Attempts to breach our systems pose
a significant and perpetual threat.
Having an effective cyber security risk
and governance framework help to
significantly reduce the impact of
To mitigate the risk of cyber crimes we continuously
monitor the availability and resilience of our platform
and systems, as well as investing in security
infrastructure to ensure they remain robust.
Attempts to breach our systems and access our data pose a significant and perpetual threat. Threats are increased given our digital presence and changes in ways of working. Therefore, our cyber security preparedness must continue to evolve to address the ever-changing environment.
A successful breach could lead to significant impairment of our reputation with customers and regulators and could be costly in terms of fraud losses, regulatory sanction or remediation activity. Whilst cyber security risks cannot be fully mitigated, an effective cyber security risk and governance framework help to significantly reduce the impact of such events.
We have adopted the NIST Cybersecurity Framework (‘NIST
CSF’) to help us understand and define our existing policies,
processes, and technical measures in place with the aim to
better govern our cyber security position. It enables us to
identify areas of improvement and focus our efforts by
agreeing and setting a target state, with the understanding
that the NIST CSF is designed to complement and enhance
existing business and cyber security operations.
The goal of introducing a cyber security framework into Auto
Trader is to provide a commonly understood structure,
reduce our exposure to cyberattacks, and identify the areas
most at risk for data breaches and other compromising
activity perpetrated by cyber criminals.
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) If you would like to learn more about NIST, then follow the link below.
We have a rigorous data breach process in the unlikely
event one occurs. This includes reporting notifiable
breaches to the relevant regulatory authorities,
including the ICO and FCA, without undue delay and
within stipulated deadlines. Where required we take
corrective action as soon as possible.
Our data security practices
Data, including personal data, is at the heart of everything we do and for that reason we take the protection of it very seriously.Read More
A trusted marketplace
As a leading online marketplace, we strive to provide a marketplace that is relevant, reliable and fair.Read More
To ensure that high standards are embedded across the business and form part of our culture, we have compliance frameworks in place, consisting of policies, processes, guidance and training focused on a number of core compliance topics.Read More