Paul Ferrillo | June 1st, 2016
Don’t be just TalkTalk: Cyber Breaches Cost Reputation and a Ton of Money

The British telecom, TalkTalk Group, announced on May 12, 2016 that its pre-tax profits were down significantly due to additional costs (83 million pounds) related to “a breach in October 2015 when hackers apparently stole data on around 4% of customers after a simple SQLi attack.† According to this article, these costs were in addition to charges already ready taken for incident response and consulting in FY 2015, amounting to approximately 42 million pounds. That brings the current cost of the TalkTalk breach (to date) to approximate 125 million pounds, or approximately $180 million US. The company™’s full quarter press release can be found here.
For those familiar with this story, there were lots of issues relating to this breach. As news and trade reports indicate, there was a lot of initial confusion by the Company on what sort of breach occurred, how and when it occurred, as well as its extent in terms of what customer information might have been stolen. There were apparently other issues that forced the company to re-notice its customers at least twice more, once because it was publicly “revealed that employees at one of its outsourcers, Wipro, had been arrested on suspicion of using customer data to commit fraud.â€Â
We write here not to find fault and not to second-guess, but to demonstrate the obvious: Cybersecurity breaches can cost A LOT of money to remediate. The customers of those companies who have suffered a breach (whose personal information likely fell into the wrong hands) will also be less than happy, and many times clearly not satisfied with their two years of free credit reporting. This breach calculus is the new normal. Breaches continue daily. Ransomware attacks occur daily. Money gets spent rapidly to remediate breaches on the fly. Ultimately, it is hard to admit, but we are losing ground to cybercrime. And as the bad guys prove daily, they are tricky, resourceful and ever-present.
Many studies and surveys show conclusively that having battle-tested incident response plans, business continuity plans and crisis communications plans can help companies immensely if they find themselves on the wrong end of a cybersecurity breach. There are “tricks of the trade†for each of these plans, and recommended approaches depending upon what sort of breach is suffered. More importantly there are recommended approaches for when and how to disclose that your company has been breached, all designed to preserve the company™’s reputation and customer base as much as possible. The time to draft these cyber security plans, and practice them repeatedly, is obviously before any breach occurs so that the plans can be finely honed and tuned and ready to face whatever attempted breach is thrown up against them. Breach after breach has shown us that companies who stumble, trip and fall over themselves will likely suffer far greater consequences than those companies who appear to be handling them as well as they can be under the circumstances.
Our advice very simply: plan and prepare for the worst, and hope for the best.
Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.
Paul Ferrillo | June 1st, 2016
Don’t be just TalkTalk: Cyber Breaches Cost Reputation and a Ton of Money

The British telecom, TalkTalk Group, announced on May 12, 2016 that its pre-tax profits were down significantly due to additional costs (83 million pounds) related to “a breach in October 2015 when hackers apparently stole data on around 4% of customers after a simple SQLi attack.† According to this article, these costs were in addition to charges already ready taken for incident response and consulting in FY 2015, amounting to approximately 42 million pounds. That brings the current cost of the TalkTalk breach (to date) to approximate 125 million pounds, or approximately $180 million US. The company™’s full quarter press release can be found here.
For those familiar with this story, there were lots of issues relating to this breach. As news and trade reports indicate, there was a lot of initial confusion by the Company on what sort of breach occurred, how and when it occurred, as well as its extent in terms of what customer information might have been stolen. There were apparently other issues that forced the company to re-notice its customers at least twice more, once because it was publicly “revealed that employees at one of its outsourcers, Wipro, had been arrested on suspicion of using customer data to commit fraud.â€Â
We write here not to find fault and not to second-guess, but to demonstrate the obvious: Cybersecurity breaches can cost A LOT of money to remediate. The customers of those companies who have suffered a breach (whose personal information likely fell into the wrong hands) will also be less than happy, and many times clearly not satisfied with their two years of free credit reporting. This breach calculus is the new normal. Breaches continue daily. Ransomware attacks occur daily. Money gets spent rapidly to remediate breaches on the fly. Ultimately, it is hard to admit, but we are losing ground to cybercrime. And as the bad guys prove daily, they are tricky, resourceful and ever-present.
Many studies and surveys show conclusively that having battle-tested incident response plans, business continuity plans and crisis communications plans can help companies immensely if they find themselves on the wrong end of a cybersecurity breach. There are “tricks of the trade†for each of these plans, and recommended approaches depending upon what sort of breach is suffered. More importantly there are recommended approaches for when and how to disclose that your company has been breached, all designed to preserve the company™’s reputation and customer base as much as possible. The time to draft these cyber security plans, and practice them repeatedly, is obviously before any breach occurs so that the plans can be finely honed and tuned and ready to face whatever attempted breach is thrown up against them. Breach after breach has shown us that companies who stumble, trip and fall over themselves will likely suffer far greater consequences than those companies who appear to be handling them as well as they can be under the circumstances.
Our advice very simply: plan and prepare for the worst, and hope for the best.
Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.
- Brand
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- Corporate Revolt Over Campaign Donations Shakes Political World
- What Happens Next?
- CSR & Sustainability
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Over the River and Through The Woods
- Why Non-Profits are so Vulnerable to Crisis Risk
- The Threat to Free Markets
- What Happens When Nonprofits Get Caught In The Klieg Lights?
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Communications
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- The Ministry of Common Sense
- Why Should I Apologize? Lawyers vs. Communicators
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- A New Year’s Resolution
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Leveraging Legal Expertise in Communications
- Over the River and Through The Woods
- Company News
- Here We Come
- Recent Awards & Recognition
- Won’t You Be My Neighbor?
- What’s a Director to Do?
