Top Tips For Approaching Cybersecurity Media

In the world of PR, there are few fields more exciting and terrifying than the cybersecurity industry. It feels like every day we hear about a new breach, hack or vulnerability that has impacted an individual or organization. The numbers back this up; a recent cybersecurity report from research firm ThoughtLab found that the average number of cyberattacks and data breaches increased by 15.1% from last year. It’s essential for savvy PR professionals to stay up to date on the latest developments in the space.

However, monitoring the latest data security incident isn’t enough. Even though the number of outlets and reporters who cover the space has increased as the threat has grown, cybersecurity journalists demand more from the PR professionals they know. It’s not enough to share thoughts on the latest breach; rather, reporters are often looking for short and long-term insights and advice about the future of the category as well as the reasons the public should care. 

So, how do PR organizations manage their relationships with cybersecurity reporters to garner coverage and showcase their clients as thought leaders in the space? It’s all in the approach.

Different data security reporters cover different verticals

One of the biggest misconceptions about the industry is that all cybersecurity media contacts are interested in the same stories. While cybersec journalists typically monitor the latest hack or vulnerability, how they cover the news changes from reporter to reporter and outlet to outlet. For example, journalists who focus on privacy and data concerns on big tech platforms may be intrigued by a pitch about a data breach on a major social network. But they would not be interested (and may even be annoyed) by an inbound about a ransomware attack on a local energy supplier. It’s best to prioritize research into the most appropriate reporters and outlets for a specific cybersecurity pitch.

PR teams should organize their contacts by vertical, separating outlets and reporters based on recent coverage. Note specific reporters or media organizations that can be helpful for the future. For example, if a reporter is focusing on stories about cybersecurity threats as students prepare to go back to school, make sure everyone knows that. Moreover, pay attention to the tone of data privacy stories. While data privacy doesn’t always overlap with cybersecurity, often reporters who take a strong stance or position in a privacy story may ask to speak with a cyber expert about the potential consequences of a breach. Monitoring and capitalizing on past interactions with reporters is often the simplest and most effective way to manage media relationships and turn pitches into wins. But pay attention to the broader story – a spokesperson can easily be quoted on the record criticizing a major company, one they may even work with from time to time, for inadequate privacy and cybersecurity measures. Context matters.

All breaches aren’t the same

Not only do the verticals for reporters in the cybersecurity industry vary significantly, but the types of incidents they cover and care about differ as well. Denial of Service (DOS) attacks are not in the same ballpark as ransomware attacks. Third-party data breaches, for example, require different insights and expertise than hacks that only affect a specific individual.  For example, the access of unauthorized information from a telecommunications company by a cyber criminal will potentially affect all of the clients and users while a successful phishing scam on a specific shopper will likely only compromise that individual consumer. Thus, PR professionals need to have a basic understanding about the insights, research and sources to offer depending on the incident. 

It’s often useful to separate the available data, spokespeople and insights into categories for outreach when the next breach happens. In addition, your cybersecurity spokespeople and clients may not actually be experts in all areas. Many have a specific area they focus on in terms of breaches and data compromises. It’s a misconception that cyber professionals already know everything about the industry, so understanding the expertise and focus on each side is key.

Use cybersecurity conferences and panels

Cybersecurity changes all the time, and more than nearly any other tech category, it offers a robust stream of industry conferences and meetings. Nearly every other week there are panels that highlight the cybersecurity landscape, its threats, current solutions and best practices. These panels offer constant opportunities to bring together cybersecurity companies, research firms, reporters and analysts who cover the category.

Always be building relationships 

When conducting outreach for cybersecurity conferences, it’s not enough to simply offer a knowledgeable spokesperson for a panel or keynote. Savvy PR people use all available resources to showcase new research studies, data, and trends. Experts spokespersons can also offer opinions on recent attacks, industry moves, and regulatory issues.

PR teams can get the most out of conferences by offering media briefing opportunities even if they’re not for a specific story and don’t result in media coverage. In fact, one of the biggest mistakes PR people make is foregoing media meetings that don’t guarantee immediate placements. The relationship-building opportunities between media outlets and companies and their executives or third-party experts can generate long-term connections that pay dividends far into the future.

