ComplyAuto on What Dealers Miss

Saturday Morning. CRM's Down. Customers Are Walking.

It starts like this: your showroom's buzzing, sales team’s fired up, and then—bam. The phones stop ringing. CRM crashes. Diagnostics in the service bay won’t load. Your team stares at frozen screens while customers drift toward the door. And just like that, a routine weekend turns into a six-figure crisis.

You were compliant. But compliance didn’t stop the breach.

That’s the gut-punch truth too many dealerships learn too late: compliance and cybersecurity aren’t the same. Not even close.

 

The Stakes for Dealerships Have Never Been Higher

From the FTC Safeguards Rule to the PCI DSS 4.0 update, dealerships face increasing scrutiny over how they collect, store, and protect customer data. According to a report by Automotive News, dealerships remain one of the most targeted verticals for cyber attacks, with the 2024 CDK Global breach bringing operations at over 15,000 dealerships to a grinding halt.

Of course, you want to protect your dealership from that same fate, but not all protections are created equal.

Many dealerships believe that checking the compliance boxes means they’re safe. But as Nick Moyes, former compliance officer at a top-10 U.S. auto group and current executive at ComplyAuto, warned on the One Step Beyond Cyber podcast, compliance is just the starting point—not the finish line.

 

Let’s Break This Down: What’s the Difference?

Compliance is about following rules. It’s the checklist you complete to avoid fines and pass audits. For auto dealerships, that means:

  • FTC Safeguards Rule: Requires written security plans, risk assessments, MFA, and more.
  • GLBA: Regulates consumer financial data handling.
  • PCI DSS 4.0: Governs credit card payment systems. for any dealership processing credit card payments (learn more in our PCI compliance blog for auto dealerships).

Complying with these mandates can help you avoid fines, lawsuits, and failed audits. But as Moyes pointed out, “compliance is the bare minimum. It’s not security.”

 

Cybersecurity Defined

Cybersecurity, on the other hand, is the active defense of your dealership’s digital systems, data, and users against real-world threats.

It’s about:

  • 24/7 monitoring and threat detection
  • Endpoint protection and response (EDR/MDR)
  • Penetration testing
  • Patch management
  • Incident response planning
  • Secure cloud infrastructure

Cybersecurity is proactive, layered, and continuously evolving to stop hackers—not just satisfy auditors.

 

Why Dealers Confuse the Two

 

There are a few reasons this confusion is so common:

  • Overload – The FTC Safeguards Rule is 107 pages long. Most GMs and dealer principals aren’t IT experts.
  • Sales Jargon – Many vendors market compliance tools as security solutions, leading to false confidence.
  • Budget Mindset – Dealers often look for the “cheapest way to be compliant” rather than the best way to be secure.

Moyes notes that in his former role, cybersecurity investments like penetration testing alone were projected to cost $90,000/year. “When you start talking about MDR, EDR, MFA—dealers’ eyes gloss over,” he says.

But ignoring these tools is a dangerous gamble. Over 85% of SMBs that suffer a cyber attack go out of business within 24 months.

Many dealerships proudly say they’re “compliant” and consider the job done. But as One Step CEO Scott Kreisberg points out, “What does that actually mean?” Checking a box doesn’t equal true protection.

That’s where the concept of the Cybersecurity Poverty Line comes in; a framework discussed on the podcast and in the field. Being compliant means you’re above water legally.

Think of a line running across your dealership’s IT landscape. Below it? You’re compliant—technically. But your data’s exposed, your team’s reactive, and a breach could knock you out cold.

Above it? You’ve got layered defenses, continuous monitoring, tested backups. You sleep easier.

 

Here’s How to Rise Above Poverty Line

1. Look Closer – Audit your IT Dealers Infrastructure

Where are you vulnerable? Are your systems segmented? Are your vendors secure? Know your weaknesses before attackers find them for you.

2. Build a Layered Security Stack

Partner with a Managed Service Provider (MSP) that offers:

  • Endpoint protection
  • 24/7 threat detection
  • Firewall management
  • Backup & disaster recovery

3. Automate and Manage Compliance

Use tools like ComplyAuto to streamline FTC Safeguards Rule mandates—from vendor contracts to opt-outs—with real accountability and even a $1M guarantee.

4. Stay Adaptive

Regulations evolve. Threats evolve faster. You need an MSP or vCISO who lives in this world so you don’t have to.

 

Don’t Confuse a Checkbox with a Security Strategy

Being compliant might keep you out of legal trouble. But it won’t keep you out of the headlines.

You need both. Not just because it’s smart—but because your business, your people, and your reputation are worth protecting.

As the One Step and ComplyAuto teams put it: “Let dealers do what they do best—sell and service cars. Let your IT team protect what makes that possible.”

Uncertainty is inevitable, but vulnerability isn’t. Don’t overpay for outdated security—take a closer look with One Step Secure IT and safeguard your dealership today.

Tune in to the One Step Beyond Cyber Podcast on:

BuzzSprouts | Spotify | Apple Podcast | Amazon Music | YouTube