“Cyber security is really a business issue not a technology issue.”

Last October’s cyber attack was a challenging time for TalkTalk and our customers, but seven months later we are a better, stronger business as a result. It was a big decision for the company to be as open with our customers as we were. At the time we firmly believed it was the right thing to do, and our customers have since rewarded us for it with higher brand loyalty and consideration scores than ever before.

Cybercrime is not a problem unique to TalkTalk and we have been determined to share what we learnt from our own experience with other businesses, consumers and policy makers.  Before October, like many other companies, we genuinely thought that we took cyber security seriously. We had increased our spending on cyber defences year on year and it was discussed at every board meeting. Ultimately though, we underestimated the true scale of the challenge and, going by the exponential rise in cybercrime across the UK, we’re far from the only ones to have done so.

One of the key learnings for us has been that cyber security is really a business issue not a technology issue. There is always more data, in more places, than you would want. And as a complex, technical area, it’s more likely to be dealt within a silo by tech or IT departments, than properly understood and mitigated across the whole company. We’ve made a comprehensive effort since last year to truly embed security in everything we do.

Another major lesson for us is the realisation that we were asking the wrong question of our tech team. “Are we safe?” is, ultimately, a meaningless question: the only way to be 100% cyber safe is to stop doing business online. Instead, we now ask “What risks are we taking?” This allows us to truly understand the nature of the external threats we face – and take action to protect ourselves and our customers.

Ultimately, if we’re going to tackle the problem effectively, we need to start having an honest, transparent discussion about cybercrime, sharing information and best practice and working together across industries. Being open with customers is not without consequences, but our experience has shown that it pays dividends over time. It also means we can now play an active part in helping confront the cybercrime threat. What happened to TalkTalk should be a wake-up call to every other organisation which believes it cannot, or will not, happen to them. The likelihood is it already has.