TalkTalk CEO admits security threat was underestimated

TalkTalk CEO Dido Harding admitted that although the telecoms company thought it was taking security seriously before the cyber attack last November, it had underestimated what was needed.

The attack on the UK telecom firm cost the company over £60 million and 95,000 customers, with share prices plummeting from a 2015 peak of £4 to £1.90 by the year end. In total 195,000 customer details were compromised in the attack, though TalkTalk always claimed no banking details were lost.

TalkTalk had previously experienced spectacular growth since its de-merger from Carphone Warehouse in 2010 and had managed to capture over 4 million subscribers due to low tariffs, low cost offers and innovative deals. However, CEO Dido Harding has said that the start-up mentality was one of the contributing factors to the breach.

“It goes a lot deeper than security,” she says. “TalkTalk’s culture is one of a start-up . . . new services, desire to innovate, move fast. The company has fewer people focused on established systems. The business needs to mature in the way it operates. We are running a much bigger, established business.”

Indeed this was the finding of the consultancy PcW who Harding commissioned to check over Talk Talk’s security. “The PwC report does make sobering rendering [but] the vast majority of it is relevant to most organisations. Every leader in every business needs to take it seriously. We thought that we had taken security seriously. We were underestimating the challenge.”

Following on that theme, Baroness Harding said that she wanted to see legislation in place that would make all businesses disclose data breaches as only telecoms firms are required to do so at present.