC Safeguards Rule compliance appears to be stabilizing, but dealerships remain dependent on third parties to alert them when systems or products are no longer supported.
For cybersecurity teams, this means:
Attackers increasingly exploit MSPs to pivot into clients' networks—making MSP security posture everyone's security posture.
Recent incidents—including the massive 2024 CDK Global outage, ransomware attacks on large multi-store groups, and breaches involving customer PII—highlight recurring patterns:
1. Centralized systems = centralized blast radius: DMS or CRM outages can shut down sales, finance, service, parts, and payroll across hundreds of rooftops simultaneously.
2. Social engineering is the opening move: Dealers remain vulnerable to credential harvesting and phishing—especially those without consistent training.
3. Third-party weaknesses are the fastest path in: The report underscores this risk repeatedly; attackers go after vendors because dealerships have fewer internal controls.
4. Data theft is almost always part of the playbook. Dealerships store:
These records fetch high prices on dark web marketplaces.
What cybersecurity teams protecting dealerships should prioritize
1. Security awareness as a continuous program: including quarterly simulations, new-hire training, and real phishing tests aligned with automotive themes.
2. Zero Trust access across dealership systems: Segmentation between sales, finance, service, and guest Wi-Fi networks is essential.
3. Multi-factor authentication (MFA) everywhere, especially for:
-
DMS
-
CRM
-
OEM portals
-
Payroll/HR systems
-
MSP remote access
4. Rigorous vendor risk management: Dealerships rely on:
Each is a possible entry point.
5. Modern endpoint and email security: With malware and phishing ranking among the top threats, EDR and advanced email filtering should be standard.
6. Incident response planning specific to dealership workflows: Dealerships need IR plans tailored to:
-
Sales operations
-
Service scheduling
-
F&I processes
-
Vehicle delivery
-
Loan applications
-
Customer communications
The report shows only 48% have a formal response plan in place.
The report highlights massive opportunity—and responsibility—for vendors:
1. Dealerships need simplification: They are overwhelmed by multiple providers, tools, and compliance obligations. Vendors offering integration, automation, or consolidated workflows will win.
2. MSPs and MSSPs must harden their own posture: Dealerships depend on MSPs more each year; this makes MSPs both trusted operator and high-value target.
3. Education is as important as technology: With employee training declining, vendors offering turnkey cybersecurity awareness programs can fill the gap.
4. Automotive-specific threat intelligence matters: Generic intelligence feeds don't reflect the unique attack patterns—such as DMS credential harvesting, dealer/OEM impersonation, and malware hidden in job applications.
5. Compliance-oriented solutions will continue to grow: The FTC Safeguards Rule has transformed dealership cybersecurity. Vendors that simplify compliance reporting will have a strong advantage.
The State of Dealership Cybersecurity 2025 report makes clear that the automotive retail sector is at an inflection point. Dealers know cybersecurity matters, and they are investing more. But confidence remains low, employee readiness is slipping, and third-party complexity is increasing.
