Autocar iconAutocarMay 27, 2026 ~3 min source read

Cyber attacks are now 'business as usual' for carmakers and dealers

Security specialists tell Autocar Business the automotive sector faces persistent hacks driven by staff churn, dealer finance systems, and unmanaged access. The immediate fix is basic digital housekeeping: remove forgotten accounts, shrink permissions and treat dealerships like financial institutions.

Cyber attacks become 'business as usual' for automotive firms

Share this story

Send the public story page.

Useful takeaways from this story.

High staff turnover at dealer groups leaves active permissions and old logins that widen the attack surface.

Dealers process large volumes of finance applications and customer data, making them attractive ransomware targets.

Reducing the number of active accounts, permissions and exposed web servers is a practical first step to lower risk.

Cyber security specialists described the automotive sector to Autocar Business as "an industry under attack" where hacks have become "business as usual." Two recurring themes explain why: workforce churn inside dealer groups and the way dealerships now handle financial products and customer data.

Mark Rodbert, CEO at Idax Software, identified staff turnover as a core vulnerability. When employees leave and their permissions or accounts remain active, organisations widen their attack surface and create easier paths for malicious insiders or credential misuse. Rodbert also pointed to the volume of finance applications handled by dealers. That flow of sensitive customer and payment data turns dealer IT systems into high-value targets for ransomware and data theft.

Alistair Wesson, director of Mongoose Cyber Security, summed up the technical consequence: the more forgotten or unused logins and services remain, the bigger the set of things attackers can try. He recommends shrinking that surface by removing unused permissions and web servers.

Principal vulnerabilities highlighted

  • Persistent accounts and permissions: Employee churn without timely deprovisioning leaves credentials that can be exploited.
  • Dealer finance systems: High volumes of personal and financial data concentrated in dealer platforms attract ransomware operations and data extortion.
  • Exposed services: Forgotten web servers and unused permissions increase the number of attack vectors.

Concrete housekeeping actions that reduce risk

These are the low-effort, high-impact controls implied by the specialists' comments:

  • Enforce timely deprovisioning: Revoke access immediately when staff leave or change roles.
  • Inventory and remove dormant accounts: Regularly scan for and delete forgotten logins and service accounts.
  • Minimise permissions: Apply least-privilege controls so employees and systems have only the access they need.
  • Harden dealer finance platforms: Treat dealer systems that process finance applications like financial services platforms, with stronger monitoring, encryption and access controls.
  • Reduce exposed infrastructure: Catalogue and retire unused web servers and externally facing services to shrink the attack surface.

Recent high-profile incidents across the broader retail and automotive landscape have kept cybersecurity in the headlines, and the automotive sector's own profile has risen because of the combination of operational technology and sensitive customer data. The specialists quoted view the problem as systemic: it's not a single weakness but a cluster of routine operational issues that cumulatively invite attackers.

Why simple fixes matter most right now

Expect continued scrutiny of dealer IT practices and more public reporting about incidents that affect manufacturing and retail operations. Organisations that prioritise deprovisioning and least-privilege policies will reduce near-term risk and complicate attackers' ability to weaponise former employees' credentials or high-volume finance workflows.

More context around this story.

Loading more related stories...

Keep reading in the app

Open the app view to save this story, compare related coverage, and continue from the same source.

Open in app