By Daniel Couzens
A long history of helping cybersecurity brands learn how to communicate has helped the Allison team accumulate some nuggets of knowledge about what works and what doesn’t. It continues to be a great ride, and the bumps and bruises along the way only teach us more!
We’ve put together four pieces of communications wisdom for any cybersecurity vendor seeking media airtime and attention.
Ambulance Chase with Care
Having started in cybersecurity PR when anti-virus came in boxes, I encouraged my clients at the time to comment on cybersecurity incidents because few other brands did it. Computer viruses were novel, and journalists craved quick-fire commentary. When hackers were more like graffiti artists rather than today’s cyber extortionists, there was nothing amiss with winning column inches on the back of someone else’s misery.
Today, the rules are different. If you’re a major cybersecurity brand, commenting on a live cyber-attack – it must be done much more carefully. Journalists are all too aware of how exploitative some pitches can be. To avoid being charged with ambulance chasing, brands must offer real intelligence on a situation – what it is, why it happened, why it’s important – instead of copy-and-paste lectures. The question experts increasingly need to answer is who the cybercriminal is. In some cases, it may be better to wait until the dust has settled to do a more sober dissection of what happened and what lessons can be learned.
Don’t Speak in Tongues
The people with the most knowledge are often the threat experts and not the C-suite. However, they often need help filtering their technology speak and must be taught to communicate their advice in human speak. The cybersecurity industry tends to use even more jargon and opaque phraseology than other areas of enterprise tech, mainly because cybersecurity professionals love to use military-type jargon.
Somebody who can easily dial up and dial down on the details of how a cyberattack functions and can share insights into the motivations of a cyber actor is golden. Cyber comms specialists can help spokespeople make the details of an attack easier to understand and therefore help a journalist share that information with their audience.
Jettison the Hoodie Cliché
The frequency and intensity of cybersecurity attack and vulnerability stories can quickly become reductive. The result is stale, uncompelling messaging. Brands that can leave behind the clunky cliches of cyber warfare and move beyond the idea of hackers in hoodies in a dark room will soon become the most relevant sources for media.
At Allison, we’ve done research into categorizing recent media coverage about cybersecurity. Most articles on cybercrime are essentially negative. While experts should never stop alerting people to new threats, there is a case for building a more positive agenda and messaging into any current cybersecurity communications program. In other words, don’t make your program simply a counsel of despair and negativity, because it has the potential to showcase cybersecurity can be a positive force in the next wave of technology innovation. Know the Numbers
When it comes to sharing cybersecurity insights, few organisations are willing to talk to the media as case studies due to the fear of disclosing information about how they secure themselves. The alternative must be investing in research to reveal insights about attitudes to cybersecurity – from the C-suite to security professionals to working professionals.
Despite the large number of market research studies commissioned for PR every year and the difficulty of standing out from the crowd, research remains a key tool for promoting thought leadership. The most valuable studies are those that arrive at counter-intuitive findings (for example, companies without a CISO report fewer cyber-attacks) or that delve into a niche like how corporate systems at risk from staff connecting their personal devices to business networks. The most impactful studies are those that quantify the real-world damage of cyber-attacks in pounds and pence, or dollars and cents. Journalists no longer need studies about the importance of cybersecurity or even incident rates. They want more concrete evidence of what the costs are of an attack and the rewards of proper cybersecurity.
I’d love to know what other maxims should be added to our list. We’d love to hear from you if you’d like to talk about how we can help you in your local market or internationally, contact us to schedule a meeting.
Daniel Couzens is a senior vice president in the London office. He specializes in B2B technology and has many years of experience leading global brand and reputation building for some of the world’s leading technology providers.