Village Auto Group: Cybersecurity Risk Assessment

Village Auto Group
Robert Katz, General Manager
"Wipfli's team was highly professional and knew exactly what was needed. Our dealership can certainly sleep better at night knowing we've taken every step necessary to protect our information."

Village Auto Group serves the Twin Cities area and beyond and includes Lexus of Wayzata, Village Chevrolet, and Lexus of Maplewood. The group was one of the original charter dealerships for Lexus in the United States in 1989. Village Auto has experienced tremendous growth since its inception and today proudly employs over 400 people.


With the numerous high-profile cybersecurity breaches in the headlines, and after viewing an industry update on the growing vulnerability of dealerships, Village Auto’s leadership team sought a cybersecurity risk assessment. Like most, the company operates with a single, dedicated IT employee and therefore turned to Wipfli to help it identify possible enhancements, with the ultimate goal of receiving insights and reassurances.


Wipfli’s cybersecurity professionals launched a foundational risk assessment and set to work identifying gaps, weaknesses, and vulnerabilities. During the engagement, Wipfli:

  • Performed an information security risk assessment. Wipfli analyzed threats and likelihood and impact of risks to the dealership’s assets and evaluated existing administrative, technical, and physical controls in place to mitigate risks.
  • Performed a perimeter vulnerability assessment. Wipfli externally probed the dealership’s network, looking for common weaknesses an attacker could exploit, including missing patches or weak configurations, for example.
  • Performed an internal vulnerability assessment and configuration review. Similar to the external assessment, Wipfli not only evaluated the dealership’s internal systems, applications, and networks, but also assessed the physical environment, policies, and practices.

Following the assessment, Wipfli provided the dealership with a priority-focused report showing which risks were the most threatening, along with recommendations for addressing vulnerabilities and reinforcing its IT management processes.


Village Auto gained a strong understanding of its cybersecurity posture. It received confirmation on those security measures which were working well and valuable insights regarding the vulnerabilities it faced. With a priority list from Wipfli, the dealership was able to promptly address the gaps, shore up the weaknesses, and limit its exposure.

By doing so, Village Auto Group gained greater confidence in its security management practices and also qualified for reductions in its business insurance premiums.

Relationship Executive(s)

Paul J. Johnson, CPA, Partner

Robert McKay, CPA, MBT, Partner