- The biggest data breaches of 2019 and their PR responses
- Talking TechComms: cybersecurity awareness month
- Why having shy customers doesn’t have to hinder your cyber-security marketing strategy
- Solving the internal communications gap
- Why clarity in external cyber-security messaging is key
- Cyber-security marketing: Building out a spokesperson matrix
- Do cyber-security brands need to maintain a serious tone of voice?
- Talking TechComms: Building a cyber-security brand
- Landing a media briefing at cyber-security trade shows like Black Hat
The biggest data breaches of 2019 and their PR responses
By Lauren Johnson
As the new year begins, it’s a time for reflection the highs and lows of 2019. While many companies surged ahead with new product offerings, major funding rounds and record-profits, some others had to face one of the more sobering realities of our time – data breaches. As the majority of transactions and personal data storage have moved online, data breaches have unfortunately increased in regularity and magnitude. The appropriate response from affected companies – from a PR perspective – however, has remained the same.
We’ll be taking a look back at a few of the biggest breaches of last year and analyzing how the affected company responded from a PR perspective. We considered the following factors:
- Speed of response – The sooner a company notifies affected customers the better, so that they can take steps to protect themselves.
- Company support – Did the company offer anything to help affected customers such as free identity theft monitoring?
- The official response – Transparency, honesty and helpfulness are all good chords to strike in an official company response. Even though some data breaches can’t be reasonably prevented, it is still a company’s responsibility to customers to own up to what happened, explain the situation and its impact, and try to solve the problem.
- The public reaction – The benefit of making this list in hindsight, is that we know how people actually reacted to the company’s PR response. Was it effective? How long was it in the news for? What did people have to say about it?
- What happened? An unauthorized third-party accessed customer, merchant and driver information back in May 2019. Around 4.9 million customers were affected, and stolen information included contact info, driver’s license numbers, and some fragmented financial information– although not enough to allow hackers to make fraudulent charges.
- The response: DoorDash released an in-depth blog a few weeks after they discovered the breach, detailing what happened, who was affected, what affected customers should do, and what the company is doing in response. The company also directly reached out to affected customers and suggested they change their passwords. The CEO also commented at the Wall Street Journal tech conference a few weeks later that there was negligible customer fallout from the breach, but that the company takes security very seriously.
- The reaction: There was widespread coverage in the days directly after the blog was released, largely reporting on the details provided in the blog. Several outlets also cited the company’s less than ideal handling of a different breach in 2018, but beyond that the media chatter focused predominantly on the details of the breach. The breach has not received much follow-up coverage since.
- The result: The blog and customer outreach were helpful but waiting to have the CEO comment for weeks until asked about it at a conference was a bit of a miss. The best breach responses come swiftly, and from the top. Ultimately, this breach may have benefitted from its relatively small scale compared to some that follow and hasn’t received too much recurring negative attention.
- What happened? Back in July 2019, data pertaining to credit card applications filed from 2005 and 2019 related to was accessed by an unauthorized party. This resulted in personal information, credit card data, Social Security and bank account numbers being accessed. The breach affected 100 million people in the US and 6 million in Canada.
- The response: The company released a statement via press release 20 days after initially discovering the breach. It shared details and announced that the responsible party had been arrested. The company also said they do not believe the stolen data was used for fraud or disseminated. The CEO was quoted in the release and committed to making it right for affected customers. The company also released an FAQ outlining all the key information and what they’re doing in response. They reached out to customers whose bank account and Social Security numbers were accessed directly and offered free credit monitoring and identity protection available to everyone affected.
- The reaction: Given the magnitude of the breach – one of the largest in US history – it was reported by pretty much every major US publication and often compared to the massive Equifax breach. The 20-day delay in notifying customers was a bit long, however it may have been tied to an FBI investigation which could justify it.
- The result: Overall, it’s too soon to tell what the final verdict will be reputation-wise, however the initial response from the company was open and honest from the CEO, making this a decent PR response. Given its large scale, however, we may see more fallout in the future as the full legal and regulatory implications are found.
