Cyber security

Cyber
security

Attempts to breach our systems pose
a significant and perpetual threat.
Having an effective cyber security risk
and governance framework help to
significantly reduce the impact of
such events.

To mitigate the risk of cyber crimes we continuously
monitor the availability and resilience of our platform
and systems, as well as investing in security
infrastructure to ensure they remain robust.

Attempts to breach our systems and access our data pose a significant and perpetual threat. Threats are increased given our digital presence and changes in ways of working. Therefore, our cyber security preparedness must continue to evolve to address the ever-changing environment.

A successful breach could lead to significant impairment of our reputation with customers and regulators and could be costly in terms of fraud losses, regulatory sanction or remediation activity. Whilst cyber security risks cannot be fully mitigated, an effective cyber security risk and governance framework help to significantly reduce the impact of such events.

NIST Cybersecurity
Framework

We have adopted the NIST Cybersecurity Framework (‘NIST
CSF’) to help us understand and define our existing policies,
processes, and technical measures in place with the aim to
better govern our cyber security position. It enables us to
identify areas of improvement and focus our efforts by
agreeing and setting a target state, with the understanding
that the NIST CSF is designed to complement and enhance
existing business and cyber security operations.

The goal of introducing a cyber security framework into Auto
Trader is to provide a commonly understood structure,
reduce our exposure to cyberattacks, and identify the areas
most at risk for data breaches and other compromising
activity perpetrated by cyber criminals.

NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) If you would like to learn more about NIST, then follow the link below.

NIST Cybersecurity Framework

Security policy

We have a rigorous data breach process in the unlikely
event one occurs. This includes reporting notifiable
breaches to the relevant regulatory authorities,
including the ICO and FCA, without undue delay and
within stipulated deadlines. Where required we take
corrective action as soon as possible.

Our data security practices

A proactive awareness programme to educate all employees on cyber security risks.
A dedicated security operations team to detect and respond to security incidents in line with our cyber security incident management procedures.
Enhanced backup solutions have been implemented across consumer facing and internal systems, to guard against the increasing threat of ransomware.
All employee accounts are protected by multi-factor authentication (‘MFA’) regardless of device and location, providing enhanced authentication protection.
Major incident response simulations and business continuity tests are carried out periodically.
System vulnerability and penetration testing is carried out regularly by both external and internal resources, including: application vulnerability testing; penetration testing of our platform and infrastructure; and Red team testing to ensure our processes for responding to a cyber incident are robust and fit for purpose.
All aspects of our applications are designed and deployed with security in mind so that Auto Trader can deliver a secure and trusted platform for our customers.

Also in this section

Data protection

Data, including personal data, is at the heart of everything we do and for that reason we take the protection of it very seriously.

A trusted marketplace

As a leading online marketplace, we strive to provide a marketplace that is relevant, reliable and fair.

Compliance

To ensure that high standards are embedded across the business and form part of our culture, we have compliance frameworks in place, consisting of policies, processes, guidance and training focused on a number of core compliance topics.