New survey from eLEND Solutions shows 76% of dealerships today are less likely to want their DMS to handle the majority of sales and finance processes, and worry most about data breaches and phishing attacks, but lack adequate security assessments from vendor partners.

Foothill Ranch, Calif. – October 8, 2024 – The majority of auto dealerships are less likely to want their DMS to handle most of their sales and finance processes today than they were before the recent CDK security breach, according to a new snapshot survey of auto dealers from automotive fintech innovator eLEND Solutions. And, while auto dealerships are concerned about cybersecurity vulnerabilities, the survey reveals a disconnect between these concerns and current security measures: most auto dealership respondents report that they are not feeling fully prepared for future cybersecurity breaches. 

“Last June’s cybersecurity breach severely disrupted operations across more than 15,000 car dealerships and was the ‘canary in the coal mine’ for even more destructive cybersecurity events in the future,” said Pete MacInnis, founder and CEO, eLEND Solutions. “This survey underscores that today’s dealerships are increasingly worried about protecting customer’s PII, but lack confidence in the security provided by their vendors, or the measures to fully protect their single system platforms from future cyberattacks.”
 

The snapshot survey, which was fielded online by eLEND Solutions among US auto dealers in September 2024, found that 86% of auto dealerships surveyed rely on a single system for managing critical operations such as Sales, Finance, Service/Parts, Inventory, Accounting/Payroll, but that, after the recent cybersecurity breach, 76% are less likely to want their DMS (Dealer Management System) to handle their Sales and Finance processes, agreeing that diversification could be beneficial and reduce risk.

Consumer PII (personally identifiable information), and vendor protection of that data is a specific concern of the auto dealers surveyed, with 62% of respondents saying that the cybersecurity of customer’s PII is much more important in their process for evaluating and selecting vendor partners today than it was two years ago.

To that end, 93% say that vendor partners who have access to their consumer PII data should be required to provide information security protection assessments. Astonishingly, however, most do not have those security assessments in place, with only 8% saying all, or nearly all, of their vendors provide them.

Not surprisingly, when asked about the cybersecurity threats that worried them the most, ‘Data Breaches’ topped the list, followed closely by ‘Phishing Attacks’. And, although the vast majority of dealerships, 95%, say they have a documented cybersecurity policy in place, 58% say they are only somewhat, or not very prepared to manage a potential cybersecurity breach in the future.  

“It is not a question of if, but when, the next serious cybersecurity breach will happen – and being partially protected, like the majority of dealers in our survey, is really not being protected at all. But, it is not a problem one dealership or one vendor can fix, nor is it just an infrastructure hardware/software issue, or just a DMS issue," continued MacInnis. “The good news is that we can mitigate most risks if we are vigilant and come together as an industry to solve it - and that means vendor security assessments checked and double checked, ironclad compliance and data safeguards, full integration of all touchpoints as data moves across processes and workflow - from the initial point of the customer journey to its end.”

Key Survey Findings: 

• 86% of dealers were relying on a single system for managing critical dealership operations (e.g. Sales, Finance, Service/Parts, Inventory, Accounting/Payroll, etc.) before the recent cybersecurity breach.

• 76% say that after the recent cybersecurity breach they are less likely to want their DMS to handle sales and finance processes, agreeing diversification could be beneficial and reduce risk.

• 96% say that the cybersecurity (of customer’s PII - personally identifiable information) is ‘somewhat/much more’ important in their process for evaluating and selecting vendor partners compared to two years ago.

• 93% say that vendor partners who have access to their consumer PII data should be required to provide information security protection assessments

.• Only 8% of dealers say that ‘nearly all or all’ of their vendor partners who handle customer PII data provide their dealership with security assessments.

• Data Breaches (59%) and Phishing Attacks (56%) are the top two future cybersecurity threats that worry dealers the most.

• Only 42% of auto dealership respondents say that their dealership is fully prepared to manage a potential cybersecurity breach in the future, 58% are ‘somewhat/not very’ prepared.

About eLEND Solutions

eLEND Solutions™ (formerly DealerCentric) is an automotive FinTech company providing a middleware solution designed to power transactional digital retailing buying experiences for the retail automotive industry - helping dealers sell more cars! Faster! The platform specializes in hybrid credit report, identity verification, and ‘pre-desking’ solutions, accelerating end-to-end purchase experiences - concluding with a transactable, fundable deal structure. 

For more information, please visit www.elendsolutions.com.

Contact Media Relations:

Angela Jacobson, mWEBB Communications, (714) 454-8776, angela(at)mwebbcom(dot)com

Crystal Hartwell, mWEBB Communications, (714) 987-1016, crystal(at)mwebbcom(dot)com