Cyber-security marketing & public relations 101

By in Cyber-Security
On September 5, 2019

Browse
cyber-security marketing

Quick Links:

    1. Why having shy customers doesn’t have to hinder your cyber-security marketing strategy
    2. Solving the internal communications gap
    3. Why clarity in external cyber-security messaging is key
    4. Cyber-security marketing: Building out a spokesperson matrix
    5. Do cyber-security brands need to maintain a serious tone of voice?
    6. Talking TechComms: Building a cyber-security brand
    7. Landing a media briefing at cyber-security trade shows like Black Hat

Why having shy customers doesn’t have to hinder your cyber-security marketing strategy

By Sam Pudwell

As we all know, the trusty customer case study is an important component of any PR or marketing campaign – no matter what the industry.

Case studies help businesses demonstrate how their product or service has been successfully implemented by customers. They provide an excellent proof point for a product’s value in a certain sector, and highlight how it can be used to address a specific business issue.

Instead of just talking about a product in theoretical terms, case studies allow brands to showcase practical applications. Most importantly, they help bring a (potentially dull) product to life by letting brands tell stories that are much more engaging than another self-serving press release.

However, not all industries have it easy where case studies are concerned. For example, finding customers willing to be used as case studies is notoriously difficult in the cyber-security space, primarily due to the sensitive nature of the topic.

So, how can brands use customers in their cyber-security marketing and PR strategies without placing them under the spotlight? Here are a few options.

Use their data, not their name

Virtually all modern cyber-security products collect a huge amount of data from the analysis of things like network traffic, device performance and employee activity. So, even if you can’t use a customer’s brand name, you might be able to use their data (with their permission, of course) to talk about what’s happening in the industry, or point to trends that align with your marketing messaging.

For example, a customer might have suffered a rare type of attack, or a variation of an existing threat that hasn’t been seen before. Or, multiple customers operating in the same industry might have suffered a similar attack within a short timeframe, suggesting that a specific type of company is being targeted.

This is all interesting data that could be used as part of a PR campaign addressing the wider threat landscape (think press briefings and speaking slots), or simply as a one-off piece of content like a blog or press release to showcase your expertise.

And the best part is that it can all be anonymised, so the customer in question doesn’t have to worry about its name appearing across cyber-security publications, blogs and social media feeds.

Remember, just because you can’t use a customer’s name, it doesn’t mean they can’t be useful in other ways.

Make the most of awards season

Another extremely effective way of showcasing and validating all the great work you’ve done with customers without publicly naming them is to enter into industry awards.

With competition in the sector continuing to intensify, industry awards provide a valuable opportunity to illustrate your cyber-security brand’s expertise. They also help to build credibility and authority, providing third-party endorsements that add weight to any PR or marketing strategy.

Winning (or even just being nominated for) an award from a respected industry body proves that your product really is as good as you say it is, which builds trust with both current and potential customers.

Most importantly, the finer details of the entry and the work you’ve completed with a customer can be kept private, so that they are only read by the judging panel. This enables customers to be used as part of your cyber-security marketing strategy, even if they are concerned about revealing business secrets to media.

Plus, who doesn’t enjoy a glass of prosecco and the inevitable shrimp cocktail that comes with attending an awards evening?

Get persuasive

Finally, it’s always worth trying to convince any reluctant customers about the benefits of taking part in a case study. Just remember to keep the following tips in mind:

Ultimately, it will always be tricky for cyber-security brands to find customers that are willing to be used as case studies. Cyber-security is a sensitive area, so many companies are understandably reluctant to talk about their experiences openly.

But, by thinking about how customer stories can be used in different ways – such as in award entries or through the collection of data – cyber-security brands can bolster their marketing strategies and get even more value out of their customer relationships.

Struggling to make the most of your customer references? Get in touch at hello@rlyl.com to find out how we can help make your customers a central part of your cyber-security marketing strategy.

Back to Top


Solving the internal communications gap

By Emma Davies 

It seems we can’t go a single day without an unsuspecting Brit transferring every penny they own to a cyber-criminal. Whether it’s a fake millionaire on Tinder stealing $200,000, or a cyber-savvy team of investment charlatans convincing pensioners to part with their life’s savings, being a hacker really is a full time job.

