The cyber attackers that allegedly hacked TalkTalk last year didn’t steal anything particularly valuable. Less than 4% of its customers had their sensitive details accessed, but the reputational and cleanup costs for the telecoms company have been massive.
Today in its final results TalkTalk said the total cost of the attack was £42m, which resulted in a halving of its pre-tax profits to just £14m. And that's before you include the cost of lost revenues. How can an attack that steals almost nothing cost a company so dearly?
Well, for a start it had to ramp up spending on dealing with customers. It’s not hard to imagine the phones in TalkTalk’s call centres were ringing non-stop as panicky people, worried their life savings were about to fall into the wrong hands, called up to demand more information. It had to hire additional ‘call centre agents’ as a result. The figure also reflects increased marketing and communications costs – TalkTalk’s PR consultants likely had a busy end to their year.
Then there was the cost of actually sorting out its website’s security. Having been caught with its pants down you can be sure TalkTalk doesn’t want something like this to happen again. Consequently TalkTalk says part of the £42m was spent on ‘the costs of restoring our online capability with enhanced security features.’
The company also had to open its wallet to retain customers. In November, to 'thank customers for their continued understanding', it offered existing subscribers free upgrades, including TV packages, mobile SIM cards and free landline calls, and a package of new security features. That can’t have been cheap but it was probably worth it. Although the company lost around 100,000 subscribers in the three months to December, its so-called ‘churn rate’, a measure of how many customers are leaving, hit a record low in the first three months of this year.
TalkTalk says that ‘illustrates the speed with which customer sentiment towards TalkTalk has recovered,’ but it could be that many of those customers who were already drifting towards the exit door were given an immediate reason to switch provider in October – meaning there were fewer people looking to leave in the following quarter.
Still, it seems like TalkTalk had a lucky escape, all things considered. Shareholders may miss the £42m but the company’s revenues were actually up 2.4% over the full year to £1.84bn and it says it is expecting a 'robust' performance this year. Nonetheless this serves as a cautionary tale. If a greater proportion of customers’ financial details had been nicked then the situation could be looking much worse.