TalkTalk's cyber attack piles on the pressure on financial targets

By Paul Sandle and Kate Holton
A computer screen shows details of TalkTalk's login page on its web site in London, Britain, October 26, 2015. REUTERS/Stefan Wermuth

By Paul Sandle and Kate Holton LONDON (Reuters) - Burdened with a poor reputation for customer service, facing increasingly fierce competition and under pressure to hit challenging financial targets, the cyber attack at TalkTalk could not have come at a worse time for the British telecoms firm. Chief Executive Dido Harding shocked customers last week when she said that the broadband, TV, mobile and fixed line telephony services company had been hacked, potentially putting the private details of its 4 million customers into the hands of criminals. The company has since said the attack was not as serious as first feared, with only some customers affected and the data not of the sort that would enable criminals to steal money. But analysts say the cyberattack is likely to damage the firm's reputation and require heavy spending to repair it. While the firm's shares fell by 4 percent on Friday, they slumped a further 12 percent on Monday to hit a two-year low of 225.30 and far off May's all-time peak of 415 pence. "TalkTalk doesn't go into this in the rudest of financial health, by any means," Arete analyst Steve Malcolm told Reuters. The hack is likely to compound what was already growing troubles at the firm, founded 12 years ago to target the budget market as a wholesale fixed line phone services subsidiary of mobile phone retailer Carphone Warehouse and demerged in 2010 after a series of acquisitions. Two years later it launched TalkTalk Mobile as a virtual operator and also moved into pay-TV to better compete with BT , Sky and Virgin Media but has had to increase prices along with the rest of the market as the so-called 'quad-play' market develops. In a bid to reassure investors that it can continue to compete it has also set itself two challenging targets to be achieved by the full-year 2017 - improving its core earnings margin to 25 percent from the 13.6 percent it recorded in the last financial year ended March 2015 and growing its annual revenues on a compound basis by 5 percent. The market was already skeptical about the earnings target, with analysts' consensus forecast for earnings at about 402 million pounds for the 2017 financial year, well below the around 475 million pounds the margin target would imply. "One of the ways they needed to hit their targets was with lower churn numbers, higher customer additions and lower costs, so this probably pushes out their forecasts by a year or 18 months," said Matthew Brennan, senior fund manager at Brown Shipley, which holds around 0.5 percent of TalkTalk's stock. James Barford at Enders Analysis said TalkTalk would suffer reputational damage, which could hamper planned cost cuts, "Given they were in a process of taking costs out of their operations, that would be interrupted at the least by what has gone on in the last few days," he said. If customers decided to look around for alternatives, they might discover that the gap between TalkTalk's prices and those of its bigger rivals had narrowed, particularly with offers such as a year's free broadband with line rental of 17.40 pounds a month on offer from Sky. Customers might be willing to accept poorer customer service and a perception of lower security standards if there was a big discount, but they would be less forgiving if the difference was marginal, one analyst said. Meanwhile TalkTalk has made some improvements to its customer service but is still ranked behind its big fixed-line rivals, according to the regulator. While it has paused its marketing effort following the cyber attack it is likely to have to increase its spending in future to rebuild its brand. Analysts said they did not have enough information to judge whether TalkTalk was at fault for the attack, but they did note that this was the firm's third such breach this year. UK data protection watchdog The Information Commissioner's Office, which examines whether a company has properly protected personal data, said it was aware of the incident and was liaising with the police. Two years ago the ICO fined Sony 250,000 pounds after its PlayStation Network Platform was hacked in 2011, compromising the personal data of millions of its users. The maximum fine the ICO can impose is 500,000 pounds. (Editing by Greg Mahlich)