Unfortunately, it’s an even bleaker picture for businesses. Small businesses are the subject of repeated cyber-attacks, with almost 10,000 attacks happening every day according to the Federation of Small Businesses.

From a cyber-security marketing perspective, the widely documented cyber-security skills gap across the nation has forced vendors to push themselves to the limit to capture the attention of the b2b enterprise market. For any ambitious cyber-security start-up, it’s an obvious choice to get the PR machine up and running: but a not so obvious choice as to when, or how to position the company.

Perhaps most importantly, it can be hard to know how to come up with a PR strategy that pleases everyone internally. For example, the staff actually working on coding and developing the product will probably want to tell a different story to the less-technically savvy sales and marketing departments, which can result in a confused message and impact stakeholder buy-in.

Due to the competitive nature of funding and the reliance on pleasing investors and the unpredictability of product development, cyber-security marketing teams can often find themselves between a rock and a hard place when it comes to getting everyone on board internally with PR across the business. So how can it be done, and what should you consider?

  1. Involve your security developers from the get go in a way that makes sense. Broad, brush stroke marketing statements do not often sit well with people who’s job it is to be the devil in the detail. Think about how they can contribute to the overall vision in a way which plays to their strengths and is likely to generate external engagement. For example, developing comments to respond to breaking news of cyber-security breaches, specifically how they could have been prevented, is a good way to showcase technical expertise and be useful to journalists.
  2. Find out what the investors and board members are looking for. Investors can often instigate a PR agenda by saying things like “We’d like to be in the Financial Times” or “XYZ is on the BBC, why aren’t we?” There needs to be a level of education on how to go from zero to hero, and a decent tech PR agency should be able to craft a plan to get there to keep those holding the purse strings on side. Managing expectations with an evidence-based strategy will be important in building momentum.
  3. Decide how PR will support sales. PR budgets can often be limited, which means it’s crucial to nail down what you want from activity. Driving sales, or lead generation can be a good way to focus PR content creation on the buyer audiences’ trade titles, and tools such as paid-for targeting on social media can stretch this content even further. But time spent on brand awareness in higher tier publications can also be reusable for sales meeting and funding pitches, so it’s crucial to decide early on where you want to focus your budget and the PR effort.

In traditional b2b tech PR, we often let customers do the talking on vendors’ behalf – as there is no greater validation than a happy customer. But we know this is not always possible in the security space, which means a renewed effort needs to be made elsewhere.

Crucially, the approach needs to be agreed internally to generate buy-in across the entire organization. If some kind of consensus can be agreed upon at the start of a campaign, it will allow you to put your best foot forward and use a PR agency in the most efficient way.

If you’d like to discuss further, feel free to email one of our cyber-security experts at itteam@rlyl.com.

Back to Top


Why clarity in external cyber-security messaging is key

By Francesca D’arcy-Orga

From phishing and worms, to SIM Swap fraud and trojan horses, the cyber-security industry is filled with enough buzzwords and jargon to make your head spin. When you add in all the acronyms (IoT, BYOD, DLP, SIEM…), trying to navigate the world of cyber-security messaging can feel like peering through murky waters.

At the same time, cyber-security is now a top priority for businesses, as a security breach can have huge financial and reputational ramifications. Consumers are also becoming more cyber-security conscious, as conversations around breaches and data privacy regularly hit mainstream headlines.

For cyber-security companies, it can be easy to forget that not everyone is as immersed in the industry, or as familiar with the language, which is why it’s important that external messaging is jargon free and easy to understand.

Here are three reasons why clarity in your cyber-security messaging is key:

Our attention spans are getting shorter

The internet is awash with stats about our decreasing attention spans. As recently as June this year, a major study from academics at Oxford, King’s College London, Harvard and Western Sydney University found that using the internet is physically changing our brains, making our attention spans shorter and our memory worse.

In the digital age, we’re all constantly bombarded with stimuli. As content of all varieties becomes increasingly abundant, the human attention is pulled in every which direction, so should be treated as a scarce commodity.

