Don't cause drops But...
I think most TalkTalk customers are pretty close to the edge anyway.
There's much higher churn in the BB industry than there used to be. and if it's not enough to make yu leave it might well dissuade you from signing up.
Shares in TalkTalk dropped by 10.7 per cent this morning after the company released a statement admitting that a "cyber attack" may have exposed the data of its four million customers. TalkTalk is contacting all of its customers following what it called "a significant and sustained cyber attack" and intends to offer them free …
The last lot of research I saw (Ponemon Institue) said that comms companies can expect to lose about 5% of their customers following a breach, whether they were personally affected or not. Surely that possibility frightens shareholders and makes the company worth less, at least in the short term?
What kind of idiot thinks data breached don't cause a drop in share price?
A breach causes a loss in customer confidence, makes customers want to leave, makes some customers actually leave, exposes the company to lawsuits, proves the company isn't a secure/study as it once believed itself to be, more often that not reveals a need to spend to secure, the list goes on.
Something of this magnitude will help or harm a share price and you have to be pretty thick (IMHO) to think that it will make your company worth more.
What kind of idiot? the people that did the actual research?
Your post is conjecture. we don't need conjecture because there is actual research. you know people have looked at data breaches that have happened previously and looked at the impact on revenue. and found it to be negligible.
Nobody is saying it will add value.
I think it's more likely to be down to the industry involved:
Banks:
People very rarely switch banks (approx 3% per year in UK), and many mistakenly think it's going to be a nightmare and are worried about not paying bills, wages not going in etc.
Broadband.
People don't mind switching, may of done it several times before, therefore customer churn is common place.
Given the continued poor levels of customer service even before this and after the 'new management' had turned this service issue around are we sure this just isnt an excuse by the investors to show disapproval.
just like the CEO of Target wasnt ousted due to the breach there (it was a failed attempt the start Target in Canada) what else has TalkTalk not been able to do?
I bet the Chocolate Fire guard bureau ICO were positively melting at the thought of "making enquiries and liaising with the police." Maybe they'll give Baroness Harding a light tap on the wrist with a feather, then apologies after for administering such a harsh punishment.
Until penalties for keeping information secure are punitively higher than the costs of doing so this will keep happening. I wonder if a few custodial sentences for Execs and Directors may focus a few minds? I'm not saying all attacks can be prevented but isn't this the third in recent times involving TalkTalk? She didn't even know how much customer data was encrypted, despite previous attacks:
http://www.bbc.co.uk/news/business-34618187
"Until penalties for keeping information secure are punitively higher than the costs of doing so this will keep happening."
The DPA has specific provision for personal legal action against companies which breach data security and a recent court of appeal ruling allowed for distress claims as well as actual monetary damages.
The night terror for Dido Harding isn't the hacking. It's that enough customers take TT to court that the legal fees alone put them out of business. The death of 1 million papercuts is a far greater threat to business than staving off the ICO.
Thankfully for TT, most customers are either unaware of their rights or too meek and mild to pursue them.
> Although to be honest it should be free insurance against identity theft for at least a year, possibly longer.
One year is impossibly short, it should be until the customers' name, address, bank account and date of birth expire.
Personally I've been feeding bullshit DoB's to any service where this was possible, but for some reason the financial industry seems to think that no-one could actually know someone else's DoB and calculating it from knowledge of their age and when their birthday party is is a criminal endeavour beyond the realms of even the bastard offspring of Lex Luthor and Moriarty.
I just hope they get slapped hard enough! The force of which should be adjusted depending on things like what data was and was not encrypted and with what, their response time, their response actions, their plans for the future and of course what the flaw was and if it was easily preventable.
'An article published in the Harvard Business Review earlier this year claimed that data breaches "don't hurt stock prices" due to shareholders lacking "good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value."'
On the other hand shareholders might just notice the company hitting the headlines and not in a good way. The good news is that with all those Harvard MBAs not having good metrics etc, those who decide to sell might still get a good price.
"An article published in the Harvard Business Review earlier this year claimed that data breaches "don't hurt stock prices" due to shareholders lacking "good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value."
Sometimes, shit happens.
It's better than that, much much better. TalkTalk Business invite their business customers to outsource their IT to improve network security
http://www.talktalkbusiness.co.uk/news-events/news-ttb-listing/video-news/outsource-for-better-network-security/
There's a video that could be very amusing, but since I've expunged Flash from my computer I'll never know what it says.
Harvard uses stock price, but stock prices are subject to lots of other effects like Fed funds rate changes as well as overall risk aversion/taking levels.
Equally, costs of data breaches aren't immediate - they're spread out over multiple quarters as incident response and civil lawsuits get resolved.
If you look at it another way, however, I think investors do care. If a CEO manages to lose $150M by being a poor leader - which Home Depot and Target have lost to date even after taking into account $100M insurance policy payback - said CEO can get fired (and has in one case).
Clearly SOMEBODY cares.