Talk Talk – or Jaw Jaw?

talktalk-cyberattack-linked-islamic-hackers

I was rather impressed when I heard that (Baroness) Dido Harding was hitting the TV stations and papers to brief on the cyber troubles Talk Talk were facing.

Best practice in a crisis, as we know, is to acknowledge and respond, and to engage all stakeholders openly, accurately, and honestly.

Only last week we had heard Lord John Browne of Maddingley argue that in times of reputational crisis leaders had to ‘lean in’, ‘over-react’ and be ‘radical in their communication’.

Well poor old Dido Harding has had a tough time of it over the past 72 hours.

There is no doubt she has been a decent CEO. Talk Talk is a difficult business, sitting at the cut-price end of the broadband market.  But it has grown under Harding’s leadership and now has over 4M customers.

So when the company faced its third cyber security breach this year she hit the airwaves.

She was frank enough to admit what she did and did not know.  Talking to John Humphreys she revealed she had no idea whether Talk Talk had encrypted its customers’ data.

And honest enough to accept failings, for example telling the Daily Telegraph: “Do I wish I had done more? Of course I do. But would that have made a difference? If I’m honest I don’t know.”

And she has apologised.

Lady Harding clearly has a personal interest in online security.  When she accepted her peerage she said “whether it’s child internet safety, cyber security, internet freedoms, there are some really difficult issues.”

And this weekend, “This is happening to a huge number of organisations all the time. The awful truth is that every company, every organisation in the UK needs to spend more money and put more focus on cyber security – it’s the crime of our era.”

But a personal – genuine and authentic – crusade on internet security is not enough.

Actions speak louder than words.  Two earlier break-ins in the past year have already tarnished Talk Talk’s reputation for keeping data safe.  This should have been the catalyst for serious activity addressing IT issues.  And if anybody in the company had any doubt as to the importance of this the reputational consequences ought to have been spelled out.  At all levels of the company.

And there has obviously been a terrible breakdown in communication between the IT people and the corporate leadership.  A senior churn involving the loss of the Chief Information Officer over the summer can be no excuse.

The message has been confused.   At one point it was 4 million customers.  Then a back-pedalling 400,000 over the weekend.  And then news broke that this might have affected millions of former customers.

And the analysis of the nature of the attack has sounded amateurish.  Cyber security experts I have spoken to are sceptical of some of Talk Talk’s claims, and some of the language has displayed unfamiliarity with the subject.

Talk Talk have suffered terribly in the past few days, and the damage to the company’s reputation enormous.  Yet again it’s a case of lack of preparedness and poor attention paid to reputation resilience.

It is high time organisations like this took reputation resilience more seriously, and realise that reputation stewardship is the responsibility of everybody in the organisations. Not just the CEO.  Not just the communications people.  Everybody.  Even – especially – the IT Department.

 

Let us know your thoughts about this post

Leave a reply.