For this reason, cyber-security messaging has to be as easy to understand as possible. People don’t have the time to try and decipher acronyms or unnecessarily technical language, so cut to the point and keep it simple. Whenever someone clicks off your content, you’ve missed an opportunity to create a connection, which is especially frustrating when it can be easily avoided!

Your audience is bigger than you think

Many companies can tell you in a heartbeat who their target audience is, whether that’s the CIO, CTO, senior decision makers, or “the person who manages the budget”.

But your audience is usually bigger than your sales prospects. What about the panicked CEO whose business has just been hacked? A journalist who’s researching for an article? Someone who’s gone down a rabbit hole and stumbled across one of your blogs?

All of these people will have a different level of understanding about what you do and the industry you’re operating in. Therefore it’s good to tailor your content so the messaging is appropriate for the relevant audiences. A news-hijacking comment delivered to mainstream media should have a different tone to a whitepaper for prospects, for instance.

At the end of the day, if your messaging is confusing and hard to understand, people are more likely to click away from your content and head to a competitor.

There’s too much at stake

Cyber-criminals are becoming more savvy, breaches are a regular occurrence, and enterprise and consumer data is under constant threat. As such, it’s never been more important for people to have a basic understanding of cyber-security.

Everyone in the industry—from security analysts, to CIOs, to journalists—has a responsibility to ensure they’re educating people on threats to look out for, and steps people can take to ensure hackers aren’t given the upper-hand. Jargon-free, easy to understand messaging is essential to this education process.

Other quick tips for improving your messaging include:

It’s no secret that cyber-security is fast becoming one of the most important issues for businesses and consumers, meaning clarity of messaging has never been so essential. After all, why should people take your advice or buy your product if they can’t understand even what you’re saying?

If you need help developing jargon-free messaging for your cyber-security company, get in touch!

Back to Top


Cyber-security marketing: Building out a spokesperson matrix

By Joel Khalili

For cyber-security brands, strength and depth are equally important when it comes to building out a spokesperson matrix.

As the public faces of the company, spokespeople are central to defining a brand’s voice and public perception. For this reason, selecting precisely who to put in front of press is a decision well worth taking time over.

Building out a spokesperson matrix is all about balance – between technical and non-technical expertise, too many voices and too few, individuals with passion and those with poise.

It’s also important to assess each opportunity as it comes, and ensure the best equipped and most suitable spokesperson is selected for the specific instance.

With all this in mind, here are a few key considerations for any cyber-security brand looking to build an industry-leading spokesperson line-up.

Variety is the spice of life

For many cyber-security marketers, the temptation can be to lean on a single individual for all press opportunities. Start-ups and scale-ups in particular tend to rely on the founder or CEO to spread the company word.

This inclination is perfectly natural. After all, it’s logical that the most high-profile member of an organisation should be at the heart of its PR efforts. It’s also true that press are interested in speaking with decision makers, which means founders and CEOs are sensible candidates.

However, the range of discussions that take place within the cyber-security industry – from security and compliance, to the technology, to the human right to privacy – means it’s important for brands to provide varied, credible perspectives. Relying on one spokesperson alone for all press opportunities can bring about difficulties further down the line.

If journalists only ever hear from one individual, they can become reliant on that person and unwilling to hear from anyone else within the organisation. After all, if they’ve enjoyed unchecked access to the CEO in the early stages of the organisation’s development, why should they be persuaded to engage with anyone else?

Relying on a single spokesperson is also to neglect the depth of talent and expertise across a cyber-security business. Raising the profile of a variety of spokespeople from different areas of the business – technical, analytical and high-level – allows a cyber-security brand to paint a more complete and coherent picture of the challenges it is seeking to address.

However, there is one exception to the rule: broadly, journalists don’t want to hear from sales personnel. No matter how articulate, charismatic or credible the salesperson, the title triggers a suspicion that’s difficult to move beyond.

The right tool for the job

As with anything, it’s important to use the right tool (or in this case, spokesperson) for the job. Each media engagement is different and should be treated as such when it comes to selecting the most appropriate spokesperson.

For example, a written comment for a security publication on a breach resulting from a system vulnerability would represent a great opportunity to utilise the expertise of a technical spokesperson. Not only is the head of research, for instance, more credible than the CEO in this scenario, but they’d also be capable of providing more specific insight into the issue.