- What happened? In January 2019, Marriott announced that the data from 383 million guests, including passport and credit card numbers, had been stolen by hackers. The company had initially indicated that there may have been a breach affecting as many as 500 million guests in late 2018, and then conducted an investigation with a forensics and analytics team to determine the extent of the breach. In both instances, they shared a press release detailing the hack, which was one of the largest personal data breaches in history.
- The response: In both instances, the company shared a press release detailing the hack, which was one of the largest personal data breaches in history. The company set up a dedicated website and call center to deal with customer questions about the release and also offered free credit monitoring to those affected.
- The reaction: Given the scale of the breach, it was covered widely by the media and compared to the Equifax breach. It also sparked debate about how the hospitality industry as a whole, deals with data security. A year later, and it is still garnering regular coverage as lawsuits and regulatory rulings resulting from the breach have come to fruition – further drawing negative attention.
- The result: The company should get some positive credit for alerting customers that there was potential breach before taking several months to complete an investigation – something that wasn’t done in some of the other major recent breaches – which allowed people to take steps to protect their identities sooner. The massive size of the breach and the lawsuits it has brought may ultimately make negative ramifications to the Marriott brand continue on for a long time, however.
As seen from these examples, a forthright and honest approach that puts the affected parties first is ultimately the best approach for brands facing a breach. Even that can’t always prevent negative fallout, especially when breaches affecting the sensitive data from hundreds of millions of customers are concerned. While the best solution for companies will always be to prevent breaches in the first place with better cybersecurity defenses, they should still have a crisis PR plan in place and spokespeople prepared to comment in case the unthinkable occurs.
Back to Top
Talking TechComms: cybersecurity awareness month
By Sam Pudwell
Taking place every October, cybersecurity awareness month is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. It was started in 2004 by the USA’s Homeland Security, but has since been adopted by social media and IT security professionals around the world.
Awareness months such as this provide an opportunity for brands to engage a wider audience and use the topic as a springboard to boost their social reach. However, they have to be approached in the right way. With so many businesses competing for attention, just posting content for the sake of it isn’t going to have an impact.
In the latest episode of the Talking TechComms podcast, we spoke to London lorry Jacob Greenwood to get his insights into how businesses can successfully cut through the noise of Twitter awareness months. Check out what he had to say about formulating the right strategy, providing value for audiences and maintaining long-term momentum.
Back to Top
Why having shy customers doesn’t have to hinder your cyber-security marketing strategy
By Sam Pudwell
As we all know, the trusty customer case study is an important component of any PR or marketing campaign – no matter what the industry.
Case studies help businesses demonstrate how their product or service has been successfully implemented by customers. They provide an excellent proof point for a product’s value in a certain sector, and highlight how it can be used to address a specific business issue.
Instead of just talking about a product in theoretical terms, case studies allow brands to showcase practical applications. Most importantly, they help bring a (potentially dull) product to life by letting brands tell stories that are much more engaging than another self-serving press release.
However, not all industries have it easy where case studies are concerned. For example, finding customers willing to be used as case studies is notoriously difficult in the cyber-security space, primarily due to the sensitive nature of the topic.
So, how can brands use customers in their cyber-security marketing and PR strategies without placing them under the spotlight? Here are a few options.
Use their data, not their name
Virtually all modern cyber-security products collect a huge amount of data from the analysis of things like network traffic, device performance and employee activity. So, even if you can’t use a customer’s brand name, you might be able to use their data (with their permission, of course) to talk about what’s happening in the industry, or point to trends that align with your marketing messaging.
For example, a customer might have suffered a rare type of attack, or a variation of an existing threat that hasn’t been seen before. Or, multiple customers operating in the same industry might have suffered a similar attack within a short timeframe, suggesting that a specific type of company is being targeted.
This is all interesting data that could be used as part of a PR campaign addressing the wider threat landscape (think press briefings and speaking slots), or simply as a one-off piece of content like a blog or press release to showcase your expertise.
And the best part is that it can all be anonymised, so the customer in question doesn’t have to worry about its name appearing across cyber-security publications, blogs and social media feeds.
Remember, just because you can’t use a customer’s name, it doesn’t mean they can’t be useful in other ways.
Make the most of awards season
Another extremely effective way of showcasing and validating all the great work you’ve done with customers without publicly naming them is to enter into industry awards.
With competition in the sector continuing to intensify, industry awards provide a valuable opportunity to illustrate your cyber-security brand’s expertise. They also help to build credibility and authority, providing third-party endorsements that add weight to any PR or marketing strategy.
Winning (or even just being nominated for) an award from a respected industry body proves that your product really is as good as you say it is, which builds trust with both current and potential customers.
Most importantly, the finer details of the entry and the work you’ve completed with a customer can be kept private, so that they are only read by the judging panel. This enables customers to be used as part of your cyber-security marketing strategy, even if they are concerned about revealing business secrets to media.
Plus, who doesn’t enjoy a glass of prosecco and the inevitable shrimp cocktail that comes with attending an awards evening?
Finally, it’s always worth trying to convince any reluctant customers about the benefits of taking part in a case study. Just remember to keep the following tips in mind:
- Start off by targeting your happiest customers – i.e. those that you think will be the most likely to agree and that have previously been open to sharing their experiences of using your product or service.
- Highlight the mutual benefits – a case study doesn’t just have to benefit you, it can also be of value to the customer. For example, customer benefits could include increased visibility and the opportunity to show how they are now better able to serve their own customers.
- Offer incentives – when signing the client, why not offer a price reduction if they agree to provide a written or video case study about their experiences? Although you’ll have to make an initial sacrifice, this strategy could yield a greater financial return in the long run.
- Make the process as simple as possible – the less time and effort a customer has to put into writing and approving the case study, the more likely they will agree to it. Plan the process efficiently and don’t take up too much of their time.
Ultimately, it will always be tricky for cyber-security brands to find customers that are willing to be used as case studies. Cyber-security is a sensitive area, so many companies are understandably reluctant to talk about their experiences openly.
But, by thinking about how customer stories can be used in different ways – such as in award entries or through the collection of data – cyber-security brands can bolster their marketing strategies and get even more value out of their customer relationships.
Struggling to make the most of your customer references? Get in touch at firstname.lastname@example.org to find out how we can help make your customers a central part of your cyber-security marketing strategy.
Back to Top
Solving the internal communications gap
By Emma Davies
It seems we can’t go a single day without an unsuspecting Brit transferring every penny they own to a cyber-criminal. Whether it’s a fake millionaire on Tinder stealing $200,000, or a cyber-savvy team of investment charlatans convincing pensioners to part with their life’s savings, being a hacker really is a full time job.
Unfortunately, it’s an even bleaker picture for businesses. Small businesses are the subject of repeated cyber-attacks, with almost 10,000 attacks happening every day according to the Federation of Small Businesses.
From a cyber-security marketing perspective, the widely documented cyber-security skills gap across the nation has forced vendors to push themselves to the limit to capture the attention of the b2b enterprise market. For any ambitious cyber-security start-up, it’s an obvious choice to get the PR machine up and running: but a not so obvious choice as to when, or how to position the company.
Perhaps most importantly, it can be hard to know how to come up with a PR strategy that pleases everyone internally. For example, the staff actually working on coding and developing the product will probably want to tell a different story to the less-technically savvy sales and marketing departments, which can result in a confused message and impact stakeholder buy-in.
Due to the competitive nature of funding and the reliance on pleasing investors and the unpredictability of product development, cyber-security marketing teams can often find themselves between a rock and a hard place when it comes to getting everyone on board internally with PR across the business. So how can it be done, and what should you consider?
- Involve your security developers from the get go in a way that makes sense. Broad, brush stroke marketing statements do not often sit well with people who’s job it is to be the devil in the detail. Think about how they can contribute to the overall vision in a way which plays to their strengths and is likely to generate external engagement. For example, developing comments to respond to breaking news of cyber-security breaches, specifically how they could have been prevented, is a good way to showcase technical expertise and be useful to journalists.
- Find out what the investors and board members are looking for. Investors can often instigate a PR agenda by saying things like “We’d like to be in the Financial Times” or “XYZ is on the BBC, why aren’t we?” There needs to be a level of education on how to go from zero to hero, and a decent tech PR agency should be able to craft a plan to get there to keep those holding the purse strings on side. Managing expectations with an evidence-based strategy will be important in building momentum.
- Decide how PR will support sales. PR budgets can often be limited, which means it’s crucial to nail down what you want from activity. Driving sales, or lead generation can be a good way to focus PR content creation on the buyer audiences’ trade titles, and tools such as paid-for targeting on social media can stretch this content even further. But time spent on brand awareness in higher tier publications can also be reusable for sales meeting and funding pitches, so it’s crucial to decide early on where you want to focus your budget and the PR effort.
In traditional b2b tech PR, we often let customers do the talking on vendors’ behalf – as there is no greater validation than a happy customer. But we know this is not always possible in the security space, which means a renewed effort needs to be made elsewhere.
Crucially, the approach needs to be agreed internally to generate buy-in across the entire organization. If some kind of consensus can be agreed upon at the start of a campaign, it will allow you to put your best foot forward and use a PR agency in the most efficient way.
If you’d like to discuss further, feel free to email one of our cyber-security experts at email@example.com.
Back to Top
Why clarity in external cyber-security messaging is key
By Francesca D’arcy-Orga
From phishing and worms, to SIM Swap fraud and trojan horses, the cyber-security industry is filled with enough buzzwords and jargon to make your head spin. When you add in all the acronyms (IoT, BYOD, DLP, SIEM…), trying to navigate the world of cyber-security messaging can feel like peering through murky waters.
At the same time, cyber-security is now a top priority for businesses, as a security breach can have huge financial and reputational ramifications. Consumers are also becoming more cyber-security conscious, as conversations around breaches and data privacy regularly hit mainstream headlines.
For cyber-security companies, it can be easy to forget that not everyone is as immersed in the industry, or as familiar with the language, which is why it’s important that external messaging is jargon free and easy to understand.
Here are three reasons why clarity in your cyber-security messaging is key:
Our attention spans are getting shorter
The internet is awash with stats about our decreasing attention spans. As recently as June this year, a major study from academics at Oxford, King’s College London, Harvard and Western Sydney University found that using the internet is physically changing our brains, making our attention spans shorter and our memory worse.
In the digital age, we’re all constantly bombarded with stimuli. As content of all varieties becomes increasingly abundant, the human attention is pulled in every which direction, so should be treated as a scarce commodity.
For this reason, cyber-security messaging has to be as easy to understand as possible. People don’t have the time to try and decipher acronyms or unnecessarily technical language, so cut to the point and keep it simple. Whenever someone clicks off your content, you’ve missed an opportunity to create a connection, which is especially frustrating when it can be easily avoided!
Your audience is bigger than you think
Many companies can tell you in a heartbeat who their target audience is, whether that’s the CIO, CTO, senior decision makers, or “the person who manages the budget”.
But your audience is usually bigger than your sales prospects. What about the panicked CEO whose business has just been hacked? A journalist who’s researching for an article? Someone who’s gone down a rabbit hole and stumbled across one of your blogs?
All of these people will have a different level of understanding about what you do and the industry you’re operating in. Therefore it’s good to tailor your content so the messaging is appropriate for the relevant audiences. A news-hijacking comment delivered to mainstream media should have a different tone to a whitepaper for prospects, for instance.
At the end of the day, if your messaging is confusing and hard to understand, people are more likely to click away from your content and head to a competitor.
There’s too much at stake
Cyber-criminals are becoming more savvy, breaches are a regular occurrence, and enterprise and consumer data is under constant threat. As such, it’s never been more important for people to have a basic understanding of cyber-security.
Everyone in the industry—from security analysts, to CIOs, to journalists—has a responsibility to ensure they’re educating people on threats to look out for, and steps people can take to ensure hackers aren’t given the upper-hand. Jargon-free, easy to understand messaging is essential to this education process.
Other quick tips for improving your messaging include:
- Using analogies to explain complex topics
- Backing up your points with real-world examples
- Use diagrams and videos to make concepts easier to digest
It’s no secret that cyber-security is fast becoming one of the most important issues for businesses and consumers, meaning clarity of messaging has never been so essential. After all, why should people take your advice or buy your product if they can’t understand even what you’re saying?
If you need help developing jargon-free messaging for your cyber-security company, get in touch!
Back to Top
Cyber-security marketing: Building out a spokesperson matrix
By Joel Khalili
For cyber-security brands, strength and depth are equally important when it comes to building out a spokesperson matrix.
As the public faces of the company, spokespeople are central to defining a brand’s voice and public perception. For this reason, selecting precisely who to put in front of press is a decision well worth taking time over.
Building out a spokesperson matrix is all about balance – between technical and non-technical expertise, too many voices and too few, individuals with passion and those with poise.
It’s also important to assess each opportunity as it comes, and ensure the best equipped and most suitable spokesperson is selected for the specific instance.
With all this in mind, here are a few key considerations for any cyber-security brand looking to build an industry-leading spokesperson line-up.
Variety is the spice of life
For many cyber-security marketers, the temptation can be to lean on a single individual for all press opportunities. Start-ups and scale-ups in particular tend to rely on the founder or CEO to spread the company word.
This inclination is perfectly natural. After all, it’s logical that the most high-profile member of an organisation should be at the heart of its PR efforts. It’s also true that press are interested in speaking with decision makers, which means founders and CEOs are sensible candidates.
However, the range of discussions that take place within the cyber-security industry – from security and compliance, to the technology, to the human right to privacy – means it’s important for brands to provide varied, credible perspectives. Relying on one spokesperson alone for all press opportunities can bring about difficulties further down the line.
If journalists only ever hear from one individual, they can become reliant on that person and unwilling to hear from anyone else within the organisation. After all, if they’ve enjoyed unchecked access to the CEO in the early stages of the organisation’s development, why should they be persuaded to engage with anyone else?
Relying on a single spokesperson is also to neglect the depth of talent and expertise across a cyber-security business. Raising the profile of a variety of spokespeople from different areas of the business – technical, analytical and high-level – allows a cyber-security brand to paint a more complete and coherent picture of the challenges it is seeking to address.
However, there is one exception to the rule: broadly, journalists don’t want to hear from sales personnel. No matter how articulate, charismatic or credible the salesperson, the title triggers a suspicion that’s difficult to move beyond.
The right tool for the job
As with anything, it’s important to use the right tool (or in this case, spokesperson) for the job. Each media engagement is different and should be treated as such when it comes to selecting the most appropriate spokesperson.
For example, a written comment for a security publication on a breach resulting from a system vulnerability would represent a great opportunity to utilise the expertise of a technical spokesperson. Not only is the head of research, for instance, more credible than the CEO in this scenario, but they’d also be capable of providing more specific insight into the issue.
On the other hand, if a tech publication is looking for a perspective on the human issues at the heart of the cyber-security industry, or insight into the broader direction of the business, then the CEO is the obvious choice.
It’s also important to consider the abilities and qualities of your spokespeople. For example, is the spokesperson comfortable in front of the camera or microphone, or would they be better suited to authoring a comment or article? Is the spokesperson’s passion for the product likely to cause problems in a situation that calls for a measured response? Is the spokesperson likely to get caught up in the technical detail?
Taking the time to think about questions such as these and ensure you use the right person for each specific situation can spell the difference between success and disaster.
In a nutshell
When it comes to building out a cyber-security spokesperson matrix and cultivating an authoritative brand voice, it’s vital to tap into the whole breadth of expertise within the organisation, as opposed to relying on a single spokeperson to provide insight.
Take time to consider the strengths and limitations of each spokesperson, and the kinds of media each could most effectively engage with. When selecting which spokespeople to use for which media engagements, context is truly king.
Back to Top
Do cyber-security brands need to maintain a serious tone of voice?
By Dan Simpson
When it comes to b2b industries, a serious tone of voice has historically been the standard. In recent years, though, companies have begun to relax this policy in favour of a more informal approach. Marketers are increasingly turning their attention to the employees of target businesses, rather than the businesses themselves. The result is a much more personal approach to brand marketing.
However, cyber-security is one b2b industry that has broadly remained untouched by the shift towards a more informal marketing style. Cyber-security’s tone of voice remains serious, measured and corporate, which can make it difficult for brands to stand out in today’s wildly overcrowded market.
There’s a belief within the industry that because data privacy is no laughing matter, tone of voice should always remain serious. But is it time for cyber-security marketing professionals to reject sincerity and embrace variety?
What are the alternatives?
According to a study by Global Market Insights, the cyber-security industry is expected to be worth $300bn by 2024 – more than double today’s figure. It’s clear to all that the industry is growing rapidly and, as a result, new players are continually entering the fray, looking to topple established cyber-security brands.
Though growth is an indicator of an industry’s health, greater competition makes it challenging for brands to distinguish themselves. This problem is made worse by the consistency of the tone adopted by cyber-security companies, characterised by its seriousness.
Sincerity isn’t the only option when it comes to conveying the importance of airtight cyber-security. So, here are a few strategies to introduce variety and individuality to cyber-security marketing:
- Speak their language
It’s important to remember that behind every purchasing decision is an individual, or set of individuals, that a cyber-security brand must reach. These decision-makers are people like any other!
One way to ensure a brand is accessible and relatable is to use colloquial and informal language in marketing materials and on social media. This way, the brand comes across as genuine and approachable, rather than severe and robotic. Contrary to the established belief, an informal tone doesn’t affect a brand’s credibility.
It’s also vital to instil a genuine enthusiasm for the product in employees of the cyber-security brand. This belief and passion will communicate itself to anyone who interacts with a staff member, whether in-person or online. An interaction with an enthusiastic individual can be far more compelling than materials distributed via official channels.
- Make them laugh
Laughter is the best medicine…unless you’re diabetic, in which case insulin is pretty high on the list. You have Jasper Carrott to thank for that one!
Joking aside, humour has many benefits when it comes to cyber-security marketing. It can allow brands to:
- Engage and entertain
- Build trust with an audience
- Showcase their human side
For example, we’ve been exploring this approach with our cyber-security client Noble, in the form of a meme marketing campaign. As a result of introducing (topic-relevant) memes and a humorous tone to tweets and LinkedIn posts, we’ve seen a significant boost in engagement.
Humour is a fantastic way to imbue a brand with personality, but it’s also important to remember that it doesn’t fit all occasions. For the greatest impact, humour is best used selectively!
- Cut the jargon
Like most tech-related industries, the language of cyber-security is ever evolving, and new industry jargon pops up with each passing week. However, from a PR and marketing perspective, the influx of technical language means that brands can struggle to communicate themselves to those who don’t operate within the cyber-security bubble.
The varying technical knowledge amongst audiences means it’s crucial for cyber-security brands to adapt the language they use to the specific situation, and cut the jargon where necessary. Whilst a network engineer will understand the technical lingo, a CEO almost certainly will not. It’s equally important to cater to both individuals when considering your cyber-security marketing strategy, because both personas play an integral role in the decision-making process.
Honing in on the human impact of the product, rather than dwelling on its features or the technical specifics, is a great way to reach all stakeholders and audiences with a story that will resonate. Though not everyone understands the nitty gritty, all parties understand the significance of the right to data privacy and the potential consequences of a breach.
Why so serious?
So, there we have it! Though there’s certainly a time and place for sincerity, it’s important for cyber-security brands to introduce variety and personality to their marketing strategy in order to differentiate themselves from the competition.
Employing tactics such as using colloquial language, leaning on humour when appropriate and avoiding jargon where possible can go a long way to establishing a unique and nuanced voice – something that all brands are striving for in today’s crowded cyber-security market.
Back to Top
Talking TechComms: Building a cyber-security brand
By Joel Khalili
Executing an effective cyber-security marketing plan can prove quite the challenge in a market environment that is more crowded and more cynical than ever.
As a result of the introduction of GDPR and a spate of high-profile data breaches affecting some of the world’s biggest brands, today’s consumers have become hypersensitive to the uses and abuses of their data.
What’s more, the likelihood of suffering a cyber-attack is on the rise. It’s not a case of if an individual or organization will be affected by a cyber threat, but rather when, with a new report suggesting that small businesses in the UK suffer around 10,000 cyber-attacks every day.
All this means cyber-security brands face heavy competition and scrutiny – from both consumers and business customers. So, what’s the best way to set about building a cyber-security brand in today’s landscape?
Honesty is the best policy
The first thing to remember when it comes to cyber-security marketing is that building trust as a cyber-security company is all about being direct, straightforward and honest.
