The TalkTalk saga continues to rumble on. It’s been a massive headline grabber at the front end of the technology news space this week. But what makes the story interesting is not how it’s developed over the course of the last five days, but the fact that it has quickly become very different to any other cyber-attack story reported in the UK to date.
First of all it’s worth offering a ‘chapeau’ to TalkTalk’s PR machine. This was (and still is) a nightmare situation for any company. But it’s been handled very well indeed. Act quickly – check; roll out the CEO and make sure he/she fronts the issue – check; stay on message and disclose everything you can to start to build back trust – check. Sensible stuff all round. Unfortunately it didn’t work and the brand is largely in the toilet at the moment but on paper, at least, it was textbook.
There seems to have been something about this story that has changed perceptions up and down the country? Why?
Well at a boardroom level this is about the fact it was Dido Harding, CEO, that had to bear the brunt of the media’s questions, and the public’s concern. Quite right you may say, but how many CEOs of large listed UK business, who have previously seen security as an IT issue were breaking out into cold sweats when they heard Harding stumble over questions about encryption and technology on the Today programme? How many of them are now swotting up on what DDoS actually stands for? The reality is starting to hit home. If you get breached, you’re going to have to explain yourself. That changes things in the boardroom dramatically.
At the consumer level, it’s the age of the criminal suspects that’s been the biggest eye opener. Across the UK mothers and fathers are reading the news and looking upwards and their ceilings, just imagining what their own 15 year old kids are doing on that massively powerful laptop they bought them for Christmas so they could do ‘revision’. We’ve known for a while that the younger generation could be a considerable component of any threat to industrial, national, and consumer security but here it is in black and white. We should say that these individuals have not been charged, but the fact they are or have been suspects is enough to concern most people over the age of 30, and, worryingly, attract the curious attention of most people below that age.
At a corporate marketing and comms level this is where the biggest change is going to be felt. The major issue for TalkTalk is that it is already considered a budget brand for connectivity. So this, the latest of several attacks, could drive an inference that paying less means compromising your security. That well may not be reality, but for now, perception is ruling the mindshare. It’s akin to driving a perception that if you shop at Aldi, you are more likely to get food poisoning. How do you think that will affect renewals of TalkTalk contracts and new registrations? This real business impact is coming and TalkTalk knows it. So yes, the share price will quickly recover once this dies away in a couple of weeks. But you can be fairly certain it won’t be a pretty sight when its user numbers show a massive drop in 12 months as a knock-on effect.
So is this just another cyber-attack? Yes and no. From a technical perspective there doesn’t appear to be anything new here. But from every other standpoint, it’s changing public and business perceptions. We all said it would take a large scale publicly visible attack to change how seriously people and organisations take cyber security. Be very careful what you wish for…..