Alloy logo

May 16, 2020

Simon Cowart


VP of Growth

This article originally appeared in Cyber Defense Magazine.

If you were to reflect back to the beginning of the previous decade, you’d be hard-pressed to remember more than a handful of cybersecurity stories per month outside of the industry trades. Aside from Stuxnet, there were relatively few cyber incidents that the media deemed significant enough to warrant mainstream attention. And to be frank, the media’s interest in Stuxnet was probably less about cybersecurity and more about the national security implications of the U.S. and Israel conducting an intelligence operation within Iran’s borders.

Fast forward to 2020 and there is absolutely no shortage of cybersecurity hacks, breaches, threats, and vulnerability discoveries in the mainstream news on a daily basis. The evolution of press coverage has directly coincided with the rather dramatic increase in cyberattacks of consequence to the critical mass. From a cybersecurity perspective, it’s certainly an interesting time to be alive.

To rapid response or not too rapid response – that is the question

To unearth cybersecurity stories, reporters are tipped off by security analysts, white hat hackers, penetration testers, government agencies, PR flacks and yes, even cybersecurity vendors like you.

Over the years, cybersecurity PR professionals have developed a reputation for overly aggressive media relations efforts that are sometimes void of the best practices proven to build and sustain journalist relationships. This is particularly true with newsjacking, a rapid response media relations technique in which brands attempt to insert their key messages and thought leadership into the narratives that are consuming the news cycle at a specific point in time.

The appeal of newsjacking is understandable. When successful, newsjacking can bestow brands with invaluable third-party validation and heightened perception during times when people are focused intently on an issue of relevance.

However, the misapplication of newsjacking by a vocal minority has stigmatized the cybersecurity industry as a whole. Currently, there are far too many examples of prominent cybersecurity reporters showcasing frustration by the continuance of overtly promotional, unfitting and off-topic pitches penetrating their inboxes. For context, it is not uncommon for influential journalists to receive 50-100 pitches each day and only have use for one.

COVID-19 epitomizes cybersecurity’s newsjacking predicament perfectly. While some cyber companies have found success in penetrating the coronavirus narratives via strategic rapid response, many others have drafted pitches that have fallen on deaf ears. Why? While I don’t have all of the answers, I can surmise that far too many brands likely pursued journalists with subjective speculation and unproven claims about the origins of pandemic-themed phishing attacks and advertorial points of view about how to mitigate the increased risk.

For media, such pitches often trigger an immediate delete, as the messages’ contents lack the objective intel and information that add credibility and uniqueness to stories that are shaping the news cycle.

Inadvertent missteps linked to cybersecurity’s competitiveness and growth

There is undoubtedly the potential for long-term reputational impacts to cybersecurity brands that continuously newsjack inappropriately. Hopefully, those at fault will soon realize that it’s often more advantageous to withhold from engaging in rapid response except for instances when your company is uniquely positioned to respond objectively.

But the misuse of rapid response isn’t the only PR mistake that can negatively impact a brand’s equity, perception, and pipeline.

Today’s cyber marketers are frequently tasked with accelerating brand awareness and lead generation – often at a clip much faster than what they are accustomed to. This is especially true for marketers new to cybersecurity since the industry’s intense pace and variability cannot be simulated in a classroom or during an onboarding session. For cyber marketers, the need to act quickly and with conviction can cause unfortunate mistakes to be made, misconceptions to flourish and high ROI tactics to be overlooked.

These are some of the most common mistakes in cybersecurity PR, along with an objective explanation as to why each misstep should no longer be overlooked:

  • Over-pitching products – Most cybersecurity reporters cannot or do not want to write about a company’s self-described “revolutionary” product. In fact, more than 90% of today’s cybersecurity news spans just four topics: 1) zero-days and threat discoveries, 2) surveys and proprietary data, 3) transaction news (funding, M&A, partnerships, etc.), and 4) national security.

  • Forgetting SEO – Sometimes cybersecurity marketers get persuaded by product teams and other decision-makers to message and position products using terminology that is not consistent with what buyers are actually searching for. This is counterintuitive to demand generation and can damage a brand’s searchability among competitors.

  • Category hopping – The temptation to hop from category to category in cybersecurity is compelling, and perhaps there is an argument for doing so that does make sense. But from a media, analyst, and buyer’s perspective, nothing looks more suspicious than a perceived knee jerk reaction to switch sectors and subject matter with the change of the news cycle.

  • Presuming customers and partners are a “No” – As cyberattacks become more mainstream, companies are beginning to find it advantageous – both from a reputational and competitive standpoint – to be more forthcoming with their threat mitigation strategies. So, the next time you need third-party validation, don’t let the perils of presumption prevent you from making the ask.

  • Devaluing awards – It can be harder to track the overall business impact of industry awards, which is why this budget line item is usually the first to be cut. However, research reveals that award winners have 37% more sales growth compared to others. Aside from the positive impact on revenue, awards are also very important to help recruit top talent, provide competitive intelligence, and bolster SEO.

  • Underrating executive social media – In such a competitive industry, the lack of executive social media is a significant missed opportunity. Not only does the authenticity of executive visibility lead to greater engagement, but it can be the competitive differentiator needed to propel your brand from a prospect’s consideration phase to purchase. In fact, 83% of executives that chose a vendor in 2018 used social media in their decision-making process.

  • Undervaluing thought leadership – Demand for thought leadership is high, and vendor-neutral articles present realistic opportunities for brands to insert themselves into publications that are otherwise difficult to penetrate. More importantly, 82% of c-suite and business decision-makers say that thought leadership increases their trust in an organization.

In a highly competitive industry such as cybersecurity, marketers must understand how to optimize all public relations opportunities to their advantage. But to successfully do so requires debunking lingering misconceptions, embracing important best practices and challenging conventional ways of thinking. And after reflecting on this article, it is my hope that all cybersecurity marketers feel empowered to do just that.