back to article Clients say they'll take their money and run if service hacked – poll

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked. Almost half (48 per cent) of the 1,000 Brits questioned by Onepoll claimed they would cancel accounts if a provider of theirs suffered a data breach. In addition, a …

  1. Charles 9

    Now here's an interesting question. What if the ONLY provider suffers a data breach, meaning if customers wish to walk out, they'll end up going without? Would customers be THAT willing to walk out then?

    1. William 3 Bronze badge

      No, but it would be good grounds to set up a competitor at that point.

      1. Charles 9

        ISPs are a utility. Utilities are a natural monopoly because of the high upfront infrastructure costs (in this case, laying down the data lines). That's why utility incumbents are so hard to unseat without either significant help (which is unlikely to be forthcoming here) or deep pockets (who in this case tend to be the incumbents, so that's out).

    2. Doctor Syntax Silver badge

      "What if the ONLY provider suffers a data breach"

      It depends on how important the provider is. There's no shortage of ISP, email providers etc. Banks are rather fewer but there are still choices. Facebook might be considered an only provider but in that case it can be easily done without.

      1. Charles 9

        "It depends on how important the provider is. There's no shortage of ISP, email providers etc."

        Not out in the boonies. There's a lot more geographic exclusivity than you think. Especially in ISPs and other utilities, where high infrastructure costs make for natural monopolies.

  2. Version 1.0 Silver badge

    Gut reaction

    That's an understandable reaction - but the breached provider now has a thorough understanding of the issue and should be able to prevent further breaches in future (I know I'm being optimistic here), whereas switching to a new provider means that you're jumping to a provider who's not been breached and most likely will be in the future.

    The cynic in me points out that Yahoo was secure for years, until suddenly it turned out that it wasn't and hadn't been.

    Frying Pan or Fire? Let me think about it ...

    1. Doctor Syntax Silver badge

      Re: Gut reaction

      "the breached provider now has a thorough understanding of the issue and should be able to prevent further breaches in future"

      Unfortunately the list of "respectable businesses" in the article includes at least two serial breachees.

      I think there are at least 3 categories here:

      Those that never learn

      Those that learn from their own mistakes

      Those that learn from the mistakes of others

    2. The_Idiot

      Re: Gut reaction

      @Version

      Unfortunately, by that logic Flash should be the most secure technology and most reliable Adobe product in this or any other universe.

      It, um, isn't. Er - probably (ducks the salvo of incoming lawyers (blush)).

    3. Mephistro

      Re: Gut reaction

      "switching to a new provider means that you're jumping to a provider who's not been breached and most likely will be in the future."

      The problem with that approach is that if everybody follows it and remains with the breached providers, there will be absolutely zero reasons for providers to improve their security. "See? No consequences. And it's cheaper! Moar bonuses!!!"

  3. Tom Paine
    Pint

    100,000 out of 4.3 million customers? 2%? Yeah, that's really going to have Dido tossing and turning at night...

    The sad truth is that, apart from BEC attacks which can cost firms real amounts of actual proper folding cash money, even the most spectacular security fails rarely lead to any objective damage to the firm. Did Sony go bust? Did Saudi Aramco? Yahoo? Tesco? RSA? JPMorgan? Lockheed Martin?

    Nothing's going to change things at the majority of organisations where security's a tickbox exercise at best until firms go bust and directors go to jail. And I've been waiting for that to happen for a decade or more.

    God, it's depressing working in infosec... I'll cheer myself up with a quick icon or four.

    1. Charles 9

      "Nothing's going to change things at the majority of organisations where security's a tickbox exercise at best until firms go bust and directors go to jail. And I've been waiting for that to happen for a decade or more."

      Which won't happen because many of those firms are transnational and can play sovereignty against countries. It's an extortion game: "You wouldn't want us pulling up stakes, would you?" Same with the corporate structure. It's designed to deflect responsibility, and with their transnational nature, they can make sure the laws never get to the people up top.

      Transnational companies have more power than most sovereign nations in that regard. Unlike the countries, they can jump ship.

      1. Doctor Syntax Silver badge

        "Transnational companies have more power than most sovereign nations in that regard. Unlike the countries, they can jump ship."

        It's not always that easy to jump ship. If they want to trade on any substantial scale in a particular country they'll have to consider have some footprint even if it's only a local sales office. These days regulators are starting to think in terms of fines based on global turnover so the days of being able to shrug off responsibilities might be coming to an end.

        1. Charles 9

          "It's not always that easy to jump ship. If they want to trade on any substantial scale in a particular country they'll have to consider have some footprint even if it's only a local sales office. These days regulators are starting to think in terms of fines based on global turnover so the days of being able to shrug off responsibilities might be coming to an end."

          Expect that to change as the transnationals start to push BACK. The obvious answer to trying to nail mother companies is to further separate subsidiaries on paper. Meanwhile, they'll continue to pressure legislatures while those legislatures are becoming more permissive to businesses (look at the changing stances concerning privacy).

