Cyber
security
We are committed to the security of
our services and protecting our customers
from cybercrime and fraud. Attempts to
breach our systems to access our data
and the threat of an unauthorised malicious
attack on our systems pose a significant
and perpetual threat.
To mitigate the risk of cyber crimes we continuously
monitor the availability and resilience of our platform
and systems, as well as investing in security
infrastructure to ensure they remain robust.
Attempts to breach our systems to access our data and the threat of an unauthorised malicious attack on our systems pose a significant and perpetual threat. The volume and sophistication of cyber attacks has continued to evolve and increase, and changes in ways of working have created more opportunities for cyber criminals.
A successful breach could lead to significant impairment of our reputation with customers and regulators and could be costly in terms of fraud losses, regulatory sanction or remediation activity. Whilst cyber security risks cannot be fully mitigated, an effective cyber security risk and governance framework help to significantly reduce the impact of such events.
NIST Cybersecurity
Framework
We have adopted the NIST Cybersecurity Framework (‘NIST
CSF’) to help us understand and define our existing policies,
processes, and technical measures in place with the aim to
better govern our cyber security position. It enables us to
identify areas of improvement and focus our efforts by
agreeing and setting a target state, with the understanding
that the NIST CSF is designed to complement and enhance
existing business and cyber security operations.
The goal of introducing a cyber security framework into Auto
Trader is to provide a commonly understood structure,
reduce our exposure to cyberattacks, and identify the areas
most at risk for data breaches and other compromising
activity perpetrated by cyber criminals.
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) If you would like to learn more about NIST, then follow the link below.
Security policy
We have a rigorous data breach process in the unlikely
event one occurs. This includes reporting notifiable
breaches to the relevant regulatory authorities,
including the ICO and FCA, without undue delay and
within stipulated deadlines. Where required we take
corrective action as soon as possible.
Our data security practices
A proactive awareness programme to educate all employees on cyber security risks.
A dedicated security operations team to monitor, detect and respond to security incidents in line with our cyber security incident management procedures.
Enhanced data protection solutions have been implemented across consumer facing and internal systems, to guard against the increasing threat of ransomware.
All employee accounts are protected by multi-factor authentication (‘MFA’) regardless of device and location, providing enhanced authentication protection.
Major incident response simulations and business continuity tests are carried out periodically.
System vulnerability and penetration testing is carried out regularly by both external and internal resources, including: application vulnerability testing; penetration testing of our platform and infrastructure; and Red team testing to ensure our processes for responding to a cyber incident are robust and fit for purpose.
All aspects of our applications are designed and deployed with security in mind so that Auto Trader can deliver a secure and trusted platform for our customers.
Data protection
Data is at the heart of everything we do and data compliance and protection is of critical importance to Auto Trader.
Read MoreA trusted platform
As a leading online platform, we strive to provide a platform that is relevant, reliable and fair.
Read MoreCompliance
To ensure that high standards are embedded across the business and form part of our culture, we have compliance frameworks in place, consisting of policies, processes, guidance and training focused on a number of core compliance topics.
Read MoreSign up to our email alerts service:
Join our news & views mailing list
or submit media-related enquiries: