Cyber security

Cyber
security

As an online marketplace, a primary
focus is on cyber security to maintain
customer trust and support our shift
to digital retailing.

To mitigate the risk of cyber crimes we continuously
monitor the availability and resilience of our platform
and systems, as well as investing in security
infrastructure to ensure they remain robust.

Trust is essential to our business. We prioritise the security of our services to protect our customers from cybercrime and frausd. As cyber attacks increase in volume and sophistication, they pose a significant and perpetual threat.

A successful breach could harm our reputation with customers and regulators and be costly in terms of fraud losses, regulatory sanctions or remediation activity.

NIST Cybersecurity
Framework

We use the NIST Cyber Security Framework (‘NIST CSF’)
to define, continuously improve, and effectively govern
our cyber security operations. This helps us to identify
areas for improvement and define target levels of maturity
across the framework, complementing our exisiting
business and cyber security operations.

NIST Cybersecurity Framework is a set of guidelines for
mitigating organizational cybersecurity risks, published
by the US National Institute of Standards and Technology
(NIST) If you would like to learn more about NIST,
then follow the link below.

NIST Cybersecurity Framework

Security policy

We have a rigorous data breach process in the unlikely
event one occurs. This includes reporting notifiable
breaches to the relevant regulatory authorities,
including the ICO and FCA, without undue delay and
within stipulated deadlines. Where required we take
corrective action as soon as possible.

Our data security practices

An overarching Cyber Security Programme outlining the cyber security scope including the roles and responsibilities of the leadership team, cyber security forum and employees.
A proactive awareness programme to educate all employees on cyber security risks.
A suite of essential resources and policies designed to safeguard our organisation, our customers’ and our employees’ information and assets. These policies cover acceptable use, asset management, access control, bring your own device, document sharing, use of generative AI, the Information Security Programme, key management and cryptography, network security, passwords, security incident management, server security, software development lifecycle and vulnerability management.
A dedicated security operations team to monitor, detect and respond to security incidents in line with our cyber security incident management procedures.
Enhanced data protection solutions have been implemented across consumer facing and internal systems, to guard against the increasing threat of ransomware.
All employee accounts are protected by multi-factor authentication (‘MFA’) regardless of device and location, providing enhanced authentication protection.
Major incident response simulations and business continuity tests carried out periodically.
System vulnerability and penetration testing carried out regularly by both external and internal resources, including: application vulnerability testing; penetration testing of our platform and infrastructure; and red team testing to ensure our processes for responding to a cyber incident are robust and fit for purpose.
All aspects of our applications are designed and deployed with security in mind so that Auto Trader can deliver a secure and trusted platform for our customers.

Also in this section

Data protection

Data is at the heart of everything we do and data compliance and protection are crucial.

A trusted marketplace

Auto Trader aims to offer a marketplace that is relevant, reliable and fair. We ensure that advertisements shown are accurate and genuine, which is important for both our consumers and customers.

Compliance

To ensure that high standards are embedded across the business and form part of our culture, we have compliance frameworks in place, consisting of policies, processes, guidance and training focused on a number of core compliance topics.