PYMNTS-MonitorEdge-May-2024

June Auto Sales Reporting Thrown off by CDK Cyberattack

Online Auto Industry Shakes up as Consumers Shun eCommerce

As automotive retailers bounce back from the cyberattack on leading tech provider CDK Global, their financial results are murky for the period impacted by the incident, prompting challenge maintaining investor confidence.

Automotive services and technology company Cox Automotive highlighted the impact of the hack, which impacted dealer management systems (DMSs) for about two weeks, on reporting.

“We have observed sales and inventory reporting disruptions due to the CDK outage, but we anticipate these trends will recover in the coming weeks,” Scott Vanner, senior analyst of economic and industry insights at Cox Automotive, said in a statement. “While reporting was more disrupted than actual sales, we estimate a decline in used retail sales for June compared to May. However, much like a weather event, we believe any lost sales in June will be recovered in July.”

Additionally, Cox Automotive also noted a decline in new light-vehicle sales due to the DMS outage and uncertainty in reporting for the first half of 2024 for the same reason.  As Reuters reports, the event has led many dealers to return to pen-and-paper tracking, which not only creates more labor but also can be more prone to error. One dealership owner in Michigan told the outlet that the CDK attack has not had a negative impact on sales but has made it harder to handle existing sales.

Evidently, the attack has impaired dealers’ ability to accurately report sales figures, raising concerns about the broader implications for the automotive retail sector. The financial implications of the attack are multifaceted. The immediate impact on sales reporting can distort financial results for the quarter, affecting everything from revenue projections to investor confidence.

“Certain ancillary systems and integrations, such as those that help automate ordering, scheduling, payment, and reporting processes, remain unavailable or limited, and efforts remain ongoing to restore these,” dealership giant AutoNation said on Monday (July 15) in a Securities and Exchange Commission (SEC) filing.

The CDK cyberattack has also highlighted broader concerns about cybersecurity in the automotive industry. As dealerships and manufacturers increasingly rely on digital solutions for everything from sales to vehicle maintenance, the risk of cyber threats becomes more pronounced. In addition, dealerships might face increased scrutiny from their customers, who are becoming more aware of the risks associated with data breaches.

There are a handful of automotive retail earnings reports coming up. AutoNation will report its Q2 earnings, which will include the beginning of the cyberattack period, on July 31. Penske Automotive Group, which relies on CDK’s software in its Premier Truck Group business, per an SEC filing, is also expected to report later this month, and Asbury Automotive Group, which was also impacted by the incident, is similarly expected to report in coming weeks. As these companies discuss their financial results, the effect of the cyberattack on automotive retail will come into clearer focus.

Ultimately, the industry’s response to this incident will serve as a litmus test going forward for its ability to navigate and mitigate cyber risks in an increasingly digital landscape.

PYMNTS-MonitorEdge-May-2024