Dido Harding received £2.81m in pay despite TalkTalk losing £60m in cyber attack

But bonus and long-term incentive pay were reduced

TalkTalk CEO Dido Harding received an increase in salary despite the telecoms company being the victim of a cyber attack that cost £60m and 101,000 customers.

Baroness Harding, who said she was accountable for security at the time of the attack, received £2.81m in 2015, an increase of £1.8m from the year before, according to the firm's annual report.

However, only £550,000 of the total was her salary, as £1.97m came from a long-term incentive plan covering TalkTalk's performance between 2012 and 2015.

This was half of the maximum that Harding could have received from the plan, and her cash bonus was cut from £432,000 to £220,000.

The company said that Harding stood to receive £343,000 but that the remuneration committee "exercised discretion and determined that the annual bonus should be at a reduced level" after taking into account the cyber attack.

Harding has donated her bonus to autism charity Ambitious in acknowledgement of the cyber attack.

The revelations about Harding's pay come at the same time that MPs have suggested that CEO pay should be linked to effective online security.

The Culture, Media and Sport Committee said that ultimate responsibility for cyber security should lie with the CEO, but that it would be highly unusual for the CEO of a company to have to resign over an attack, as in the case of Target's Gregg Steinhafel.

MPs said that, while CEOs are ultimately responsible, this shouldn't be used as a means to diffuse or avoid responsibility elsewhere. The day-to-day responsibilities should be allocated to a specific person, whether it be the CIO or the CISO.

"It is appropriate for the CEO to lead a crisis response should a major attack arise. But cyber security should sit with someone able to take full day-to-day responsibility, with board oversight, and who can be fully sanctioned if the company has not taken sufficient steps to protect itself from a cyber attack," said the committee's report.

"To ensure this issue receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security in a way to be decided by the board."

Harding has admitted that TalkTalk did not take security seriously enough prior to the attack.