blog |
An In-Depth Analysis of the CDK Global Cyber Attack: Lessons for Automotive Dealerships

An In-Depth Analysis of the CDK Global Cyber Attack: Lessons for Automotive Dealerships

The recent cyber attack on CDK Global has been a wake-up call for the automotive industry, highlighting critical vulnerabilities and the urgent need for enhanced cybersecurity measures. As a leading provider of integrated technology solutions to automotive retailers, CDK Global's breach has significant implications for the entire sector, affecting dealerships' operations, customer trust, and regulatory compliance.

The Nature of the Attack

In June 2024, CDK Global fell victim to a sophisticated cyber attack that compromised sensitive data across numerous automotive dealerships. Cybercriminals exploited weaknesses in the security infrastructure, gaining access to confidential customer information, financial records, and other critical data. This breach not only disrupted business operations but also posed a significant threat to the privacy and security of customers' personal information.

Impacts on Dealerships

Data Breaches and Financial Consequences

Dealerships that relied on CDK Global's platforms faced severe repercussions due to the attack. According to reports, affected dealerships experienced data breaches that exposed personal customer information, sales transaction data, and financial details. This exposure led to significant financial losses, as dealerships had to manage the fallout from compromised data, including potential legal actions and loss of customer trust.

The financial impact of such breaches is substantial. Ransomware attacks, in particular, have seen a dramatic increase in demands, with average payouts skyrocketing from $44,000 in 2019 to over $740,000 in 2023. Dealerships also incurred costs associated with downtime, averaging 3.4 weeks, and many struggled to fully recover their stolen data.

Key Findings from CDK Global’s Cybersecurity Reports

Rising Threats and Persistent Vulnerabilities

CDK Global's cybersecurity reports over recent years have consistently highlighted the increasing frequency and sophistication of cyber attacks targeting automotive dealerships. The 2023 State of Cybersecurity in the Dealership study revealed that 17% of dealerships experienced a cyber attack in the past year, with phishing, ransomware, and malware being the most common threats. Despite increased investments in cybersecurity measures, these attacks continue to exploit gaps in security protocols and employee awareness.

Compliance and Preparedness Challenges

The attack also underscored the challenges dealerships face in complying with evolving cybersecurity regulations. The Federal Trade Commission's (FTC) Safeguards Rule mandates stringent measures for securing customer data, yet many dealerships struggle to fully understand and implement these requirements. CDK Global's study found that only 35% of dealerships feel fully prepared to meet these compliance standards

Strengthening Cybersecurity in Dealerships

Investing in Advanced Technologies and Training

To mitigate the risk of future cyber attacks, dealerships must prioritize investments in advanced cybersecurity technologies and comprehensive employee training programs. Anti-virus and malware protection, secure network configurations, and continuous software updates are essential components of a robust cybersecurity strategy. Additionally, regular training sessions to enhance employee awareness about phishing and other cyber threats can significantly reduce the likelihood of successful attacks. 

Engaging with Cybersecurity Experts

Partnering with managed service providers (MSPs) and cybersecurity experts can provide dealerships with the necessary expertise to manage their IT infrastructure and ensure compliance with regulatory requirements. MSPs offer a range of services, including round-the-clock monitoringincident response, and tailored cybersecurity solutions to safeguard dealerships against potential threats. 

Proactive Threat Detection and Response

A proactive approach to threat detection and response is crucial for mitigating the impact of cyber attacks. This involves regular vulnerability assessments, penetration testing, and implementing threat hunting practices to identify and address potential threats before they can cause significant damage. Dealerships should also develop and maintain comprehensive incident response plans to ensure quick and effective action in the event of a cyber attack.


The cyber attack on CDK Global serves as a critical reminder for the automotive industry to reassess and strengthen its cybersecurity measures. By investing in advanced technologies, enhancing employee training, and partnering with cybersecurity experts, dealerships can better protect their data, maintain customer trust, and ensure business continuity in the face of evolving cyber threats.

Leveraging the SubRosa and KPA Partnership for Enhanced Dealership Cybersecurity

In response to the increasing cyber threats facing the automotive industry, SubRosa has partnered with KPA, a leader in compliance and workforce management solutions. This collaboration brings together SubRosa’s advanced cybersecurity services and KPA’s robust compliance expertise, providing automotive dealerships with a comprehensive approach to cybersecurity and regulatory adherence.

Dealerships can benefit from this partnership through integrated solutions that include:

Proactive Threat Detection and Response

SubRosa’s Managed SOC services ensure continuous monitoring and threat hunting, protecting your dealership from evolving cyber threats.

Regulatory Compliance

KPA’s compliance tools help dealerships meet the latest FTC Safeguards Rule requirements, ensuring customer data is protected and regulatory standards are met.

Employee Training and Awareness

Joint efforts from SubRosa and KPA provide comprehensive cybersecurity training programs, empowering your staff to recognize and mitigate potential threats.

By leveraging the combined strengths of SubRosa and KPA, automotive dealerships can not only enhance their cybersecurity posture but also streamline compliance processes, safeguarding their operations and maintaining customer trust.