Why the Optus boss is unlikely to survive the data hack

Qantas boss Alan Joyce set a new high-water mark on chief executive survivability in the face of customer alienation. Optus chief executive Kelly Bayer Rosmarin will challenge that record to retain her job. Arguably she can’t.

The Optus data breach dwarfs any in Australian history, and what’s even more astounding is that Optus is a technology company.

Where Joyce had the support of a cheerleading board chaired by pom-pom-shaking Richard Goyder and the home team support of major shareholders, Optus governance is a bit more opaque.

Optus is a wholly owned subsidiary of Singtel, a company listed on the Singapore Stock Exchange and is majority controlled by the Singaporean government.

Singtel has made only one announcement to the Singapore exchange – an Optus press release dated five days ago.

Optus chief executive Kelly Bayer Rosmarin says the villain of the data breach is the hacker, not Optus.Credit:AFR

And while Qantas’ cancelled flights, lost bags and long phone operator response times snafus are abysmal, they aren’t in the same league as the devastation inflicted on Optus customers by the cyber attack – whose twists and turns have been playing out over the past week.

The other factor weighing positively for Qantas is that none of its problems can be laid at the feet of the government.

The federal government legislation and its agencies that deal with cyber security will rightly be under the microscope for the part they did or didn’t play in ensuring licensed telcos protect public data from security breaches of the magnitude exposed over the past week.

Given the public scrutiny, it is hardly surprising that new Home Affairs and Cyber Security Minister Clare O’Neil was fairly quick to lay the blame at the feet of Optus.

What Bayer Rosmarin is describing as a sophisticated cyber attack, the minister is labelling as the opposite – a basic attack.

In layman’s terms, O’Neil is suggesting that Optus’ security measures were the equivalent of a home owner leaving the back door open.

If O’Neil is to be believed – and the experts seem to have lined up behind her – Bayer Rosmarin and Optus are particularly exposed.

If the public is looking for the perp in this scandal (beyond the hackers), Optus is the prime target. This is despite Bayer Rosmarin’s insistence that its data is encrypted and Optus has “multiple layers of security”.

It is almost academic that the hackers, who had been asking for $1.5 million in ransom, have now apologised and promised to delete the data they stole.

No one is expected to take the word of hackers so Optus customers would hardly be exhaling a collective sigh of relief.

That is a bell that can’t be unrung.

The fact the culprits were able to access the data of more than 9 million current and former Optus customers is a major indictment on the company’s risk management systems and its potential underinvestment in them.

For Optus, compensating customers would be an expensive exercise, particularly if it involves giving affected customers access to a year’s subscription to the Equifax credit monitoring service.

Meanwhile, it will undoubtedly lose some customers who are at the back end of their mobile plans and the data breach will surely frighten new customers off for a while at least.

And there is already talk of a class action lawsuit being investigated.

Optus insists it is “not the villain in this story” but this is not how the customers will view it.

Curiously, Optus’ two main competitors, Telstra and TPG Telecom, have remained very quiet since the hack.

It has been a wake-up call to the industry and corporate Australia which have paid notoriously scant attention to the cyber risks.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

From our partners

Source: Read Full Article