TSTT's apology not good enough

THE EDITOR: TSTT's executive management and its former CEO should have been the first to warn the public and its customers of the astronomical breach of their data systems by cyberpirates in early October. The excuse given by ex-TSTT CEO Lisa Agard for not doing so in a timely fashion is that the TSTT team was busy taking steps to identify and contain the problem before going public.

This is a quite astonishing and amateurish position taken by an executive that should have been well aware of the critical details of cybersecurity issues and the implications for any breach of its network infrastructure, and its obligation for safeguarding the personal and confidential information of TSTT customers, and in particular its corporate clients.

It was the responsibility of the executive, upon the discovery of the intrusion, to immediately “circle the wagons” and move with urgency to mobilise its defence apparatus at all levels – technical, communications, networking, consultancy and whatever else.

It was only after almost three weeks of executive indecision and after the breaking of the news by an attentive media that the TSTT “spin doctors” decided to go public, and even then they stopped short of being as open and transparent as possible. Even the Public Utilities Minister with responsibility for TSTT was blindsided in the confusion.

International best practice for corporate organisations that suffer cyberattacks suggests that these matters must be addressed with urgency and the public informed without delay. TSTT's former CEO and its executives must be held to account for not only this disastrous data breach, the negative impact of which is still largely unknown, but many other aspects of TSTT management practices.

Indeed, given its admission that it could have handled the breach differently, a “deep dive” must be now be taken into its financial management and, in particular, its present debt situation, which stands at US$470 million, or approximately TT$3 billion.

Now that the board has decided to remove the CEO with immediate effect, the danger is not over. Therefore incoming acting CEO Kent Western must hit the ground running and carefully examine in detail what led to the breach and the potential negative impact on its revenue-earning potential, given the possibility of customer suspensions/closure of accounts and migration due to a loss of confidence.

Any decline in TSTT revenues will present a significant challenge to its ability to satisfy its debt service obligations and in the circumstances place a huge question mark over the future of the company. No corporate spin will suffice this time around.

IJ CLARKE

Trincity