On the other hand, if a tech publication is looking for a perspective on the human issues at the heart of the cyber-security industry, or insight into the broader direction of the business, then the CEO is the obvious choice.

It’s also important to consider the abilities and qualities of your spokespeople. For example, is the spokesperson comfortable in front of the camera or microphone, or would they be better suited to authoring a comment or article? Is the spokesperson’s passion for the product likely to cause problems in a situation that calls for a measured response? Is the spokesperson likely to get caught up in the technical detail?

Taking the time to think about questions such as these and ensure you use the right person for each specific situation can spell the difference between success and disaster.

In a nutshell

When it comes to building out a cyber-security spokesperson matrix and cultivating an authoritative brand voice, it’s vital to tap into the whole breadth of expertise within the organisation, as opposed to relying on a single spokeperson to provide insight.

Take time to consider the strengths and limitations of each spokesperson, and the kinds of media each could most effectively engage with. When selecting which spokespeople to use for which media engagements, context is truly king.

Back to Top


Do cyber-security brands need to maintain a serious tone of voice?

By Dan Simpson

When it comes to b2b industries, a serious tone of voice has historically been the standard. In recent years, though, companies have begun to relax this policy in favour of a more informal approach. Marketers are increasingly turning their attention to the employees of target businesses, rather than the businesses themselves. The result is a much more personal approach to brand marketing.

However, cyber-security is one b2b industry that has broadly remained untouched by the shift towards a more informal marketing style. Cyber-security’s tone of voice remains serious, measured and corporate, which can make it difficult for brands to stand out in today’s wildly overcrowded market.

There’s a belief within the industry that because data privacy is no laughing matter, tone of voice should always remain serious. But is it time for cyber-security marketing professionals to reject sincerity and embrace variety?

What are the alternatives?

According to a study by Global Market Insights, the cyber-security industry is expected to be worth $300bn by 2024 – more than double today’s figure. It’s clear to all that the industry is growing rapidly and, as a result, new players are continually entering the fray, looking to topple established cyber-security brands.

Though growth is an indicator of an industry’s health, greater competition makes it challenging for brands to distinguish themselves. This problem is made worse by the consistency of the tone adopted by cyber-security companies, characterised by its seriousness.

Sincerity isn’t the only option when it comes to conveying the importance of airtight cyber-security. So, here are a few strategies to introduce variety and individuality to cyber-security marketing:

    1. Speak their language

It’s important to remember that behind every purchasing decision is an individual, or set of individuals, that a cyber-security brand must reach. These decision-makers are people like any other!

One way to ensure a brand is accessible and relatable is to use colloquial and informal language in marketing materials and on social media. This way, the brand comes across as genuine and approachable, rather than severe and robotic. Contrary to the established belief, an informal tone doesn’t affect a brand’s credibility.

It’s also vital to instil a genuine enthusiasm for the product in employees of the cyber-security brand. This belief and passion will communicate itself to anyone who interacts with a staff member, whether in-person or online. An interaction with an enthusiastic individual can be far more compelling than materials distributed via official channels.

    1. Make them laugh

Laughter is the best medicine…unless you’re diabetic, in which case insulin is pretty high on the list. You have Jasper Carrott to thank for that one!

cyber-security marketing Noble meme

Joking aside, humour has many benefits when it comes to cyber-security marketing. It can allow brands to:

For example, we’ve been exploring this approach with our cyber-security client Noble, in the form of a meme marketing campaign. As a result of introducing (topic-relevant) memes and a humorous tone to tweets and LinkedIn posts, we’ve seen a significant boost in engagement.

Humour is a fantastic way to imbue a brand with personality, but it’s also important to remember that it doesn’t fit all occasions. For the greatest impact, humour is best used selectively!

    1. Cut the jargon

Like most tech-related industries, the language of cyber-security is ever evolving, and new industry jargon pops up with each passing week. However, from a PR and marketing perspective, the influx of technical language means that brands can struggle to communicate themselves to those who don’t operate within the cyber-security bubble.

The varying technical knowledge amongst audiences means it’s crucial for cyber-security brands to adapt the language they use to the specific situation, and cut the jargon where necessary. Whilst a network engineer will understand the technical lingo, a CEO almost certainly will not. It’s equally important to cater to both individuals when considering your cyber-security marketing strategy, because both personas play an integral role in the decision-making process.

Honing in on the human impact of the product, rather than dwelling on its features or the technical specifics, is a great way to reach all stakeholders and audiences with a story that will resonate. Though not everyone understands the nitty gritty, all parties understand the significance of the right to data privacy and the potential consequences of a breach.

Why so serious?

So, there we have it! Though there’s certainly a time and place for sincerity, it’s important for cyber-security brands to introduce variety and personality to their marketing strategy in order to differentiate themselves from the competition.

Employing tactics such as using colloquial language, leaning on humour when appropriate and avoiding jargon where possible can go a long way to establishing a unique and nuanced voice – something that all brands are striving for in today’s crowded cyber-security market.

Back to Top


Talking TechComms: Building a cyber-security brand

By Joel Khalili

Executing an effective cyber-security marketing plan can prove quite the challenge in a market environment that is more crowded and more cynical than ever.

As a result of the introduction of GDPR and a spate of high-profile data breaches affecting some of the world’s biggest brands, today’s consumers have become hypersensitive to the uses and abuses of their data.

What’s more, the likelihood of suffering a cyber-attack is on the rise. It’s not a case of if an individual or organization will be affected by a cyber threat, but rather when, with a new report suggesting that small businesses in the UK suffer around 10,000 cyber-attacks every day.

All this means cyber-security brands face heavy competition and scrutiny – from both consumers and business customers. So, what’s the best way to set about building a cyber-security brand in today’s landscape?

Honesty is the best policy

The first thing to remember when it comes to cyber-security marketing is that building trust as a cyber-security company is all about being direct, straightforward and honest.

Many companies make grand claims about their ability to solve all the world’s cyber-security problems, but this is simply impossible. The heavy-handed marketing strategies employed by legacy brands aren’t proving as effective in today’s market, and businesses are no longer as receptive as they once were. In reality, honesty is the best and only way to build trust.

Due in part to its technical nature, the cyber-security industry has always struggled to effectively communicate itself. New jargon appears with each passing week and, by focusing too heavily on the technical features of their products, cyber-security businesses have a tendency to forget the human impact. Cutting through the jargon and drilling down to the central issue – the right to data privacy, for example – is central to a successful cyber-security marketing campaign.

In the b2b cyber-security world, trying to remember that there’s an element of b2c at play is important. If a brand’s content demonstrates an understanding of business and consumer pain-points, and communicates these on a simple and human level, it gives itself the best possible chance of cutting through the noise.

Understand your audience

For a cyber-security business, building trust and communicating value comes down to really understanding the target audience. The audience for a cyber-security brand could be broken down into three categories:

These categories cover all the individuals that a cyber-security brand needs to reach within a business, but there’s no single set of messaging that can be applied across the board. Each audience requires a bespoke approach, because they look at their own business from inherently different perspectives. For example, a high-level audience will be most interested in the return on investment the business is likely to see for a cyber-security solution, whereas a technical audience will be more interested in the nitty gritty of how the solution actually works.

The other factor to remember is that the b2b sales cycle is also far longer than the b2c sales cycle. While a watch or a phone might be purchased on a whim, cyber-security solutions involve a more considerable outlay and therefore decisions aren’t made lightly. This means it’s important for brands to deliver consistent content across the whole sales cycle, designed specifically to address the issues that most concern each of the three audience types.

Be brave and collaborate

Businesses look for a cyber-security brand that is credible, well associated and stands out in a crowded market. Indeed, this could be the difference between a brand becoming a market leader, or shrinking into obscurity.

The cyber-security industry has been having the same old conversations since its conception, so we believe it’s important for marketing to be bold and daring. Brands should take pride in being different, and can even be a little provocative where appropriate.

Another cyber-security marketing tactic to help brands stand out from the crowd is to embrace collaboration. When building technology or software, collaborations can be extremely beneficial from both a technical and reputational standpoint. Collaborating with other well-known companies adds authority to a brand’s position, and shows that a business is transparent and open to conversation instead of being a closed book.

