TalkTalk CEO Dido Harding says investigation into £60m data breach showed its security needs to be less like a startup
TalkTalk CEO Dido Harding has admitted it “underestimated” the challenge of protecting its business and customers from cybersecurity threats TalkTalk last year, which affected 1.2 million subscribers.
Speaking to the Financial Times, Harding said an investigation by PwC had shown TalkTalk has been acting like a startup rather than a major company and that hack could be a “positive thing” if it stimulates change.
“The PwC report does make sobering rendering [but] the vast majority of it is relevant to most organisations,” she told the newspaper. “Every leader in every business needs to take it seriously. We thought that we had taken security seriously. We were underestimating the challenge.
TalkTalk data breach
“The danger is we are asking the wrong question: are we safe? It’s a lazy question because the only really safe way is not being online. We tend to see security as a technology issue not a business one.”
The scale of the assault was less than originally feared, but 1.2 million email addresses, names and phone numbers were stolen, as were 21,000 account numbers and sort codes and 28,000 partial card details. However, TalkTalk is adamant that the data stolen is not sufficient for the attackers to steal money.
TalkTalk admitted the cyber attack cost it £60 million in terms of lost revenue and exceptional costs, and confirmed 101,000 customers left the company during the most recent quarter.
The company’s security measures were criticised in the aftermath of the breach and Harding’s own position came under scrutiny. However she had the backing of the board and says customers were informed as soon as possible.
“Being open and honest from day one is one of the best things we have done. TalkTalk was not a highly trusted brand before the cyber attack but customers now say that we looked after them in difficult circumstances,” she added. “Being honest pays dividends. My fellow CEOs are in danger of concluding the opposite. Don’t take it into the dark.”
Harding is convinced the worst is over and TalkTalk’s attention is now firmly focused on the ongoing review of the UK communications market by regulator Ofcom. The company has continually called for Ofcom to separate Openreach from BT and says there is no concession its rival can offer would be able to resolve the regulator’s concern that BT exerts too much influence.
“We’ll wait and see what Ofcom comes up with. It’s clear to us that structural separation is a cleaner and more effective solution,” Andrew Heaney, executive director for strategy and regulation at TalkTalk said last week. “There’s one particular irreconcilable difference [with functional separation]: Ofcom is concerned BT has an undue influence over Openreach investment programmes.”