Cybersecurity Pubs Every PR Pro Should Be Reading

Most of us who work at tech PR agencies stay glued to various media to track breaking news and inform reactive pitching to promote visibility for our clients. Yet our main goal is not always to secure top-tier media coverage, although that’s always a win. We may also work to earn media coverage that will be read by a rarefied audience that ranges from senior executives to CEOs. Often we work with trade journalists who cover highly technical categories and need commentary and background from specialized experts. 

Cybersecurity is one of those categories. From data hacks to new ransomware, PR pros who work in the cybersec space need to stay connected to developments and track trends in the business. Trade publications can be just as important as top outlets like The New York Times or Wall Street Journal. They often break news before anyone else. In fact, if you work in cybersecurity PR you should be reading these top publications on a daily basis.   

Dark Reading

Dark Reading is perfect for enterprise IT and network security professionals, providing the most up-to-date information about products, management strategies, architectures and security policy. It acts as a security dashboard for IT professionals who don’t have the time or the luxury of combing wirefeeds, multiple bug feeds or vendor sites to find out what’s new or how well it works. 

Wired: Threat Level

Threat Level, a subsection of Wired, offers insight into the latest news and happenings related to hacking, cyber crimes and new methods to protect personal data online. PR pros will also enjoy the in-depth stories with an insider’s view on cyber attacks.

ZDNet: Zero Day

Looking for new research on tech and IT, while reporting on the latest threats and vulnerabilities in the cybersec space? ZDNet’s Zero Day covers that while providing technical in-depth pieces which professionals will appreciate. 

CSO

Aimed for high-level security professionals, CSO offers content on security-related products and services to assist CSOs in the decision-making process. Their goal is to underscore the need for security personnel while building a high level of trust among chief security officers and tracking the tools and techniques they need to make smart decisions.

InfoWorld

InfoWorld is published for IT leaders who hope to bring their companies a competitive edge through understanding emerging technologies and advances. It focuses on personal computing in enterprise and offers reliable product information to corporate volume buyers who are purchasing for client-server environments. 

ThreatPost

Threatpost covers Internet and computer security news on virus alerts, new hacker threats and attacks, and advances in security research, webcasts and white papers. It’s also a great source for breaking news with expert commentary. 

SC Magazine

SC Media gives info security professionals the in-depth business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin business strategies. It’s also a great place for in-depth op-eds by industry leaders on current trends and topics.

Krebs on Security

Founded by investigative reporter Brian Krebs, Krebs on Security provides content on day-to-day software and information technology, executing daily internet tasks and also good security practices. He also offers articles for not-so-savvy cyber pros by breaking down the latest cyber attacks and helping explain their impact.

CyberSecurity Dive

Under the Industry Dive umbrella is Cybersecurity Dive. It provides in-depth journalism and insight into the most important news and trends shaping cybersecurity, like breaches, vulnerability, threats, and more.

InfoSecurity Mag

Infosecurity Magazine has given readers over ten years of insight into the information security industry. It focuses on hot topics and trends, in-depth news analysis and opinion columns from industry experts. It’s also a great place for webinars and other free educational content!

Bleeping Computer

Bleeping Computer aims to serve as a helpful resource for novice computer users to learn the basics of computer tech. It’s also a good forum for discussion of trends, tools, and hot topics.

TechRepublic

TechRepublic serves as the ultimate professional resource and community for members of the IT sector, from CEOs, to IT professionals  and everyone whose job requires making decisions about technology. It includes a family of virtual communities called republics, which organize editorial by job function, providing expert niche content, as well as peer-to-peer advice. 

infoRisk Today

infoRisk Today covers topics in risk management, compliance, fraud, and information security. It provides credible, timely information that security leaders can use as they craft comprehensive information security strategies so critical in the industry.

6 Things Cybersecurity PR Pros Should Do To Stand Out

Global spending on cybersecurity products and services will exceed $1 trillion by 2021. The sector’s accelerated growth, however, makes it hard for companies to stand out. That means cybersecurity PR pros must be savvy, creative and tactical to ensure their companies are noticed by target audiences. 

