News: TalkTalk CEO gives evidence to Culture, Media and Sport Committee.
Dido Harding admitted that cybersecurity at TalkTalk was her and the board’s responsibility, but defended the company’s actions at a parliamentary hearing today.
Being questioned by the Culture, Media and Sport Committee over the hack of TalkTalk in October, Harding claimed that no one individual in the firm was responsible.
"If it’s a criminal attack it’s entirely possible that none of [the team] are responsible for the attack.
"It really does come back to the CEO and the board: was there sufficient oversight in terms of the security policies, the resourcing of the technology team to implement those policies and the knowledge and understanding of best practice?
"It is a board level issue not an individual issue below."
Asked if cybersecurity was an item at every board meeting, Harding responded that it was.
"Every board meeting my board report would cover it and we’ve had detailed in-depth sessions three times in the course of the last nine months."
"I’m not going to pretend I think that TalkTalk got everything right; clearly there will be lessons for us to learn from this.
"If you look back over the course of the last year, as a board we take cybersecurity extremely seriously. We’ve had for some time a very detailed board security plan following the ten steps to cybersecurity," she added.
Harding also went on to defend the company’s plan.
"I am confident that we had a very robust and clear plan. If I had the time again would the company have done more on security, knowing what we know today? The only logical conclusion is of course you would."
The hearing also touched on Harding’s desire for Openreach to be split from BT, as well as discussions over the best way to finance broadband infrastructure.