When a cyberattack hits a car dealership

5 minutes
Une femme discute avec un vendeur chez un concessionnaire

One of the biggest fears for most companies? The dreaded cyberattack.

Learn what you should do to protect your clients’ personal information and go on with business as usual.

Why is your business vulnerable?

To do their job, your employees need access to a lot of your customers' personal information like their address, date of birth, social insurance number, employer, credit report, and more. This valuable information is worth its weight in gold… and hackers know it all too well!

You’ve spent years building a valuable client database, making your business an attractive target for cybercriminals.

In many cases, you work with third-party companies that help manage, store and destroy personal information. However, outsourcing does not absolve you of your responsibilities. In the event of a data breach, your business is 100% accountable: implementing necessary measures, maintaining and updating records, notifying affected customers, etc.

What are the consequences of a cyberattack?

When you get hit by a cyberattack, it could cause service interruptions or operational delays. These situations can ruin the customer experience, reduce productivity, and impact deadlines.

To avoid these problems, it’s imperative to have robust business continuity plans and efficient management systems capable of minimizing disruptions and maintaining customer trust.

The financial and reputational risks are often linked to the breach of sensitive data which can expose confidential information, causing you to incur costs, face regulatory fines as it also erodes your customers’ trust.

By the numbers
  • 53% of cybersecurity threats come from employees.
  • 61% of Canadian businesses have experienced at least one cybersecurity incident.
  • 74% of them did not report it.
  • 44% do not have a full cybersecurity plan.

When it really happens

Let’s lay out an example of what could happen to a business like yours during a cyberattack.

A virus infects the IT systems of an equipment supplier that works with a car dealership. Shortly after, the dealership's customers receive strange emails. Concerned, the owner calls in IT consultants to deal with the problem.

A few weeks later, the supplier receives a legal notice alleging that the virus infected a dealership customer’s computer, causing significant damage and triggering a domino effect of repercussions.

The importance of Law 25

Since Law 25 was introduced, the liability for data protection now rests heavily on the person in charge of accessing documents and protecting personal information (This hyperlink will open in a new tab) (French only) in your company. Their role includes:

How can you prevent cyberattacks

In addition to the person designated for data protection in your company, you also play a key role in cybersecurity.

Implementing security measures

Establishing security and compliance policies ensures your data is protected and guidelines are followed. These policies help define clear rules to prevent risks such as cyberattacks or regulatory violations.

Key measures to implement include:

  • Regularly updating software and firewalls
  • Securing your network
  • Changing passwords frequently
  • Having your IT systems checked for breaches
  • Storing physical and electronic records securely, with restricted access
  • Limiting access to personal data based on employee roles
  • Using encryption to secure communications and data transfers

By implementing strict procedures, you strengthen the security of your operations, which in turn ensures legal compliance, as well as maintaining customer and partner trust.

Training your teams and keeping them informed

Cybersecurity training and awareness are critical for protecting your company's data. Your employees are often the first line of defense against cyberattacks.

By providing tailored training, you help them recognize threats like phishing and fraudulent emails. Investing in awareness initiatives enhances overall security and fosters a culture of digital vigilance.

Choosing your partners wisely

Evaluating and managing risks related to suppliers is essential for running your business smoothly. It helps identify potential vulnerabilities such as delays, non-compliance or service interruptions.

By assessing the capabilities and reliability of your partners, you can anticipate problems and implement appropriate solutions. A proactive risk management approach strengthens business resilience and fosters strong supplier relationships.

Is there insurance for that?

You bet! We understand that data protection is not exactly your area of expertise.

In the event of a cybersecurity incident, we offer insurance1 coverage to protect your business, including:

  • Losses resulting from business interruptions
  • Costs for restoring IT data
  • Legal expenses
  • Partner or shareholder identity theft costs
  • Investigation and negotiation services in extortion cases
  • Regulatory fines and penalties imposed by regulatory bodies
  • Public relations services
  • Fraud involving IT systems, telecommunications or payment diversions

This coverage can be added to your commercial insurance.

1 In all cases, your insurance contract takes precedence over this information.