Safeguards-aligned program
The full required control set — MFA, encryption, access controls, IR plan, designated qualified individual — operated end-to-end and documented for an FTC inquiry.
Auto dealers · F&I
You're a financial institution now, whether the sign says so or not.
The revised FTC Safeguards Rule extended the financial-institution definition to cover auto dealers that arrange financing. That means a specific control list applies to your store by regulation — not by a carrier's preference — and your customer financing data is exactly the kind underwriters worry about.
The exposure
What underwriters and attackers actually look at
Customer financing and PII flow through the DMS and F&I systems. The Safeguards Rule requires MFA, encryption, access controls, a written incident-response plan, and a designated security lead; MFA, EDR on those systems, and email security are the priorities.
Applicable framework: FTC Safeguards Rule.
The program
What we operate for you
The same managed security program we run for every client — 24/7 SOC-monitored detection, identity protection, and security awareness training, operated end-to-end — tuned to auto dealerships.
MDR on the DMS and F&I systems
Managed detection and response where the financing and customer data live, plus the back-office and showroom machines that connect to them.
Email and identity security
Managed ITDR and email-gateway protection on the inboxes that handle deals, lender communications, and customer documents.
Evidence for FTC and for renewal
One package that satisfies the Safeguards documentation requirements and the cyber-insurance application.
Fit
Who this is for
- Franchised and independent dealerships that arrange financing
- Dealer groups standardizing security across rooftops
- Stores that haven't yet built their Safeguards program
- F&I operations handling customer credit applications
Further reading
Go deeper on Auto Dealerships
CISSP-led guides on the threats, compliance, and controls that apply to auto dealerships— the detail behind the program above.
Do Auto Dealers Have to Comply with the FTC Safeguards Rule? (2026)
Most dealerships that arrange financing are 'financial institutions' under the FTC Safeguards Rule — which means a specific, named cybersecurity program is required by regulation. Here's what's on the list and how to satisfy it.
Read the guideBeyond the Safeguards Rule: The Cyberattacks That Actually Hit Car Dealerships
Compliance is one thing; the attack that stops a dealership is another. Ransomware on the DMS, F&I identity data, and vendor outages like the 2024 CDK attack are the real exposure. What actually hits dealers, and how to be ready.
Read the guideFAQ
Auto Dealerships: common security questions
Do car dealerships have to follow the FTC Safeguards Rule?
Yes. Because of the financing they arrange, auto dealers are 'financial institutions' under the FTC Safeguards Rule, which requires a written information security program, MFA, encryption, and a qualified individual overseeing it. The F&I data dealers hold is exactly what the rule is designed to protect.
What's the biggest cyber risk for a dealership?
Ransomware on the dealer management system and theft of F&I identity data. The 2024 CDK Global outage showed how an attack on a single DMS vendor can stop roughly 15,000 dealer locations across North America — your risk includes your vendors, not just your own network.
How much does managed cybersecurity cost for a dealership?
Managed coverage starts at $15 per device per month (Foundation, no minimum). The Protected and Complete tiers — adding identity protection, security awareness training, and SIEM — are billed per seat for teams of five or more. The one-time Cyber Insurance Readiness Sprint is a fixed fee from $1,500 (three tiers up to $3,500).
How fast can you get a store covered?
The Cyber Insurance Readiness Sprint runs seven business days from kickoff to a signed evidence pack mapped to your carrier's questionnaire, including how you'd operate through a DMS outage. Managed monitoring can begin onboarding in the same week.
Start with the questionnaire
See where you stand before an underwriter does.
The free 2026 Cyber Insurance Readiness Questionnaire scores you against the controls carriers actually ask about. Then the Readiness Sprint turns your environment into the evidence they accept.