back to article Capita says 2023 cyberattack costs a factor as it reports staggering £100M+ loss

Outsourcing giant Capita today reported a net loss of £106.6 million ($135.6 million) for calendar 2023, with the costly cyberattack by criminals making a hefty dent in its annual financials. The total costs incurred due to the break-in, believed to be carried out by the Black Basta ransomware group in March last year, stand …

  1. tmTM

    Take your pick

    Things that cost money: Cyber security

    Things that cost more money: Poor Cyber security

    1. KittenHuffer Silver badge

      Re: Take your pick

      Doing cyber security properly: Priceless!

      1. Anonymous Coward
        Anonymous Coward

        Re: Take your pick

        Also somewhat fucking annoying. I know it has to be done, I'm interested in security, I am, but when you have users that can barely remember their own home address that was used as their password its fucking painful. We want to put tighter security in but we also don't want to stop our users from working or making it so painful security wise that they give up using their issued kit.

        1. Anonymous Coward
          Anonymous Coward

          Re: Take your pick

          Adopt a password keeper so people only need to know one password.

          How users can create strong passwords and remember them, with their own formula! (example of one formula below)

          Lets make a password we can write down on the desk and nobody can use -

          Pick a number let's say 17 and we will always add 5 to whatever number we use, and lets always put a U in front of it

          then lets pick a word - from something you look at every day, like a blue notepad, and write down bluenotepad, and always remove the Es and capitalize the second letter.

          then pick a special character ! to always put before the last letter

          so we write down 17bluenotepad, but the password is U22bLunotpa!d

          Formulas can be simpler or harder, but are a good tool.

          I don't' suggest people write down passwords, but if they know "one formula" for life, they can leave a clue (blue notepad on the screen with 17 on it) figure it out easier than remembering a complex password.

          Different solutions for different people, but this has helped some of the staff I've had to coach.

          1. Colin Bull 1

            Re: Take your pick

            "Adopt a password keeper so people only need to know one password."

            Am I missing something here ? That is only ONE password. What about the other 200 passwords we need most weeks of the year?

            1. edjimf

              Re: Take your pick

              I've read this as the Password Keeper is used to store the actual passwords for apps, websites etc which can be as long and complicated as you like because you don't have to remember them, you just copy & paste from the Keeper.

              1. This post has been deleted by its author

              2. Anonymous Coward
                Anonymous Coward

                Re: Take your pick

                @edjimf

                Good passwords are good! But cyber security for companies like Capita (or Equifax!) probably needs a bit more planning, and a bit more tech than the consideration of "passwords":

                - documented design assumpions

                - consideration of third party designs (I'm thinking about "The Cloud")

                - network design

                - applicatopn design

                - database design

                My own favourite password is "michealgoveforPMand#10"....but then I'm a retired AC!

                1. cyberdemon Silver badge
                  Coffee/keyboard

                  Re: Take your pick

                  > My own favourite password is "michealgoveforPMand#10"

                  Is that because nobody would ever think that a plausible password, or because even if they knew your password, anyone would have a guttural reaction against typing it in on a keyboard?

            2. Anonymous Coward
              Anonymous Coward

              Re: Take your pick

              yeah, its one password, that you may use to log into your PC to access your PW vault, or just for the vault - for the other 200 accounts.

          2. Blazde Silver badge

            Re: Take your pick

            so we write down 17bluenotepad, but the password is U22bLunotpa!d

            Formulas can be simpler or harder, but are a good tool

            It's better than nothing but once two of your passwords leak the pattern is mostly obvious and your remaining passwords are weak. I've found it difficult to wean people off this kind of protocol because "it looks unguessable".

        2. 0laf Silver badge
          Big Brother

          Re: Take your pick

          Then I'm afraid you don't really get 'security'.

          If your users are incapable of using passwords then a password is not a suitable security control. You need to find another more suitable form of authentication or you need to implement other controls that provide the same level of risk reduction but are not authentication controls.

          You might need to design a security system for users that are vulnerable or lack mental capacity (the very young and the very old) or who have additional needs (visual imparement, physical control issues). It still needs to be secure and their difficulties are your problems to work around.

          Your security needs to suit the environment and the users. If you try to force users into using security controls that don't suit that's when you'll get post-its under desks, machines never locked, emails sent to personal addresses.

          And if the managment aren't bought in you're screwed before you start.

          Security is 90% psychology and 10% technology.

    2. Arty Effem

      Re: Take your pick

      It's really just a question of careful outsourcing.

  2. johnB

    Any content in there?

    "...yet to deliver operational excellence...", "...create the right platform...", "...achieve out full potential...", "...Looking forwards...", "...leveraging our technology...".

    I wonder how he talks to his wife? Or maybe he's run out of cliches by the time he gets home.

    1. KittenHuffer Silver badge

      Re: Any content in there?

      HOUSE!!!

      Oh, I thought you'd started a game of BS Bingo!

  3. DJO Silver badge

    Really

    ...goodwill impairment charge...

    Impairing something that's already a negative value seems a bit quixotic.

    Does anybody who's not a financial beneficiary of Crapita hold them in anything other then contempt?

    1. Blazde Silver badge

      Re: Really

      They haven't paid a dividend in over 6 years and their share price is down 50(!)-fold since 2015. You'd be hard-pressed to find many people who consider themselves financial beneficiaries

  4. Missing Semicolon Silver badge

    Magically surviving

    Why are they getting more business, when it is plain that they can't cope with what they already have, what with firing loads of staff.

    They must be taking some important Whitehall Mandarins out to some seriously nice dinners!

    1. ecofeco Silver badge

      Re: Magically surviving

      An inbred aristocracy has always worked this way.

      It never ends well.

      1. 0laf Silver badge

        Re: Magically surviving

        No I don't think so, Crapita are right up there (down there?) in the crapola stakes. Northgate might top them tbh.

        Capita have a few large monopoly products with no easy escape route. It's often less hassle to keep big shitty suppliers than the replace them with another.

    2. Biff05

      Re: Magically surviving

      ' Why are they getting more business'. It's because the remaining field are crapper than they are.

  5. This post has been deleted by its author

  6. ecofeco Silver badge
    FAIL

    Just one quesiton

    Was it worth it?

  7. sitta_europea Silver badge

    It's well past time to take this nag 'round the back and shoot it.

    1. serverinstallations

      Don't all rush at once

      Would volunteers for this act please form an orderly queue.

      Sorry, places are limited so it's first come first served.

  8. Allonymous Coward
    Meh

    Oh dear.

    See title —^

  9. Anonymous Coward
    Anonymous Coward

    Hangon a minute

    So these guys look after customers IT and i guess their security as well but get hacked themselves.

  10. Peter Galbavy
    Childcatcher

    Executive pay awards have obviously increased in line with, well, the industry. And not proportional to performance. Of course.

  11. Anonymous Coward
    Anonymous Coward

    No, it's because they say yes to everything, so government (schoosl, pensions, dbs etc, lets face it, they are the main customers) only have to deal with a single supplier.

    If they don't have the knowledge or the software, they will buy some poor sod out and make it work.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like