This month, thousands of security practitioners, CISOs, government officials, reporters, PR people (including a dozen of our own #HWCyberSquad members), and more flocked to Moscone Center in San Francisco to come together to dig into the biggest trends driving the cybersecurity industry.
This year’s theme was “the art of possible” which showcased itself in many ways:
- The art of possibilities with cool booths (Kiteworks brought the puppies, numerous companies brought interactive arcade games, Torq killed the merch, and Pentera fulfilled our sweet tooth cravings)
- The art of possibility to connect in person with media
- The art of possibility to make it to a Wild West-themed after-party, a Third Eye Blind concert, and a leading PE firm reception all in one night
- And most importantly, the art of possibility with new and emerging innovation to help us all build a more secure world (by design, we see you CISA)
Each year, the ideas brought to RSAC get bolder, push more boundaries, and impress more than the years prior. Here are some of our top takeaways that dominated this year’s conference:
There is nothing artificial about the interest in AI
Coming in first place as no surprise is the topic of AI – this year AI took center stage in conversations much as it did in the year prior, but this year felt different. Last year, AI was being discussed as a cure-all, whereas this year we saw a shift in conversation to AI as a supplemental tool to an entire security stack.
For not being sentient, AI can cause a lot of emotions in people including security experts. Depending on where you looked, what sessions you attended, and who you interacted with, the sentiment around AI and its use cases –on the criminal and defender side alike– widely ranges. We witnessed for the second year in a row some cyber vendors relying on the threat of attackers using AI to push their defenses, while on the media side, the Highwire team heard from many reporters that they aren’t getting any qualified leads on the real-world use cases on the dark side of AI which is making it hard to write on the subject despite the immense industry pressure.
Media attendees were selective, hungry, and laser-focused
This year’s RSA Conference drew in over 41,000 attendees with 400+ of those attending accounting for members of the media, a 20% drop in media attendance compared to the 2023 turnout likely due to shifts in newsroom budgets after a historically hard year for the news media industry. Despite this reported decline in media attendance, reporters on the ground were busy this year building their longer-lead stories, digging into the trends (Are we really seeing hackers use AI? What are we looking at for 2024 election security?), and writing 15K+ articles according to MuckRack data.
Coverage of the conference to date has ranged from daily recaps from SC Magazine and CRN to special event highlights in Axios and WSJ. Articles also had a range of quoted individuals including threat researchers, government officials, CISOs, CEOs, and others – #HWCyberSquad Tip: It’s not always the case that the most top-tier outlet reporters want the highest-tier spokesperson (i.e. Reuters doesn’t always mean CEO). Matching reporters' interests and styles with spokespeople is one of the biggest keys to success, especially at conferences.
Public-private partnerships continue to proliferate
With every passing year, the government involvement increases at RSAC (and Black Hat and DEFCON, but we’ll get there this summer). This year RSAC was not only attended but keynoted by the likes of Secretary Antony J. Blinken, Secretary Alejandro N. Mayorkas, Ambassador Nathaniel Fick, Director of CISA Jen Easterly, National Cyber Director Harry Coker, and more.
We saw public-private partnerships –and promises– highlighted on a large scale with the CISA-led Secure by Design pledge receiving around 70 signatures from major tech and cyber companies including AWS, Microsoft, Google, Cisco, CrowdStrike, Rapid7, and more.
Highlighted at the conference this year was the value of these intertwined partnerships. As cyber threats continue to pose a challenge at all levels of government, the collaboration between the government and the cybersecurity industry is accelerating to help address cyber threats to safeguard communities against ransomware, data theft, election security risks, and critical infrastructure attacks.
SEC breach disclosure regulations are giving victims the unwanted spotlight
We watched the Change Healthcare breach unfold weeks ago, which persisted as a theme throughout media conversations at the conference – this isn’t a one-off instance, the public reputational damage and continuous conversation of a cyber incident is the standard, especially with the new SEC regulation that requires publicly traded companies to disclose “material” cybersecurity incidents to the agency, making it harder to hide a breach.
More than ever before, companies must have a crisis plan in place for when (not if) a cyber incident occurs in their environments. To help companies with cybersecurity issue communications, Highwire PR launched our new Comprehensive Cybersecurity Crisis Communications Service during RSAC.
This new service sets companies up to prepare for, monitor, and manage any cybersecurity issues, this new crisis communications offering will provide companies with a full range of support including:
- Cyber incident communications assessment and preparation
- Development of a cyber-specific crisis communications playbook
- Analytics dashboards to track cybersecurity emerging and/or urgent issues and inform recommendations
- Communications management and support in the event of a cyber incident
Looking to hear more insights about this year’s RSAC? Drop us a line – we’re happy to chat!