Finally, demonstrating an openness to collaboration positions a cyber-security brand as a modern organization in contast to the typical legacy attitude, which is characterized by suspicion and paranoia.

Partner with an agency

For an overburdened marketing team, employing the right PR agency can provide the support and strategic perspective needed to really carry a brand forward.

The agency relationship works well when it’s collaborative, not transactional. An agency should be there to validate the decisions made by the marketing team, or otherwise push back on those decisions with a justification for doing so. An agency should feel like a natural and integrated extension of the team, and not just a bunch of “Yes Men”.

An agency can also provide a macro perspective of the wider climate and related industries, to support the micro perspective of the internal team working within the cyber-security bubble.

Of course, knowing which agency is right for you can be easier said than done. For tips on navigating the tricky agency selection process check out our blog: How to make sure you pick the right PR agency.

So, effective cyber-security marketing comes down to 5 key tips:

For more insight into the challenges and opportunities of cyber-security marketing, take a listen to the latest iteration of the Talking TechComms Podcast!

In this episode, we sat down with one of our cyber-security clients, Noble, whose anomaly detection tool powered by deep learning sifts through tonnes of threat data and eases the burden on security analysts. Tala Baadarani, director of marketing at Noble, and our very own head of digital, Errol Jayawardene, joined our podcast host Sam Pudwell to talk cyber-security marketing and how to build an enterprise security brand. Find out what they had to say about jargon, transparency to prospective clients and the benefits of working closely with IT teams.

Back to Top


Landing a media briefing at cyber-security trade shows like Black Hat

By Justin Ordman

It’s that time of year again. Thousands of cyber-security professionals have descended on a sweltering Las Vegas for yet another Black Hat conference, which is taking place this week. Businesses have been prepping for this for months, with cyber-security marketing and tech PR professionals pulling out all the stops in order to rise above the noise of a crowded exhibition hall. While Black Hat offers a great opportunity for cyber-security companies to show off their latest and greatest innovations, it’s also a good opportunity for executives to meet with press and analysts face-to-face.

Unless you have the brand awareness of a Cisco or Accenture, or you’re a company with deep cyber-security marketing pockets, this is a lot easier said than done. For starters, press and analysts have limited time to meet with vendors – especially since they’ll be interested in attending several sessions throughout the week. Companies are also competing for face time with dozens (if not hundreds) of other vendors all vying for media attention, so you’ll need to be able to offer something a little more tantalizing to pique their interest.

Here are a few ideas to help secure yourself some briefings at any trade show, be it at a cyber-security show like Black Hat, or other tech-focused trade shows like Mobile World Congress or NAB:

Don’t take our word for it

I asked some media friendlies for some anonymous tips on what they look for when accepting briefings at trade shows. One editor at a top cyber-security trade publication said:

I take meetings with folks who are working on new research or findings, or have expertise in an area that I am writing about.

Another editor at a leading publication covering software-defined technologies had this to say:

A lot of it is based on the company and the exec being offered for an interview. About the company: is it one that readers care about and click on stories about? […] Have they been in the headlines recently for good or bad reasons? Do I think their technology is interesting and do I think readers should keep this company on their radar? If it’s a startup: are they doing something new and innovating that I want to learn more about and think readers should as well? And I also look at the executive being offered for the interview; a CEO, CISO, CTO, etc. is much more appealing than a product marketing guy.

It’s not always about coverage

Not every trade show media briefing will result in coverage – and that’s fine! Briefings for the sake of relationship-building are a great way to let press and analysts get to know you and your company and keeps you front of mind next time they’re working on an article or report they think you’d be a good fit for. Background briefings can also help establish trust and give media an opportunity to vet you as a potential future source.

Securing media briefings can be a time-consuming task – especially when timing is everything. Some media and analysts like to start planning their schedules three to four weeks in advance of a trade show. Others like to wait until the week before to still filling their calendars.

Need some extra hands with your cyber-security marketing? Drop us a line at hello@rlyl.com.

Back to Top

Back to Blog

Related Posts