TalkTalk CEO Dido Harding has admitted underestimating the challenge of ensuring the company’s cyber security was up-to-scratch, in light of the catastrophic data breach it suffered in 2015.

The security breach, in which 156,656 TalkTalk customers had their personal details accessed, cost the firm £60m.  It also led to 95,000 customers abandoning the company as a result of this IT security breech.   In the 2015 Ponemon study “Cost of Data Lost” lost business has potentially the most severe financial consequences for an organization. The cost increased from a total average cost of $1.33 million in 2014 to $1.57 million in 2015. This cost component includes the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a cyber security breach has contributed to the increase in lost business.

“We thought we had taken security seriously. We were underestimating the challenge,” Dido Harding told the Financial Times. Harding added that generally companies were not asking the right questions when it came to cyber security.

“The danger is we are asking the wrong question: are we safe? It’s a lazy question because the only really safe way is not being online. We tend to see security as a technology issue not a business one,” she said.

Not just large companies making the same mistake

According to the recently released Small Business Reputation and the Cyber Risk report released by the UK Government’s Cyber Streetwise campaign, SMEs are underestimating the impacts a cyber-attack could have on their operations.  The survey shows that 93% of the SMEs surveyed don’t consider how a cyber-attack could impact upon their reputation. Less than a third of small companies who reported that they haven’t suffered a security breach said that the potential harm caused by an attack is an ‘important’ consideration.

The Cyber Myth – It won’t happen to us…..

Half of small businesses (51%) surveyed think it’s unlikely or very unlikely that they’d be a target for an attack, which perhaps helps to explain why only a third feel ‘completely prepared’ for a cyber security breach (33%). What’s more, 68% of those small businesses surveyed who have never been a victim of a cyber breach think there is little to no risk of them becoming one.  89 % of the small businesses surveyed who have experienced a breach said it impacted on their reputation. Those who experienced a breach said the attack led to:

  • 31 % Brand damage
  • 30 % Loss of clients
  • 29 % Ability to win new business

What’s clear is that protecting business’ data not only helps secure reputation, but puts small businesses in a strong and competitive position to offer the service that customers now expect.

Companies failing to adequately protect their data from cyber breaches don’t just put a few documents at risk. Losing valuable data can have a lasting and devastating impact on a company’s finances, customer base, ability to grow – and ultimately its reputation.