IGA News

Cyber risks in the automotive sector

Cyber risks in the automotive sector

31 July 2020

46% of businesses have suffered a cyber-security breach in the last 12 months (1). Think about that for a moment, 46% of all businesses.

Gone are the days of relatively easy to spot phishing emails from an overseas prince who urgently needs your bank details to deposit millions of pounds much of which you can keep… hackers are now very advanced employing algorithms and Artificial Intelligence, the cost of their crime is on the increase and is expected to rise considerably in 2020 especially with the COVID-19 crisis and more people working from home on unprotected networks and unprotected hardware.

Cyber-Crime… It sounds very Star Wars, very futuristic, “surely it can’t apply to me, I am an MOT station or a Service and Repair garage - hackers wouldn’t target me, why would they”?

This is often the response we receive when speaking to customers and prospects about the ever growing problem of cyber-crime, and my response is simple, “yes they would, you are a business, you use computers to hold customer data, so you are a target”. Attacks are often random and there is one agenda, to take your money. There are a number of areas where your business IS at risk from cyber criminals; I have briefly outlined some below, but please do contact me if you require further more detailed information.

Theft of data

Think about the volume of data you may hold on your computer for your customers (i.e. names, addresses, vehicle registrations, bank and payment information etc.). How would it affect your business if some or all of this data was stolen?

Well first of all you could face a fine from the Information Commissioner’s Office for failure to protect customer data, this can be up to €20m or 4% (2) of your global turnover, and how would that affect you?

But also it is worth considering the reputational damage, if word gets round that you have lost customer’s information this could seriously affect your repeat and future business. If you have a decent cyber insurance policy it should include emergency responders who are available 24 hours per day, 365 days per year, and will include Lawyers, IT Forensic technicians, PR experts, accountants and other critical professions. They will be there to hand hold your business through the critical stages of the event, and help you to minimise any reputational damage.

Digital theft of money

If you pay or receive money through payment transfers you are at risk even if you haven’t been hacked! Imagine one of your suppliers has been hacked and you receive an email from them (same email address) amending their bank details and you then arrange payment to this account. Then 2 or 3 months later your supplier contacts you to find out why you are not paying your account, only then discover that you have been paying money into the hacker account rather than your suppliers.

During lockdown, hackers were aware many people were working from home and also aware lots of businesses were chasing outstanding invoices to ensure their cash flow during the crisis. People working from home do not have the support structure of their workplace and so many invoices were paid to hackers by mistake.


You turn up to work on Monday morning, and find that all of your computers’ systems are frozen. You can’t access anything and all that can be seen is a message advising “you have been hacked, your systems and data is frozen and unless you pay £10,000 everything will be deleted in 24 hours”.

What would you do?

If you have a cyber-policy you could call your Emergency Responders who would help you deal with it, either by restoring your systems if possible or as a last resort paying the ransom on your behalf. Hackers don’t have a set amount they may ask for. It could be £500 or it could be £100,000, it’s simply the luck of the draw.

You may have seen the recent article in Car Dealer Magazine, confirming 1 in 6 ransoms are paid (3). Do you have a fund set aside?

There are far too many scams to list but they include social engineering, telephone scams, text scams, ransoms, digital theft of money, the list goes on and it’s increasing all the time.

Remember you can spend limitless amounts of money on cyber protection. I am sure that huge companies that have been hacked spend vast amounts to protect their systems. However regardless of how much you spend, you can never get rid of human error, innocently clicking on the wrong link and the next thing you know you have been hacked.

A cyber policy can be competitively priced and may cost less than you but it could end up saving you thousands in fines, lost business and protect your reputation.

Would you like talk?

For more information please get in touch.

Neil Follett, Automotive Schemes and Affinities Director, Gallagher

Call 07584 582760 or email Neil_follett@ajg.com


Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 7th Floor, 55 Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909.

This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as 29/07/2020, but you will recognise that matters concerning COVID-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/or specialist advice. Our advice to our clients is as an insurance broker and is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document. No third party to whom this is passed can rely on it. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Gallagher.

(1) https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

(2) https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-law-enforcement-processing/penalties/

(3) https://cardealermagazine.co.uk/publish/june-22-round-spike-car-crashes-pub-reopening-plans-firms-pay-hackers-tui-holidays-back/196026