An independent cybersecurity review across many of Pennsylvania’s largest auto dealerships reveals a wide range of results. Dealerships hold customers’ finance and credit data, yet many show significant vulnerabilities.
Using data from audit.emailmenow.com, we evaluated each dealership’s domain across SPF, DKIM, DMARC, transport security (MTA-STS/TLS), and website security headers.
Cybersecurity Scores of Major Pennsylvania Auto Dealerships
Overall compliance scores from audit.emailmenow.com. Re-run any domain at the link to verify.
| Rank | Dealership Group | Domain | Overall Score | Performance Level |
|---|---|---|---|---|
| 1 | Ciocca Dealerships | cioccadealerships.com | 64% | Good |
| 2 | Fred Beans Family of Dealerships | fredbeans.com | 62% | Above Average |
| 3 | Apple Automotive Group | appleautos.com | 54% | Average |
| 3 | Bobby Rahal Automotive Group | bobbyrahal.com | 54% | Average |
| 5 | Diehl Automotive | diehlautomotive.com | 48% | Below Average |
| 5 | Smail Auto Group | smail.com | 48% | Below Average |
| 5 | Kenny Ross Auto Group | kennyross.com | 48% | Below Average |
| 8 | Faulkner Automotive Group | thefaulknergroup.com | 44% | Weak |
| 9 | John Kennedy Dealerships | johnkennedy.com | 38% | Weakest |
| 10 | Wright Automotive Group | wrightautomotive.com | 34% | Weakest |
| 11 | Rohrich Auto Group | rohrichauto.com | 30% | Weakest |
What the Results Reveal
- Scores range from 64% (Ciocca) down to 30% — Ciocca and Fred Beans lead, but no Pennsylvania dealer group reaches a strong (70%+) posture.
- Most of the field sits below 55%, leaving customer finance and lender communications under-protected.
- Weak email authentication makes it easier for attackers to impersonate the dealership and intercept customer or lender communications.
Why This Matters for Auto Dealerships
Auto dealers are classified as financial institutions under the FTC Safeguards Rule (16 CFR Part 314) and must maintain a documented information security program. Weak email authentication exposes dealers to BEC and wire fraud around vehicle deposits and floor-plan payments.
Check any dealership’s posture at audit.emailmenow.com/?industry=auto-dealers.
See also — national audit
Recommendations
- Enforce DMARC (
p=reject), strict SPF (-all), and DKIM signing. - Add MTA-STS and website security headers.
- Maintain a written information security program and security awareness training for sales and F&I staff.
Protect your dealership and your customers. Run a free Instant Cybersecurity Audit at audit.emailmenow.com/?industry=auto-dealers.
Contact EmailMeNow IT Consulting for help with email security hardening and a documented information security program.
Source & methodology: Overall compliance scores from the free scan at audit.emailmenow.com — each domain checked for email authentication (SPF, DKIM, DMARC), transport security (MTA-STS/TLS), website security headers, and network security. Re-run any domain at the link to verify.