#HWCyberSquad leader Christine Elswick shares insights into creating future cyber leaders
Election hacking. Targeted attacks on our power grid systems. Ransomware debilitating global network infrastructure. Hundreds of millions of passwords stolen from businesses in one fell swoop. This is the reality we face in today’s cyber threat landscape.
The continued onslaught of cyberattacks has essentially made cybersecurity mainstream—and effective and transparent communication in the wake of such a crisis is now a critical skill for any business to have. This evolution has created an opportunity for leading vendors to educate the masses about the critical reality of today’s cyber world. If done right, security companies have the opportunity to become household names within the next 10 years.
But the growing market makes it difficult for a single company to stand out from the crowd. So how can a cybersecurity business differentiate itself, rebuild trust in the age of breach fatigue, and educate the world in the wake of cyber warfare?
In this blog, I’ll walk you through strategic recommendations that will elevate your thought leadership, strengthen relationships with the media that matter, and align with today’s headlines.
Rebuild Trust—We’ve witnessed the expansion of mainstream cybersecurity awareness in everyday society in recent years, as demonstrated through television shows such as Mr. Robot and blockbuster hits like Snowden and Ocean’s 8. As scary as it sounds, cyber interference in the real world has moved out of the realm of science fiction to everyday conversation. Look no further than this year’s midterm elections.
It’s clear that cybersecurity is no longer only for the most technically gifted; it has directly reached the lives of ordinary people. The growth of IoT devices like smart voice assistants or connected door locks means we can’t ignore the threat of cybercriminals to our everyday lives. Further, with Big Tech in the hot seat for its misuse of data, it’s an opportune time for security companies to rebuild trust within the enterprise and beyond.
Security companies need to reach executives outside of the security world now more than ever to raise awareness of what is at stake. We cannot afford to let cybersecurity be a problem only for enterprise security teams alone to deal with. This means that cybersecurity communications cannot be limited to trade and industry publications, but must also reach broader audiences.
Integrate Your Comms—One part media relations, three parts press release, and a dash of analyst engagement. Years ago, this was the recipe for PR success. Today, organizations must take an integrated approach to communications. Leveraging digital strategies such as social engagement and influencer marketing alongside ”traditional” thought leadership is vital to amplifying a company’s vision and cutting through the industry noise.
On the influencer side of things, journalists writing longer-lead feature stories for publications like The Wall Street Journal and New York Times are increasingly seeking non-vendor sources, looking to prestigious academic institutions, think tanks, current and former government officials and in the case of WSJ Pro Cybersecurity, CISOs at non-tech Fortune 500 companies for perspective. Aligning with these influencers will help strengthen your company’s reputation through thought leadership.
When it comes to social engagement, it’s critical that you establish an authentic voice that aligns with your brand across all channels and leverage this medium to extend the life of your content. In the fast-moving, volatile world that is cybersecurity, speed is also critical. You must be able to move quickly and nimbly to get your company’s voice heard.
Get Creative with Telling Your Story—It’s no secret: the industry is crowded. Just two minutes on the RSA or Black Hat show floor or a look at the latest VC investment headlines will tell you that.
Never has PR been more critical to help the real leaders stand out. But it’s important that companies challenge themselves to be creative with campaigns to break away from the pack. This means showing that the company is more than just a product. It means that thought leadership should be supported by identifying independent thinkers with deliberate, experience-tested philosophies. It means discussing real-world examples (even if anonymized!) of how your technology actually makes an impact and stops cyber attacks in real-time across Fortune 500 businesses. These examples tell a story that pulls the reader in.
Don’t Forget the Fundamentals.
- The importance of a cyber playbook—There are only two types of companies left in the U.S.: those that have been hacked, and those that don’t know they’ve been hacked. With this in mind, companies must have a crisis plan that will guide them through worst case scenarios. Highwire recommends going as far as involving third parties (who will theoretically support the business in a time of crisis) and reporters as part of the course.
- Rapid response: Unless a spokesperson has direct knowledge of the incident or previous experience that makes him/her an expert on the particular topic, do not ambulance chance—it only undermines their credibility and frustrates reporters. As public understanding of cybersecurity grows, so too will the demand for thoughtful, nuanced reporting on these incidents. The experts who reporters will turn to the most for their thought leadership are the ones who can offer unique insights and help people understand the real impact, without spreading FUD.
- Increasing importance of strategic events—A way for executives to talk about real issues and interact with like-minded peers, events have become a crucial medium for the industry. The cybersecurity community is a tight-knit group so building on those relationships in person is essential to becoming a respected voice in the industry. In recent years, high profile events such as WSJ.D Live, MIT EmTech and Collision have created dedicated cybersecurity tracks. CNBC and Bloomberg are other top-tier publications placing a heavy emphasis in cybersecurity across their global events, and newer conferences continue to emerge, such as the third annual Aspen Cyber Summit—held for the first time on the West Coast last week. At RSA 2018, Alex Stamos and others launched OURSA to discuss issues not tackled at the larger mainstage conference—diversity & inclusion, privacy & security implications, and ethics of emerging technologies. Watch out for the #HWCyberSquad’s upcoming blog on security events that are becoming strategic opportunities to build relationships and showcase research.
- Aligning the business to key trends—Tying your business to key trends—both security and non-security related—will be important to elevating the brand and creating a connection to a broader audience. In the next 10 years, topics that will likely to continue to be front and center in the news include: all things artificial intelligence and human intelligence; AI-based attacks; data privacy and GDPR; diversity and inclusion; nation-state security and cyber warfare; the economic impact of security on a global scale; IoT and smart cities; consolidation across the security market; quantum computing and much more.
The internet has become a crowded, labyrinthian place to conduct business and share information. There are hundreds of cybersecurity startups emerging every month, each claiming to have the silver bullet to addressing the cyber crisis, and legacy players snatching up smaller ones in order to acquire next-generation capabilities to remain relevant. But intelligent communications is our map to show us the way forward and create an opportunity for the cyber leaders of the future to make their mark.
The true leaders will emerge through compelling storytelling that showcases their impact to a broader audience. The age of cyber war is just beginning and it will create lasting change on the world and the cybersecurity industry over the next 10 years. But one thing is certain: communications will be a critical piece of the puzzle in establishing credibility and trust in these uncertain times.