The most frequent cybersecurity threat in a dealership is an attack on computer systems that allows the theft or manipulation of sensitive customer data. However, in the medium term the main “cyber threat” will be the hacking of the vehicle, since 70% of the vehicles sold in Spain in 2025 will be connected, according to MSI data. And although it seems like a science fiction movie, stealing data from dealers represents a real danger that, although in Spain it has not yet materialized in confirmed cases, in the United States – one of the most technologically advanced countries – they are happening every more frequently According to Eurocybcar, 85% of American dealers have suffered at least one cyberattack in the past two years.
In this way, the report shows that dealers are also targets of attack for cybercriminals, which is a threat to the dealership’s own business of sale, to the point that four out of five consumers would not acquire their car from a dealer that it was not cyber insurance or, what is the same, that it does not guarantee a shield of the data.
And the worst part is that non-cyber insurance dealers are exposed to the theft of sensitive information from their customers, as well as to the hacking of vehicles sold,
also risking fines exceeding half a million euros (up to 600,000 euros), according to data from the Eurocybcar car cybersecurity expert collected by Sumauto, a specialist in vertical automotive portals that groups Autocasión and AutoScout24, on the occasion of the XXIX Faconauto Congress .
In addition, this privacy nightmare also reaches the legal field, where a concessionaire must assume that putting up for sale a vehicle to which the necessary cybersecurity measures have not been applied has the same responsibilities and penalties as doing it with a vehicle that does not comply the European Vehicle Safety Regulation.
The dealer, as the seller of the car and ultimately responsible for the state in which it reaches the consumer, must shield itself against this type of cyberattacks and apply the necessary verification protocols to ensure its good condition, especially in the occasion market, where a vehicle has been subject to “change of hands”.
Given this, Sumauto explains that checking the level of cybersecurity of a vehicle is easy, because there are already tests to measure the difficulties that a cybercriminal has to remotely open doors, lower windows, activate the car’s brakes, accelerate it, get to know your position in real time or access any electronic system of the car.
And this is precisely what has led to the drafting of the new UN regulation, which will be expected to be approved in March and will be reflected, as of 2022, in a European Vehicle Safety Regulation that will not allow the sale of vehicles in the EU without a cybersecurity certificate. With the entry into force of this standard, manufacturers must guarantee the cybersecurity of a vehicle in all its phases, as already contemplated in ISO 21434 currently under development.
This legislation comes to control a less sophisticated practice than it seems, because cars are large computers with wheels that are being hacked by cybercriminals since 2012. Every vehicle that has a minimum of technology on board is likely to be a victim of it. And it is that systems as common as Bluetooth, browser, emergency call – mandatory in cars since 2018 -, key with remote control, airbag or any application that allows to control car functions from the mobile are already available in most vehicles and can be violated using devices of just 30 euros, according to data collected by Eurocybcar.
According to the general director of Sumauto, Nicolás Cantaert, “cars contain sensitive information, so dealers and users should be aware of the importance of sweeping and ‘cleaning’ them just like a mobile or computer with personal information. . Professionals should be prepared for this and rely on a knowledge partner to help them know how regulations are changing, how to get ahead of what is to come and discover how to measure the level of cybersecurity of your business and the vehicles they sell. Why can a dealer today ensure that it is 100% cyber insurance? .