Let's Talk Talk About Consequences...

I was reading this morning that Talk Talk  anticipate a trading impact of between £40m and £45m as a result of their data breach last October. The good news was that they only appear to have lost about 101,000 customers – whilst 157,000 saw their personal information compromised.

More good news is that trust in their brand has improved since after the attack, as customers saw Talk Talk as acting responsibly both in terms of restoring its online presence with fit-for-purpose security, and offering free upgrades.

Even more good news; their latest ARPU (Average Revenue Per User) has grown by 6.1% to £28.08. 

It got me thinking; consequences...

It seems to me that;

• The consequences of doing a good job is reflected in earnings of £28.08 per person
• The consequences of NOT being lucky (my previous post) in this instance is £40m / 157,000 compromised clients :  that's a staggering £254.77 per person

 That’s a 9:1 ratio.

Clearly, I’m no accountant and I realise that there are many a financial conundrum involved to reach a genuine comparison. But if you were ever looking for a simple metric to give to business leaders and executives as to why you should invest in Information System Security, surely 9:1 is as good a starting place as any…

I've heard it said (and I don't disagree) that the Security industry is one that is ostensibly built on failure. If you've ever seen the Security Taxonomy by Momentum Partners, it is easy to understand why IT managers get confused, let alone business leaders, and with confusion will come opportunities for our adversaries. So lets keep it simple; 

As organisations become more digitised, success will depend on their ability to protect the digital platform. 

Let me know what you think; Does a ratio of 9:1 feel about right to you? How do you drive the business to invest in the design, engineering, implementation, and management of information security programmes to protect your organisation from growing sophisticated attacks?