Alloy logo

August 06, 2019

Anna Ruth Williams


Chief Growth Officer

The business information website Crunchbase currently lists more than 4,600 cybersecurity companies ranging from very early-stage startups to those that have exited via M&A and IPO. Anecdotally, I’ve heard on more than one occasion estimates that place the total number of cybersecurity companies closer to 6,000, not including professional service providers like MSSPs. With Cybersecurity Ventures projecting yearly cybersecurity spending to surpass $1 trillion by 2021, the inundation of cybersecurity companies is no surprise.

Since Alloy launched our cybersecurity PR practice group in 2014, we have partnered with over 25 InfoSec companies spanning email security, cloud security, endpoint security and a half dozen other sub-sectors. While many of our clients utilize a mix of the core capabilities that comprise our Alloy Methodology, there is one service that has proven ubiquitous no matter the client’s goals and objectives: media relations.

The cybersecurity media landscape

Today, there are roughly 125 dedicated cybersecurity journalists across mainstream and trade press. Add in freelancers, bloggers and national security, IT and mainstream tech writers who dabble in cyber news, and the number of reporters covering the cybersecurity industry maxes out at about 300, or just one reporter for every 20 cybersecurity companies. This is problematic when considering not just the industry’s rapid ascendance into the mainstream, but also the totality of daily cyber-driven incidents of personal, organizational and national security importance.

Fortunately, several premier media outlets are finally beginning to invest more in cybersecurity reporting. For example, Techcrunch recently hired Zack Whittaker from ZDNET and the Washington Post brought on Joseph Marks from NextGov. As veteran cyber writers, both journalists bring eyeballs and authority to their daily columns.

Then there are editorial entrepreneurs like Sean Martin, who launched ITSP Magazine in 2016. Sean is helping to shape the next 20-years of cybersecurity coverage by going beyond products and FUD, instead of facilitating conversations around how best to solve complex privacy and security challenges. David Strom’s daily Inside Security newsletter is another example of a new media format engaging the cybersecurity audience hungry for more content.

Unfortunately, there are not enough Sean Martin’s and David Strom’s, nor is there enough mainstream media budget, to satisfy the editorial desires of 6,000 cybersecurity companies any time soon.

Media relations tips for cybersecurity companies to land headlines

With competition a dime a dozen and the race for fame and fortune well underway, many cybersecurity companies have a goal to lead in share of voice and consistently land press clips. Here are five tips to help make that goal a reality:

1.     Build an identity - Infosec veterans don’t always agree, but they are unanimous in the recognition that far too many companies look and sound the same. Often times, the lack of differentiated messaging and positioning stems from the analyst firm Gartner pigeonholing a company into a category or from a hesitancy to spend time, money and resources on words and images when the founders’ strengths are in codes and algorithms. While understandable deterrents, cybersecurity companies must recognize that their target journalists receive upwards of 100 pitches per day, and displaying strong, clear and distinct messaging is perhaps the most effective way to stand out.

2.     Limit rapid response - This might be difficult for some cybersecurity marketers to grasp, but most journalists don’t want your CEO’s point of view in response to every incident or threat. In fact, several notable cybersecurity reporters are notorious for going to Twitter to publicly scold companies for unfounded pitches. As the aforementioned Whitaker stated earlier this year, “Another day, another deluge of useless, uninspiring, uninformed canned commentary from PR people about the Norsk Hydro cyberattack.” When used correctly, rapid response is a major asset, but with cybersecurity press, in particular, it must be more strategic than timely and limited to when your company truly has objective value to add to a conversation.

3.    Showcase customer success - I know what you’re going to say - our customers will not talk and don’t want to reveal anything about their cybersecurity posture. While this is certainly true for some customers, it is not a universal sentiment. In fact, with the awareness of cyber threats having reached critical mass, more and more companies are finding it reputationally advantageous and a competitive advantage to promote their cybersecurity initiatives and not hide them. To hook customers, collaborate with sales, customer success and the C-suite to build a reference program that incentivizes them to participate in relevant media activities. This can be a win-win.

4.     Don’t expect products to make news - 90% of today’s cybersecurity news is written on four topics: zero days & threat discoveries, surveys and proprietary data, transactional news (funding, M&A, partnerships, etc.) and national security. Included in the remaining 10% is product news, and there are maybe 5-7 journalists who write about products with any regularity. Simply put, don’t prioritize media relations as a medium to push product recognition. It’s nothing against your product, it’s simply the byproduct of today’s media landscape. To promote products, tap into awards, analyst relations, case studies and third-party reviews.

5.     Thought leadership reigns supreme - Not every company has data scientists to help regularly push out zero-day news and proprietary data. In the absence of this information, let thought leadership fill the gap. Today, 82% of company executives and business decision-makers say that thought leadership increases their trust in an organization, which is great for lead gen. Yes, a few notable publications have cut back on their acceptance of contributed content, but overall the demand for it across verticals and mainstream press is quite high.

There is no doubt that media relations is an important tactic for cybersecurity businesses at all stages. But in today’s media landscape, generating cybersecurity press is just one of many PR and marketing tactics to deploy.  

Read how Alloy helped Coronet, a leader in data breach protection, to strategically use media relations for both awareness and lead generation, in what PR Daily recognized as the Best PR Campaign of the year.