In honor of Cybersecurity Awareness Month here are six ways to help providers stand out in the cybersecurity space.

Understand how you fit into the big picture

Like ad tech, cybersecurity is a crowded and highly segmented market full of vendors, services and enough acronyms to make your head spin. Knowing where a company fits into the ecosystem is essential to differentiation. Beyond the umbrella of cybersecurity, PR pros need to adopt a granular understanding of their focus and expertise. Are the company’s offerings geared toward consumers through products like antivirus and firewall solutions, or toward business and enterprise via security information and event management (SIEM) software suites? Does it excel in enterprise data security for the private sector or are government contracts the goal? The answers to these questions will dictate strategy and help PR specialists discern what storylines can achieve the visibility they need.

React to breaking news

PR teams must be tuned into what’s happening in the cybersecurity space every day. Sometimes there’s only a four-hour window to jump on a breaking story, so we need to be ready. From massive breaches and ransomware attacks, to election security issues and data privacy concerns, the sheer volume of stories makes news monitoring essential. Cybersecurity PR professionals should be following key contacts on social media, as well as subscribing to major newsletters like Politico’s Morning Cybersecurity or the Washington Post’s Cybersecurity 202. 

But, pick your battles

It’s self-defeating to hurl yourself at every story, however. PR teams should recognize that it’s impossible to be included in every type of news and should keep a fairly tight focus when offering subject-matter experts for comment. When it comes to reactive commentary, we base outreach on company specialty and the nature of the news. For example, a company specializing in enterprise IT security probably has no place commenting on data privacy surrounding government contact tracing. The pool of cybersecurity reporters is relatively finite, so PR pros should pick and choose the most relevant trending story and offer their source only to the most appropriate reporters to maximize return-on-effort. 

Know your media targets

Cybersecurity PR pros must be savvy enough to understand the nuances of media targets’ disciplines within the cybersecurity space. For example, there are multiple contacts at The Wall Street Journal that cover cybersecurity. Approaching any one of them without understanding what they cover will ensure your pitch is ignored. Study up. Follow key reporters on social media, read the trades and learn the differences between contacts that cover breaking data breaches or ransomware attacks and those that cover IT security management policies or white hacks and research reports. PRs who are aware of these differences will be more precise in their outreach efforts and maximize the potential for media visibility.

Diversify vertically

In an industry as crowded as cybersecurity, we are often competing against hundreds, if not thousands, of other brands and executives for thought leadership space. At times it’ll be more difficult to garner coverage depending on the story being told. But thanks to how many industries are affected by general cybersecurity issues, PR teams may gain advantage by diversifying their coverage options based on vertical sectors. These sectors may range from education, government and energy to financial services, healthcare and insurance. If an industry depends on the Internet to operate, it will undoubtedly face cybersecurity challenges. Attacking industry trade publications creates more coverage opportunities and allows PR pros to position their company in an outlet that can yield visibility among a new audience segment and even create a customer lead-gen opportunity down the line.

Use research and data to cut through the noise

Data and research can be highly effective for creating visibility for a cybersecurity brand, especially in a crowded category like antivirus and encryption software. Since there are hundreds of vendors in this segment vying for market share, the odds can be stacked against us from a media perspective. By either leveraging a company’s own research team or commissioning and white-labeling research from a third-party vendor, PR teams can gain an edge over competing brands in the battle for media mindshare. Cybersecurity reporting is inherently data-centric, which makes media in the space comparatively more primed to cover emerging industry research. Successful promotion of a report on a trending industry topic can result in high-impact coverage at scale and a big boost in brand visibility for the cybersecurity companies.

20 Cybersecurity Reporters To Follow On Twitter

Twitter is an essential resource for PR pros whose job requires them to stay up-to-date and engaged with reporters across different sectors. For us, one of those is cybersecurity. With data breaches happening frequently, data privacy making news, and the presidential election looming, security is the hottest of hot topics.

How can PR specialists stay abreast of security news to create opportunities for client companies? Start by following these 20 cybersecurity reporters and journalists. This is in no particular order and is by no means a complete list, but it’s a good resource for anyone looking to learn more about cybersecurity.