Many companies make grand claims about their ability to solve all the world’s cyber-security problems, but this is simply impossible. The heavy-handed marketing strategies employed by legacy brands aren’t proving as effective in today’s market, and businesses are no longer as receptive as they once were. In reality, honesty is the best and only way to build trust.
Due in part to its technical nature, the cyber-security industry has always struggled to effectively communicate itself. New jargon appears with each passing week and, by focusing too heavily on the technical features of their products, cyber-security businesses have a tendency to forget the human impact. Cutting through the jargon and drilling down to the central issue – the right to data privacy, for example – is central to a successful cyber-security marketing campaign.
In the b2b cyber-security world, trying to remember that there’s an element of b2c at play is important. If a brand’s content demonstrates an understanding of business and consumer pain-points, and communicates these on a simple and human level, it gives itself the best possible chance of cutting through the noise.
Understand your audience
For a cyber-security business, building trust and communicating value comes down to really understanding the target audience. The audience for a cyber-security brand could be broken down into three categories:
- High-level (e.g. CEO, CTO)
- Analytical (e.g. Security analyst)
- Technical (e.g. Network engineer)
These categories cover all the individuals that a cyber-security brand needs to reach within a business, but there’s no single set of messaging that can be applied across the board. Each audience requires a bespoke approach, because they look at their own business from inherently different perspectives. For example, a high-level audience will be most interested in the return on investment the business is likely to see for a cyber-security solution, whereas a technical audience will be more interested in the nitty gritty of how the solution actually works.
The other factor to remember is that the b2b sales cycle is also far longer than the b2c sales cycle. While a watch or a phone might be purchased on a whim, cyber-security solutions involve a more considerable outlay and therefore decisions aren’t made lightly. This means it’s important for brands to deliver consistent content across the whole sales cycle, designed specifically to address the issues that most concern each of the three audience types.
Be brave and collaborate
Businesses look for a cyber-security brand that is credible, well associated and stands out in a crowded market. Indeed, this could be the difference between a brand becoming a market leader, or shrinking into obscurity.
The cyber-security industry has been having the same old conversations since its conception, so we believe it’s important for marketing to be bold and daring. Brands should take pride in being different, and can even be a little provocative where appropriate.
Another cyber-security marketing tactic to help brands stand out from the crowd is to embrace collaboration. When building technology or software, collaborations can be extremely beneficial from both a technical and reputational standpoint. Collaborating with other well-known companies adds authority to a brand’s position, and shows that a business is transparent and open to conversation instead of being a closed book.
Finally, demonstrating an openness to collaboration positions a cyber-security brand as a modern organization in contast to the typical legacy attitude, which is characterized by suspicion and paranoia.
Partner with an agency
For an overburdened marketing team, employing the right PR agency can provide the support and strategic perspective needed to really carry a brand forward.
The agency relationship works well when it’s collaborative, not transactional. An agency should be there to validate the decisions made by the marketing team, or otherwise push back on those decisions with a justification for doing so. An agency should feel like a natural and integrated extension of the team, and not just a bunch of “Yes Men”.
An agency can also provide a macro perspective of the wider climate and related industries, to support the micro perspective of the internal team working within the cyber-security bubble.
Of course, knowing which agency is right for you can be easier said than done. For tips on navigating the tricky agency selection process check out our blog: How to make sure you pick the right PR agency.
So, effective cyber-security marketing comes down to 5 key tips:
- Be direct, straightforward and honest
- Understand your audience
- Don’t follow the crowd, be brave!
- Embrace collaboration
- Partner with the right agency
For more insight into the challenges and opportunities of cyber-security marketing, take a listen to the latest iteration of the Talking TechComms Podcast!
In this episode, we sat down with one of our cyber-security clients, Noble, whose anomaly detection tool powered by deep learning sifts through tonnes of threat data and eases the burden on security analysts. Tala Baadarani, director of marketing at Noble, and our very own head of digital, Errol Jayawardene, joined our podcast host Sam Pudwell to talk cyber-security marketing and how to build an enterprise security brand. Find out what they had to say about jargon, transparency to prospective clients and the benefits of working closely with IT teams.