- LEVICK Announces Partnership with BCG
- A New Look
- Albert Krieger, 1923-2020
- LEVICK Announces Partnership with Jipyong
- Speaking to In-House Counsel
- Childhood Lessons
- LEVICK Announces New Webinar Series with Turbine Labs
- LEVICK Launches New Website
- Crisis
- Trump’s pardons undercut a decade of foreign lobbying law enforcement. What now?
- Fighting for the Rule of Law with Marshall Harris
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- The Cost of Government Regulation and the Threat to Free Enterprise
- What Happens Next?
- Finance
- Here We Come
- The Threat to Free Markets
- Advisory & Insurance Services
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Consumer-Focused Solutions for Financial Health
- Event: Consumer-Focused Solutions for Financial Health
- Sports: Power and Money in a New Age of Social Justice
- The Balancing Act: The Role of Whistleblowers in American Commerce and Government
- The Evolving and More Powerful FARA
- FCPA & Compliance in a Time of Uncertainty
- Shareholders vs. Stakeholders: Is the Paradigm Shifting?
- Guest Column
- Guest Blog: The Mainstream Media Gets an A for Intellectual Arrogance, an F for Journalism
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- South Africa: The Slow Decline of the ANC
- Why CSR Fails and How to Fix It
- What to Expect Following the European Elections?
- Buhari Inaugurated. What Now for Nigeria?
- Marketing- It’s Up To You…
- Crisis Management lessons from the air-crash investigation model
- The Future of War
- Health
- Food Issues & the Biden Administration
- Covid-19: The Pandemic that Never Should Have Happened
- Pharma’s Post-Pandemic Policy Outlook
- Keeping Hope Alive
- Real Herd Immunity
- The Fiction of College Sports Amateurism
- Mac Summit: Crisis Communications in a Post-Covid, Post-Election World
- Travel Industry Communications in the Age of Covid-19
- Track of Time
- Is C-19 Taking Women Lawyers’ Careers Back to the 1950s?
- Post-Pandemic PR Strategy
- Bankruptcy: A Culture of Transparency
- In Memoriam
- Snider’s Super Foods: Locally World Famous
- Speak Truth With Love, Not Anger
- In Memoriam: Stephen Susman
- Letter to the Movement
- John Lewis’ Life Bridged the Best of America
- Albert Krieger, 1923-2020
- In Memoriam of Marcia Horowitz
- Jim Lehrer Passes Away
- Martin Luther King, Jr.
- Harold Burson Passes Away
- Interviews
- CommPRO: Ruth Bader Ginsberg’s Life & Legacy
- Richard Levick on “My Wakeup Call”
- Primerus Webinar: Into the Wind
- The Future of Baseball Post-Pandemic
- Webinar: The End of Brand Neutrality
- Thought Leadership & Organic Growth
- Man & Superman
- LEVICK Announces New Webinar Series with Turbine Labs
- Navigating Coronavirus Challenges in the Insurance Industry
- VIDEO: How to Anticipate & Avoid a Crisis
- What’s Next? with Julie Chase
- What’s Next?: California Electoral Behavior
- Law Firms
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- A First Look at the Google Antitrust Suit
- The Latest Top Class Actions
- Trust on Trial: How Communicators Succeed in a World No Longer Trusted
- The Latest Settlements, Class actions, Investigations & More
- Litigation
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- A Conversation with Abbe Lowell
- Leveraging Legal Expertise in Communications
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Our Work
- Recent Awards & Recognition
- The Cyber Bad Guys Are Getting Worse
- Crisis Communications & The Age of Cancel Culture
- Standing on the Shoulders of Giants
- Video: Conversations with American Legends
- Staying Ahead of the Crisis
- A New Era of Insurance Marketing
- Infographic: Judgment Free Zone
- Infographic: Barriers to Entry
- Infographic: History Meter
- Assistance for Law Firms Engaged in Pro Bono
- Webinar: The End of Brand Neutrality
- Public Affairs
- Trump’s pardons undercut a decade of foreign lobbying law enforcement. What now?
- Fighting for the Rule of Law with Marshall Harris
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- Food Issues & the Biden Administration
- The Cost of Government Regulation and the Threat to Free Enterprise
- What Happens Next?
- Risk
- Ingredients of Decency
- ESG Performance and Credit Markets
- The Coronavirus Saga is Just Beginning
- No. 1 Risk of the Decade
- The Risk Evolution of Corporate Risk
- Extend Risk Management Reach
- Collective Action
- Risk Identifying Software
- The New Risk of Doing Nothing
- Political Unrest In Hong Kong
- High-Profile Kidnaps in African National Parks
- Cyber Resilience
- Social
- The Ministry of Common Sense
- How to Stop the Madness
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- CSR & Sustainability
- A New Year’s Resolution
- Dropping the Mic
- Won’t You Be My Neighbor?
- Crisis, Covid, DEI & the Election
- MLK’s Memphis Address
- Technology
- Constella Intelligence Announces Hunter for Improved Investigation Capability
- Cyber Risk Institute Expands Its Profile
- Digital Politics: The Future of Voting Technology
- Ethics in Electronics
- The Cyber Bad Guys Are Getting Worse
- A First Look at the Google Antitrust Suit
- The Pause
- Cybersecurity Incidents of the Summer
- The Changing Digital Economy and Cyber Risks
- The Future of U.S. Manufacturing
- Tech CEO Summer Superbowl hearing
- Technology & Privacy Alert
- This Week
- A Remembrance of Tommy Raskin
- A New Year’s Resolution
- Over the River and Through The Woods
- Dropping the Mic
- Won’t You Be My Neighbor?
- The Cyber Bad Guys Are Getting Worse
- What We Hear
- Track of Time
- Video: Conversations with American Legends
- Conversations with American Legends
- A New Era of Insurance Marketing
- American Legend