Why Cybersecurity PR Must Go Beyond the Expected to Rank
How to Play Up Your Unique Narratives and Knowledge to Earn More Attention Than Your Competition
Cybersecurity is a field that is constantly under siege by bad actors, including non-human identities. Pivoting is an everyday effort, so it stands to reason that cybersecurity PR must be just as agile and creative as those defending threat landscapes. It’s hard to compete on products alone because the technology itself is always being aped by a competitor. To lead your business forward, and truly drive market awareness you need a strong cybersecurity PR strategy.
Escalate PR knows what works (and what doesn’t), and we’ll tell you all about it so you can start highlighting what matters most to the media, and by proxy, your target audiences.
Critical Threats to a Cybersecurity PR Strategy
Your cybersecurity PR strategy requires a deft hand. Here’s how it can easily become ham-fisted.
1. Doing What Your Competition is Doing
“There’s a lot of sameness in the cybersecurity world. If you’re not consistently differentiating and proactive with your storytelling, you’ll be forgotten because someone else will overtake you.” – Jason Ouellette, Partner & Cofounder, Escalate PR
Of course, there’s value to studying and inventorying elements of your competition’s cybersecurity PR strategy and their business at large, but those things can’t be your end-all, be-all. What works for others may work for you, but it will be less effective than it is for them, and you will have to put more effort in just to be second in line. Your storytelling naturally is going to be weaker. The better play is true differentiation, even if it’s based around something small.
2. Being Ambulance Chasers
“An agency like ours helps brands be thoughtful, futuristic vendors who are ready to be in the media from an educated position. The brands leading from the front, innovating in the market, are the ones winning, and a partner can help guide them along the path.” – Jason Ouellette, Partner & Cofounder, Escalate PR
With cybersecurity PR, and with PR in general, you must make the narrative you want others to take in. You can’t be running after tired angles. It’s exhausting and ineffective.
Client Success Story: John Villali from IDC recently offered a proactive, educated take on what could happen in the clean energy sector based on the shifting U.S. energy policy. Many people are panicking during this time and are seeking answers to what the future may look like. As Villali is an expert in his field, his perspective has been picked up and has earned further trust for IDC. This is what successful cybersecurity PR looks like in action!
3. Doing the Minimum
Cybersecurity Month is a buzzword, and posting during that month for posting’s sake is a common minimum effort PR practice. It does get some attention, but to rise to the top of the heap, you need to do something of tangible value during that month that is a part of a year-round, always-on strategy.
It can’t be an isolated effort focused on typical methods of cybersecurity protection like encouraging the use of password vaults, using multifactor authentication (MFA) on key accounts like finance and email, and locking your cell phone SIM. While all of those things dramatically reduce risk, they don’t contribute anything new to the larger cybersecurity narrative, and they aren’t a solution to more long-term problems that businesses who would contract cybersecurity-focused companies care about.
“Forgive me for being a curmudgeon, but I think cybersecurity awareness month in a business context is counterproductive. Having a month suggests that some temporal action over the course of 30 days will be the panacea for all cyber ills. Meaningful cybersecurity outcomes in an enterprise context come from the structural reduction of IT complexity and strategic implementation of security practices, policies, and tools. The multiyear strategic approach is what is needed.” –Frank Dickson, Group Vice President, Security & Trust, IDC
A lone, typical Cybersecurity Month post is just one example of what an isolated blip in the cybersecurity PR airwaves might look like. There are others out there. See a hashtag, hop on said hashtag too late, and wonder why it isn’t helping—That’s another. Tiny actions that seem random and bore your audience are not ingredients for success. You have to take a coordinated, proactive stance to earn respect and notoriety.
4. Not Placing Importance on Internal Cybersecurity PR
Cybersecurity PR isn’t just for outside media. No, it’s all communications. Specific to cybersecurity, though, it’s about fostering an internal culture that is proactive about staying secure and learning and adopting a proactive crisis communications plan so that when you are breached (because the likelihood is you will be eventually), your team will know how to respond with the right narrative. Your team can’t own a narrative on your behalf if they don’t know what you’re trying to project.
PR Tip: Training your team to detect and respond to regular cybersecurity threats on an ongoing basis is good business, and it’s great for cybersecurity PR. If your team knows the basics of personalization scams, phishing, and enacting MFA, it means that if a breach occurs, you can say that you followed best practices and are going further to address the situation with more tailored solutions. If they don’t, you’ll have to answer questions about your less enviable position behind your peers.
