[BreachExchange] How a relatively minor cyber attack cost TalkTalk £42m

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 12 20:17:59 EDT 2016


http://www.managementtoday.co.uk/news/1394702/how-relatively-minor-cyber-attack-cost-talktalk-42m/

The cyber attackers that allegedly hacked TalkTalk last year didn’t steal
anything particularly valuable. Less than 4% of its customers had their
sensitive details accessed, but the reputational and cleanup costs for the
telecoms company have been massive.

Today in its final results TalkTalk said the total cost of the attack was
£42m, which resulted in a halving of its pre-tax profits to just £14m. And
that's before you include the cost of lost revenues. How can an attack that
steals almost nothing cost a company so dearly?

Well, for a start it had to ramp up spending on dealing with customers.
It’s not hard to imagine the phones in TalkTalk’s call centres were ringing
non-stop as panicky people, worried their life savings were about to fall
into the wrong hands, called up to demand more information. It had to hire
additional ‘call centre agents’ as a result. The figure also reflects
increased marketing and communications costs – TalkTalk’s PR consultants
likely had a busy end to their year.

Then there was the cost of actually sorting out its website’s security.
Having been caught with its pants down you can be sure TalkTalk doesn’t
want something like this to happen again. Consequently TalkTalk says part
of the £42m was spent on ‘the costs of restoring our online capability with
enhanced security features.’

The company also had to open its wallet to retain customers. In November,
to 'thank customers for their continued understanding', it offered existing
subscribers free upgrades, including TV packages, mobile SIM cards and free
landline calls, and a package of new security features. That can’t have
been cheap but it was probably worth it. Although the company lost around
100,000 subscribers in the three months to December, its so-called ‘churn
rate’, a measure of how many customers are leaving, hit a record low in the
first three months of this year.

TalkTalk says that ‘illustrates the speed with which customer sentiment
towards TalkTalk has recovered,’ but it could be that many of those
customers who were already drifting towards the exit door were given an
immediate reason to switch provider in October – meaning there were fewer
people looking to leave in the following quarter.

Still, it seems like TalkTalk had a lucky escape, all things considered.
Shareholders may miss the £42m but the company’s revenues were actually up
2.4% over the full year to £1.84bn and it says it is expecting a 'robust'
performance this year. Nonetheless this serves as a cautionary tale. If a
greater proportion of customers’ financial details had been nicked then the
situation could be looking much worse.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160512/24b81628/attachment.html>


More information about the BreachExchange mailing list