  4. Anonymous Coward
    Anonymous Coward

    No they won't

    Because once you are using a service, it costs time, effort and money to change.

    The most the customers will do is piss and moan and ask for service credits or penalty payment, which will be only a minor inconvenience to both.

    1. Mark 85

      Re: No they won't

      The bigger problem is getting the word out. Most users/punters/customers only get their news from MSM or maybe Facebook. Chances are, they will never know their ISP/provider has been hacked. Most just dump email from the ISP/provider to the spam bucket. If the users/punters/customers don't know, they're none the wiser.

      The other problem that has been pointed out is that at least here in the States, choices are rather <ahem> limited for most of us. Bigger cities, probably not but rural, smaller cities.. definitely.

    2. Doctor Syntax Silver badge

      Re: No they won't

      "Because once you are using a service, it costs time, effort and money to change."

      The thing which is most difficult to change is email. You can gain independence from an ISP by using a non-ISP supplier instead of relying on the ISP's email. In the long run it's easier to have a private domain. The domain hoster of the moment can also host the email service but, as it's your own domain, you can switch to another service provider and keep the domain. Sadly it's not a solution for everyone.

      1. Charles 9

        Re: No they won't

        Also, if it's going to be a transportable domain (meaning you control the section just before the .com or whatever), those aren't cheap and will be recurring costs, which many people would find too much for what it's worth to them.

  5. Anonymous Coward
    Anonymous Coward

    I don't believe them.

    1. silent_count

      +1 Talk is cheap. A quick measure of the revealed preference would be to ask the same people when was the last time they changed providers in response to their previous provider's crap security.

      1. Anonymous Coward
        Anonymous Coward

        Quite - TalkTalk lost hardly any customers as a proportion of their customer base, despite it being very easy to switch broadband suppliers.

        The gung-ho talk about class action lawsuits also illustrates how little you can rely on survey responses, since the scope of these in the UK is very, very limited and wouldn't apply to this kind of incident. Do they think lawyers are just showing restraint in not having brought any actions to date?

  6. Stuart Grout

    Walked from one, stayed with another.

    When TalkTalk got hacked the service and price I was getting from them was nothing special so I switched to another provider for similar costs but in the hope of better service/security. I've now got into the habit of comparing and swapping landline ISP at the end of each introductory deal.

    When 3 got hacked I did a comparison and the 3 product was better than any of the alternatives so I stayed. If I could have found a similar deal elsewhere then the hack would have been enough to go through the hassle of switching.

    From my perspective a provider being hacked is a serious factor when considering switching, but it is only one of the factors.

    1. Anonymous Coward
      Anonymous Coward

      Re: Walked from one, stayed with another.

      I on the other hand moved to TalkTalk as they were investing in security and crucially their introductory deal was astoundingly good. I had been with PlusNet since 2002 but they were charging me hugely for my loyalty. I'm now 6 months into the 18 month TalkTalk contract so in 1 year I will be looking for someone new who has discovered they need to beef up security, and gives a very good introductory offer on FTTP.

      1. Doctor Syntax Silver badge

        Re: Walked from one, stayed with another.

        "I on the other hand moved to TalkTalk as they were investing in security"

        Is that something you know of your own knowledge or what they told you?

        1. Captain Badmouth
          Paris Hilton

          Re: Walked from one, stayed with another.

          <"I on the other hand moved to TalkTalk as they were investing in security"

          Is that something you know of your own knowledge or what they told you?>

          They just put an extra man on the door, that's all.

          Paris : Always an extra man on the door....

  7. nematoad
    Unhappy

    Alternatively.

    Why bother to try and breach all these firms security when the government will have all of your details. Just breach them and hit the jackpot. Then where are you going to turn?

    And if you believe all the BS about how well all your personal data will be protected then you might be interested in a bridge I have for sale.

    1. Charles 9

      Re: Alternatively.

      "Why bother to try and breach all these firms security when the government will have all of your details. Just breach them and hit the jackpot. Then where are you going to turn?"

      IOW, just assume your cover is blown and instead stock up on the canned food and petrol. At least Americans also have easy access to shotguns.

  8. Libertarian Voice

    We have just all been hacked

    Thanks to the snoopers charter all Brits without a decent offshore vpn have been hacked.

    1. Charles 9

      Re: We have just all been hacked

      The offshore VPNs will be blocked soon, leaving you with no choice but the hacked ones.

      1. Doctor Syntax Silver badge

        Re: We have just all been hacked

        "The offshore VPNs will be blocked soon, leaving you with no choice but the hacked ones."

        The Mayfly's team might find such a move makes life difficult when they try to negotiate access to Europe for service industries.

        1. Charles 9

          Re: We have just all been hacked

          They probably wouldn't care, as they'll be more interested in keeping things at home.

  9. Anonymous Coward
    Anonymous Coward

    Running a Company

    So security is just a tickbox. That probably explains why TalkTalk can get away with giving a lecture to BT on 'How To Run a Company' (OpenReach) and not see the irony.

    Pot Kettle Black

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like