5. Saying “No Comment”
You should definitely share what you’re doing to protect your base, whether it’s around threat mitigation or cybersecurity innovation in general, but there must be a point where you keep some things close to the chest. You don’t want to give away your secret sauce, but you also don’t want to have to fall back on the words, “No comment.” You should always be prepared with a comment because not commenting allows people to draw their own conclusions, and those conclusions may be inaccurate or less than attractive.
Real-World Cybersecurity PR Example: Meta recently got into some hot water when a TikToker raised privacy concerns about their new glasses. The biggest issue was not that there were privacy concerns, but that a higher-up declined the option to comment, leaving the conversation open to interpretation. Read more about it here.
Crucial Elements of a Strong Cybersecurity PR Strategy
1. Knowledge of Cybersecurity PR
Cybersecurity professionals are just that—experts in cybersecurity. Those experts have fascinating perspectives that can translate to notable citations and mentions, but they can’t be expected to be tuned into the latest movements in cybersecurity PR itself.
While Escalate PR’s team isn’t in the trenches of cybersecurity, we are enmeshed with the cybersecurity communications community. We’ve done the necessary work to learn about intrusion detection and remediation, identity management, zero-trust architecture, DevSecOps, network security, cloud security, data protection, and other aspects of IT security so that we can utilize language your technical decision-makers are familiar with in compelling narratives. You can learn more about our cybersecurity industry-specific knowledge here.
2. A Future-Forward Posture
“I think about cybersecurity the way most people think about public safety. We all depend on it, even if we don’t notice it until something goes wrong. Building a cyber-strong America means making that invisible layer of protection more reliable, so people can depend on the systems they use every day. Behind essentials like clean water, healthcare, and communication is automation working quietly in the background to deliver the services people rely on every day. Strengthening that resilience at scale isn’t easy work, but it’s meaningful. That’s what drives me and our team at Defakto.” – Heather Howland, Senior Vice President Marketing, Defakto Security
In the case of our client, Defakto Security, they’re underscoring that cybersecurity is a basic human need. You don’t see this level of accessible storytelling often. This is an excellent example of a company thinking differently, trying to reach a hand directly toward their customer base.
3. Strategic Storytelling
With a host of new threat vectors, for example, with AI-powered ones, the threat landscape has extended. The protection of critical assets has moved past the ability of humans in many instances. Strategic storytelling is the only thing that rises to the top amid this type of chaos.
Client Success Story: Allbridge, a leading provider of single-source property technology, was competing directly with other companies in the oversaturated property technology marketplace. They came to Escalate PR to improve the brand’s relevance, while positioning the company as a critical component of any hospitality tech upgrade or new build within trending third-party discussions and publications, and help boost its top-of-funnel sales activities. We were able to isolate a key narrative: Their ideal base needed a single-source provider of all their modern technology needs. Since going down this focused road, the company has had regular pieces in Hospitality Technology publications and a significant spike in share of voice (SoV).
4. Intimate Knowledge of Your Cybersecurity Business
Along with industry knowledge, you need to know yourself fully so you can make the most out of who you are as a business. To quote someone who definitely isn’t a cybersecurity professional, but who was before his time…
“To thine own self be true.” – William Shakesphere
It’s solid advice. Understanding what is going on within your organization, what is connected to your network, what types of technology have been brought in by employees (shadow IT), championing continuous education internally, and creating on-brand, intentional internal communications are important things to note and do so that your external communications are in the same vein.
5. Knowing How to Use Downtime Effectively
We’re sure that if you’re reading this, you experienced the recent AWS outage. There was a litany of complaints on platforms that remained active, like LinkedIn.
Did you use that time to further your cybersecurity PR? No? Next time a major event like that happens, jump on it (or have your cybersecurity PR agency help you). Downtime is like the Wild West—Anything goes! It’s time to put out a bespoke narrative either about the outage or about something else that will capture that captive audience’s attention.
Escalate PR works with clients in many different industries, but nowadays almost all of them touch cybersecurity, which means even companies that don’t consider themselves to be cybersecurity vendors may need help with cybersecurity PR.
Start from second base instead of first. Pick Escalate PR as your cybersecurity PR agency partner.
FAQ’s
What is cybersecurity PR?
Cybersecurity PR is a unique type of PR that takes into account regulatory standards and industry shifts and positions companies as thought leaders, builds trust, and amplifies visibility with both technical and executive audiences.
Does every business need a cybersecurity PR strategy?
The modern threat landscape affects almost all businesses, so yes, most, if not all, businesses should have a cybersecurity PR strategy in place.
How can cybersecurity vendors set themselves apart in a crowded marketplace?
Some of the best methods for differentiation include strategic storytelling, adopting a future-forward posture, training your team well, knowing your brand and all that comes with it, and always staying alert for opportunities to insert yourself into relevant conversations.