We have set our optional cookies. By clicking any link on this page you are giving your consent for us to do this. Turn cookies off Read about our cookies
NewsroomCareersContact Us

Fraud and Risk Focus Blog

“Cyber security is really a business issue not a technology issue.”

8 June 2016

Last October’s cyber attack was a challenging time for TalkTalk and our customers, but seven months later we are a better, stronger business as a result. It was a big decision for the company to be as open with our customers as we were. At the time we firmly believed it was the right thing to do, and our customers have since rewarded us for it with higher brand loyalty and consideration scores than ever before.

Cybercrime is not a problem unique to TalkTalk and we have been determined to share what we learnt from our own experience with other businesses, consumers and policy makers.  Before October, like many other companies, we genuinely thought that we took cyber security seriously. We had increased our spending on cyber defences year on year and it was discussed at every board meeting. Ultimately though, we underestimated the true scale of the challenge and, going by the exponential rise in cybercrime across the UK, we’re far from the only ones to have done so.

One of the key learnings for us has been that cyber security is really a business issue not a technology issue. There is always more data, in more places, than you would want. And as a complex, technical area, it’s more likely to be dealt within a silo by tech or IT departments, than properly understood and mitigated across the whole company. We’ve made a comprehensive effort since last year to truly embed security in everything we do.

Another major lesson for us is the realisation that we were asking the wrong question of our tech team. “Are we safe?” is, ultimately, a meaningless question: the only way to be 100% cyber safe is to stop doing business online. Instead, we now ask “What risks are we taking?” This allows us to truly understand the nature of the external threats we face – and take action to protect ourselves and our customers.

Ultimately, if we’re going to tackle the problem effectively, we need to start having an honest, transparent discussion about cybercrime, sharing information and best practice and working together across industries. Being open with customers is not without consequences, but our experience has shown that it pays dividends over time. It also means we can now play an active part in helping confront the cybercrime threat. What happened to TalkTalk should be a wake-up call to every other organisation which believes it cannot, or will not, happen to them. The likelihood is it already has.

Share:
Posted by: Jessica Lennard

Jessica is ‎Director of Corporate Affairs and Regulation at TalkTalk.

Tag cloud

PREVIOUS POSTNEXT POST

Expert blog series: Association of Public Authority Deputies

9 June 2016

In the third of our expert blog series on industry and vulnerable people, Martyn Harris talks about how industry can better engage with those looking after vulnerable adults.

CONTINUE READING

Expert blog series: Age UK

26 May 2016

In the second of our expert blog series on industry and vulnerable people, Angela Kitching, Head of Public Affairs at Age UK, talks about how fraudsters use time pressure to scam.

CONTINUE READING
Back to blog home >
Posted by: Jessica Lennard

Jessica is ‎Director of Corporate Affairs and Regulation at TalkTalk.

Tag cloud

Categories