TalkTalk has experienced profit losses of nearly fifty percent over the past year, due in part to the steep cost of several data breaches they experienced in just one years’ time.
TalkTalk claims for FY16, pre-tax profits stand at roughly £14m; a significant decrease from £32m back in 2015. This is due in part to the firms 42m bill associated with covering incident response, external consulting, and increasing call volumes during the October 2015 breach, exposing four percent of its customers' data after a simple SQLi attack.
Even worse, TalkTalk claims that customer churn in FY16 is the lowest is has ever been, which could be because of the UK ISP’s stance on customers wanting to leave after the breach in October. In order for customers to leave their agreement with TalkTalk without paying a pricey leaving fee, customers were required to prove that money had been stolen from their bank accounts because of the incident. Needless to say, this bullish stance was not seen favorably among TalkTalk customers.
This nightmare should be seen as an unsettling wake-up call for organizations that are currently not taking cyber security as seriously as they should. Instead of thinking, “So glad that wasn’t us”, let’s begin thinking, “Wow, what if that was us? Would we be prepared to deal with this? Are we as prepared as possible for an intruder to hack into our systems?” By taking a proactive approach to information security,
NNT’s CTO- Mark Kedgley, claims, “Having a proactive attitude towards cyber defense is a proven asset in identifying before significant and lasting damage occurs. Little wonder that this is precisely what the underwriters want to see too- evidence of compliance with security best practices: manage vulnerabilities and maintain system integrity through change control.
All organization regardless of size need to understand the severe consequences associated with suffering from a cyber-attack. The financial losses and diminishing customer base coupled with reputational damage is a difficult hole to dig your organization out of, and in doing so, be prepared to spend millions of dollars along the way. A stringent set of cyber security controls in order to harden the data system would act as both a deterrent to attacks and protection to valuable systems and information.