Automotive Dealership Security Assessment

Your DMS Holds Everything.
Is It Protected?

Auto dealerships are financial institutions under the FTC Safeguards Rule holding Social Security numbers, credit reports, and bank statements for every customer who has ever financed a vehicle. One ransomware attack, one vendor breach, one phishing email to your F&I manager can shut it all down. CDK Global proved it.

1 in 3Dealerships targeted by a cyberattack in the past year and only 24% increased cybersecurity spending in response. (KPA / WardsAuto 2025)
$50,125Per violation under the FTC Safeguards Rule which applies to every dealership collecting customer financial information. (FTC 2025)
15,000+Dealerships shut down by the 2024 CDK Global ransomware attack. One vendor breach, every customer in your DMS at risk.
What Keeps Dealer Principals Up at Night

The FTC Doesn't Care That You Sell Cars. They Care That You Hold Financial Data.

The FTC Safeguards Rule treats auto dealerships as financial institutions. You are required to have a written information security program, a designated qualified individual, annual risk assessments, and breach reporting within 30 days. Most dealerships are not fully compliant and the FTC is actively enforcing.

$50,125Per violation under the FTC Safeguards Rule. With thousands of customer records on file, non-compliance exposure compounds fast before you even factor in remediation, legal fees, or reputational damage.FTC Safeguards Rule Current Penalty Schedule
The Gaps That Lead to Breaches
  • 01

    DMS Ransomware That Shuts Down Your Entire Operation

    The CDK Global attack proved that a single vendor breach can lock every dealership that depends on it: sales, service, financing, and accounting completely offline for weeks. Your DMS is your most critical vulnerability.

  • 02

    Customer Financial Data in Every Credit Application

    Every deal you close involves Social Security numbers, bank statements, and credit reports. The FTC Safeguards Rule classifies dealerships as financial institutions and holds you to the same data security standards.

  • 03

    Phishing Targeting F&I and Finance Staff

    36% of dealership breaches start with phishing. Finance and F&I personnel are the highest-value targets because they have access to the most sensitive customer data and the wire transfer capabilities attackers want.

  • 04

    Third-Party Vendors With Unrestricted DMS Access

    Lenders, software vendors, auction platforms, and service providers all connect to your systems. Under the FTC Safeguards Rule, you are responsible for ensuring every one of them maintains adequate security controls.

C.V.I.P²-A Framework

Run a Dealership Security Baseline Check

Six modules built around the real-world vulnerabilities of auto dealerships. Every finding manually validated and mapped directly to FTC Safeguards Rule requirements so your assessment doubles as compliance documentation.

Take 5 minutes to cross-reference your current operations against a 9 question baseline hygiene checklist covering common dealership entry points.

Cyber Threat Surface

External Exposure Review

We map your internet-facing systems from an attacker's perspective DMS portals, online credit applications, inventory platforms, and any remote access tools used by staff or vendors.

Vulnerability Assessment

Network and DMS Scan

Credentialed scanning of workstations, servers, DMS infrastructure, and vendor integrations. Findings mapped directly to FTC Safeguards Rule technical requirements.

Intelligence

Credential and Data Exposure Check

Dark web intelligence to identify leaked staff credentials and customer financial data actively circulating before they are used to access your DMS or initiate fraudulent transactions.

Penetration Testing

Application and Portal Testing

We assess customer-facing credit applications, online finance tools, and internal portals for authentication flaws, injection vulnerabilities, and exposure of nonpublic customer information.

Physical Security

Dealership Facility Walkthrough

Server room access, F&I office controls, service drive workstations, and key management evaluated in person including after-hours physical access points and visitor procedures.

Assessment & Recommendations

FTC Safeguards-Aligned Report

Executive summary for dealer principals plus a full technical report with remediation timelines and documentation supporting your Written Information Security Program (WISP) requirements.

*This baseline check is informational only and does not substitute for a professional compliance audit.

The Process

Minimal Disruption. Maximum Clarity.

01

Scoping Call

We define scope and agree on timing that avoids high-volume sales periods, month-end closes, and major inventory events.

02

External Recon

We map your digital footprint from the outside DMS portals, credit apps, and any system exposed to the internet.

03

Internal Assessment

Credentialed scans of your internal network and DMS infrastructure plus an on-site physical walkthrough of the entire facility.

04

Manual Validation

Every finding reviewed. False positives removed. Real risks confirmed, scored, and mapped to FTC Safeguards Rule requirements.

05

Report Delivery

Executive summary and full technical report with a debrief documentation ready to support your WISP and annual Safeguards Rule certification.

Who We Serve

If You Facilitate Financing, The FTC Safeguards Rule Applies to You.

New and Used Car Dealerships

Every credit application, every trade-in evaluation, every deal jacket contains customer financial data protected under the FTC Safeguards Rule. Compliance is mandatory not optional.

Franchise and Multi-Rooftop Groups

Multi-location dealers face compounded exposure. A breach at one store can cascade across your entire group through shared DMS systems, network connections, and centralized finance operations.

Buy Here Pay Here Dealerships

BHPH dealers store the most sensitive customer financial data of any dealership type often for customers who cannot obtain traditional financing. This data is highly valuable and frequently targeted.

RV and Powersports Dealerships

The FTC Safeguards Rule applies to any dealership that facilitates financing. RV and powersports dealers are increasingly targeted as attackers recognize the gap between data stored and security in place.

Auto Auction Houses

Auction platforms handle financial transactions for thousands of vehicles and collect dealer and buyer financial information at scale. A breach here exposes every dealer in your network simultaneously.

Service Centers and Independent Shops

Shops that store customer payment information, insurance records, or vehicle history data have compliance obligations even without a direct financing operation. Physical security gaps are especially common.

SDVOSB Certified
Service-Disabled Veteran Owned
No Product Sales
Independent and Objective Assessments Only
Federal Intelligence Background
DHS and National Defense Experience
FTC Safeguards Documentation
WISP-Ready Compliance Reports

Let's Start
With a Conversation

Not sure if you need an assessment? That's exactly why this conversation exists. Tell us about your organization and we'll take it from there

After You Submit

  1. A team member contacts you within one business day.
  2. We ask a few questions to understand your organization and industry.
  3. You get an honest recommendation on whether an assessment makes sense right now.

Your information is confidential and will not be shared with third parties.