.jpg)
Independent used car dealerships are in the middle of a profound transformation. Artificial intelligence has given them tools that once seemed reserved for high-growth tech companies with massive budgets—AI-powered CRMs, automated customer engagement, and digital retailing workflows that scale customer interactions around the clock. These innovations have created opportunities to compete on a more level playing field with larger dealer groups. Yet, there’s another side of the AI revolution that dealers can no longer afford to overlook: the explosion of AI-driven cyberattacks.
The reality is sobering. Independent dealers are prime targets because they sit on valuable consumer data—loan applications, driver’s license scans, payment records, and financial information—yet they rarely have the cybersecurity budgets or dedicated IT staff that bigger dealer groups employ. As attackers themselves adopt AI to scale their operations, the vulnerabilities at smaller dealerships are magnified.
Recent data shows just how fast this problem is escalating. Upstream Security reported that in early 2025, cyber incidents targeting the automotive and mobility industry surged by nearly 50 percent. These weren’t just abstract risks; the incidents included ransomware attacks, breaches of dealership management systems, and widespread phishing campaigns designed to siphon customer information. RSM Global has emphasized that the automotive sector is increasingly a software-defined ecosystem, where vehicles themselves operate as mobile data hubs with hundreds of connected control units. This interconnectedness broadens the attack surface and makes dealership networks a tempting entry point for cybercriminals.
The sophistication of these attacks is being fueled by the same technology that dealers are adopting to enhance operations. AI has enabled attackers to generate phishing emails that are nearly indistinguishable from legitimate correspondence. Forbes reported that phishing, smishing, and vishing campaigns have spiked by more than 1,200 percent since the release of ChatGPT, with AI-generated messages evading many traditional detection systems. Menlo Security observed a 140 percent global increase in phishing activity driven by zero-hour AI-enabled threats. And in India, regulators disclosed that AI-powered scams accounted for 80 percent of phishing emails, contributing to nearly $113 million in financial losses in just the first half of 2025.
The risks aren’t theoretical. In June 2024, the ransomware attack against CDK Global disrupted operations for thousands of dealerships across the United States and Canada. Reports revealed that CDK ultimately paid $25 million to regain system access, but not before weeks of downtime and financial fallout rippled through the industry. For independent dealers, such an event would not only jeopardize short-term sales but could also damage long-term reputation and customer trust.
The auto industry’s complex vendor ecosystem compounds the problem. Dealerships often rely on multiple third-party platforms—CRMs, DMSs, finance portals, and communications tools. Each integration creates another potential entry point. IBM’s 2025 Cost of a Data Breach study noted that one in five breaches now involve “shadow AI,” unauthorized tools introduced by employees without proper vetting. For smaller operations, a single compromised login or unsecured integration could expose sensitive customer records to attackers.
What makes AI-driven attacks especially dangerous is their personalization. Academic studies have shown that AI-generated spear phishing messages now achieve click-through rates of more than 50 percent, rivaling or surpassing those crafted by human attackers. This means dealership employees—often juggling sales calls, customer interactions, and administrative tasks—are more likely to be tricked into clicking malicious links or sharing credentials. Even well-meaning staff can inadvertently open the door to a breach.
The consequences of such an event extend beyond immediate financial loss. Customer trust is fragile. Buyers entrust dealers with intimate financial and personal information, and a breach can quickly erode confidence, pushing customers toward competitors. For independent dealerships that thrive on word-of-mouth reputation and repeat business, the damage could be devastating.
Yet, the answer is not to retreat from AI. On the contrary, AI remains one of the most powerful tools to help dealers modernize, compete, and engage with today’s digitally driven buyers. The key is adopting AI with a conscious approach to cybersecurity. It requires selecting technology partners who build security into their systems from the ground up, rather than treating it as an afterthought.
The need for this dual focus—innovation and protection—was highlighted in the recent episode of the Used Car Dealer Podcast featuring Aaron Kleinhandler, CEO of Better Car People. In that discussion, Aaron emphasized the importance of balancing automation with the human element, ensuring that while AI can scale efficiency, humans remain central to trust and personalization. That same philosophy applies to cybersecurity. Technology should amplify operations, but human oversight, thoughtful implementation, and secure design must form the backbone of dealership strategies. You can explore the full conversation and insights here.
Independent dealerships can’t simply adopt a “wait and see” approach. The rapid adoption of AI across all industries, not just automotive, ensures that cybercriminals will continue to experiment, evolve, and exploit weaknesses. Already, we’ve seen attackers weaponize generative AI to create deepfake audio that impersonates executives, tricking employees into authorizing fraudulent payments. Dealers that dismiss these risks as unlikely or irrelevant are placing themselves in dangerous territory.
The way forward for independent dealers is clear. They must recognize cybersecurity as an operational necessity, not an optional extra. Just as customers expect fast follow-ups, transparent processes, and seamless digital communication, they also implicitly trust that their personal information is secure. Failing to honor that trust could cost a dealership far more than any single attack—it could undercut the very relationships on which the business is built.
AI has given dealers new ways to compete, streamline, and scale. It has also given criminals new ways to attack. The challenge for independent dealers is to embrace the former while defending against the latter. That balance is not easy, but with the right partners and platforms, it is achievable. Selly AI-Powered CRM represents that blend: innovation with built-in safeguards. By aligning with tools designed for their realities, dealers can both thrive in a competitive market and protect themselves in an increasingly hostile cyber environment.
For used car dealers, the future is not about choosing between AI and security. It’s about recognizing that in the age of AI, security is the foundation that enables innovation to flourish.
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.png)
.png)
