Cybercrime in the automotive finance sector is no longer confined to major players. As AI enhances attack capabilities, Zuto, a UK-based provider of motor finance software and technology, calls for better workforce awareness, greater collaboration with partners and a focus on human-led prevention strategies.
Last year, IBM ranked finance and insurance as the second-most targeted industry by cyber criminals. Along with the fallout in 2024 from major cyberattacks on Arnold Clark and Toyota, this reiterates the need for automotive and associated finance businesses to keep security high on the agenda. But could we be doing more collaboratively to strengthen defences across the industry?
Go deeper with GlobalData
High-profile attacks highlight the damage that cybercrime can cause to a business’s profits, reputation and customer trust. They also demonstrate that even established organisations, that invest heavily in security, can be vulnerable.
But it’s important to note that it’s not just big organisations that are being targeted. The majority of attempts are launched indiscriminately: an owner-managed, back-street garage is of equal interest to hacking bots as a national finance provider or global manufacturer. They are simply looking for weaknesses that can be exploited.
As well as gaps in your IT security, weaknesses can also be found through other businesses that you interact with – your partners and suppliers, for example – and, more often than not, through the human workforce.
AI: the good and the bad
The latest Global Cybersecurity Outlook from the World Economic Forum warns of increasingly sophisticated attacks in 2025, largely powered by AI.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataAI is making it easier to launch high volumes of attacks, and harder to detect fake customer communication. It’s providing the bedroom hacker with the tools to become an army, conducting recces on multiple targets. It can translate messages effortlessly and tidy up grammar and spelling, so that communication used in phishing appears, ironically, more believably human.
Thankfully, AI is also powering tools that help protect against attacks and businesses are deploying AI to assist in their defence efforts. For example, it can spot unusual network activity, or phishing messages supposedly sent by a customer or partner organisation.
With a 24/7 safety net providing continuous monitoring, anomaly detection and automated response, an AI tool can also take immediate action to prevent further compromise, reducing the need for human intervention.
Most businesses in the motor finance sector are investing in their teams and technology to protect their systems and data from cyber criminals. All car finance technology and software companies worth their salt are investing in this area with specialist hires in cybersecurity and financial crime.
Bolster the human firewall
No matter how much you spend on sophisticated security tools, however, the truth is that the greatest weakness in any business is its people. 80% of breaches start with employees metaphorically leaving the back door open.
The good news is that these are issues that can be addressed and don’t require a huge investment. A recommended place to start is to gain Cyber Essentials certification – a simple and cost-effective UK government-backed scheme that any organisation can and should implement. A critical component of this focuses on bolstering your people-powered defence.
This includes providing regular, bite-sized security awareness training for all employees, which should cover understanding a good password strategy with complex passwords that differ for each application, and knowing how to spot a phishing attempt. Establishing processes that ensure important requests, such as payment or contact details, go through robust verification steps can significantly reduce the risk of falling victim to malicious activity. And they should not be one-off training sessions – cybercrime methods evolve quickly, and employees will need to be reminded of best practices.
When it comes to the wider partner and supplier network that motor finance companies often operate within, there has to be a collaborative approach. Vulnerabilities in a provider, such as payroll or HR systems, can provide a way in. Regularly sharing knowledge throughout the network, such as new intel on attacks to look out for, ‘best practice’ and patch updates, helps to keep awareness high and security front of mind.
The nature of cyberattacks in 2025 is sophisticated but indiscriminate – any business is a target, no matter what it does or how small it might be. Protection requires ongoing attention to the risks, both internally and throughout a company’s ecosystem. We’re in it together, let’s remind each other to lock the back door.
Gary Higham is the Chief Technology Officer of Zuto