Back to Top
Landing a media briefing at cyber-security trade shows like Black Hat
By Justin Ordman
It’s that time of year again. Thousands of cyber-security professionals have descended on a sweltering Las Vegas for yet another Black Hat conference, which is taking place this week. Businesses have been prepping for this for months, with cyber-security marketing and tech PR professionals pulling out all the stops in order to rise above the noise of a crowded exhibition hall. While Black Hat offers a great opportunity for cyber-security companies to show off their latest and greatest innovations, it’s also a good opportunity for executives to meet with press and analysts face-to-face.
Unless you have the brand awareness of a Cisco or Accenture, or you’re a company with deep cyber-security marketing pockets, this is a lot easier said than done. For starters, press and analysts have limited time to meet with vendors – especially since they’ll be interested in attending several sessions throughout the week. Companies are also competing for face time with dozens (if not hundreds) of other vendors all vying for media attention, so you’ll need to be able to offer something a little more tantalizing to pique their interest.
Here are a few ideas to help secure yourself some briefings at any trade show, be it at a cyber-security show like Black Hat, or other tech-focused trade shows like Mobile World Congress or NAB:
- Hands-on experiences: What can you offer in person that a reporter or analyst won’t be able to get over the phone? This could be anything from offering a live demo at your booth, a photo or video opportunity or an early look at a new product.
- Unveiling research: Have you uncovered a new ransomware trend? Or an additional step in the ever-changing customer journey? Technology trade shows are great for unveiling new research that highlights how the industry is evolving. If you’ve already got a research project in the budget for a different campaign, consider keeping a few findings under wraps that you can release later during an appropriate conference.
- Unleash your heavy hitters: Media will be more interested in speaking with one of your c-level spokespeople than, say, someone in marketing or sales. These are the changemakers within an organization, and have the authority to discuss broader trends and issues impacting the industry that media are writing about.
- Major news: Announcing news at a trade show can be risky. On the one hand, you have a captive audience. On the other, you won’t be the only one announcing news – far from it. The most successful news announcements at trade shows offer something truly new and exciting, whether it’s a new product or a complete overhaul of an old one. New customer or partnership announcements won’t carry as much weight – especially if that customer or partner isn’t attending the show with you, or the results of your partnership have yet to be realized.
- Keep your eyes on the prize: Media and analysts will likely be strolling the expo floor, so keep those eyes peeled for opportunities for a quick hello. (Without becoming a stalker!) Press and analysts are often given special passes that are clearly labeled, so take a look at who’s around you next time you’re in line for coffee or lunch (or simply walking by your booth). Exhibitors will also often get access to a list of attending press and analysts, so familiarize yourself with who will be in attendance, and select a few you want to look for specifically.
- Early bird gets the worm: Evenings are usually chock full of events and parties, but early mornings before the expo hall opens can be a prime opportunity to take a reporter or analyst out for breakfast or coffee before the day properly begins.
Don’t take our word for it
I asked some media friendlies for some anonymous tips on what they look for when accepting briefings at trade shows. One editor at a top cyber-security trade publication said:
I take meetings with folks who are working on new research or findings, or have expertise in an area that I am writing about.
Another editor at a leading publication covering software-defined technologies had this to say:
A lot of it is based on the company and the exec being offered for an interview. About the company: is it one that readers care about and click on stories about? […] Have they been in the headlines recently for good or bad reasons? Do I think their technology is interesting and do I think readers should keep this company on their radar? If it’s a startup: are they doing something new and innovating that I want to learn more about and think readers should as well? And I also look at the executive being offered for the interview; a CEO, CISO, CTO, etc. is much more appealing than a product marketing guy.
It’s not always about coverage
Not every trade show media briefing will result in coverage – and that’s fine! Briefings for the sake of relationship-building are a great way to let press and analysts get to know you and your company and keeps you front of mind next time they’re working on an article or report they think you’d be a good fit for. Background briefings can also help establish trust and give media an opportunity to vet you as a potential future source.
Securing media briefings can be a time-consuming task – especially when timing is everything. Some media and analysts like to start planning their schedules three to four weeks in advance of a trade show. Others like to wait until the week before to still filling their calendars.
Need some extra hands with your cyber-security marketing? Drop us a line at firstname.lastname@example.org.
Back to Top