Great Cybersecurity Reporter Twitter Follows For Cybersecurity Geeks

(TechCrunch) Zack Whittaker | @zackwhittaker

Formerly of ZDNet, Zack is the security editor at TechCrunch. He’s a known name in security and is a cybersecurity reporter that gives great insight into many of the ongoing and current issues in the space. One of his more notable recent stories read was his piece last year on shutting down a massive child abuse website.

(ZDNet) Catalin Cimpanu | @campuscodi

Catalin is ZDNet’s cybersecurity reporter. Previously a news editor at Bleeping Computer, he’s been covering the security space for a while and is a go-to source for any breaking stories. As a highly active tweeter, he’s a great resource for large-scale stories as well as narrow technical aspects of the sector.

(Bloomberg) William Turton | @WilliamTurton

William joined Bloomberg as a cybersecurity journalist last summer. He’s a must-follow for anyone looking to learn more about security, big tech and security implications related towards the top trending stories globally.

(Politico) Eric Geller | @ericgeller

Eric Geller is a security reporter at Politico. He covers security and cybersecurity issues related to the White House, government policy and election security, along with breaking news. He’s extremely active on twitter, acting as a great source for general political news and the occasional meme.

(Motherboard/Vice) Lorenzo Franceschi-Bicchierai | @lorenzofb

Lorenzo is a go-to source for any and all happenings in cybersecurity. He’s been a writer for Motherboard Vice for almost five years and previously had a two-year tenure at Mashable. Along with security, Lorenzo also reports on tech general tech industry matters.

(Motherboard/Vice) Joseph Cox | @josephfcox

Joseph is a cybersecurity journalist at Motherboard Vice, covering things like hacking and cyber crime. His stories comprise a range of topics impacting security such as hacking, data protection and breaking news.

(CNET) Laura Hautala | @lhautala

Laura covers cybersecurity and privacy with a consumer focus at CNET. She does great work in viewing common security issues through the lens of the customer, and framing them towards customers, often covering topics on the internet and database security.

(Cyberscoop) Shannon Vavra | @shanvav

Formerly of Axios, Shannon has been reporting on cybersecurity at Cyberscoop for almost a year now, specifically focusing on the NSA, cyber command and cyberwarfare. Her feed is made up of terrific security stories and some politics news.

(Dark Reading) Kelly Jackson Higgins | @kjhiggins

Kelly is the executive editor at Dark Reading, a top cybersecurity trade publication. Although she doesn’t tweet too often, her stories and contributions to Dark Reading are essential to be current on happenings in the security space.

(Forbes) Davey Winder | @happygeek

Davey is a top contributor to Forbes’ cybersecurity section. His stories detail aspects of the threat landscape and cover data breaches with some frequency. He also contributes to SC Mag and InfoSecurity Mag.

(MIT Tech Review) Patrick Howell O’Neill | @HowellONeill

Patrick joined MIT Tech Review to cover security in July of last year. His coverage touches on the regular topics of hacking, along with a political perspective on tech issues.

(NYT) Sheera Frenkel | @sheeraf

Sheera is a cybersecurity reporter at NYT and covers trending topics like the upcoming election, Big Tech and large data breaches. She previously spent time at Buzzfeed covering the Middle East and cybersecurity.

(NYT) Nicole Perlroth | @nicoleperlroth

Nicole has been with NYT for over eight years covering the security space. She investigates trends in security, sometimes with a focus on national security and significant crimes in the US and abroad.

(WIRED) Andy Greenberg | @a_greenberg

At WIRED Andy is a dedicated cybersecurity journalist. Previously at Forbes, he takes an investigative bent and has won multiple awards over his 14 years of reporting. He also has a book called SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.

(WIRED) Lily Hay Newman | @lilyhnewman

Lily is another of WIRED’s top security journalists covering digital privacy, information security and hacking. Over the four years she’s been with the publication, Lily has covered breaking news and ongoing stories about many of the issues that plague technology. Although not the most active on twitter, she’s an essential follow for the latest happenings in security.

(Washington Post) Ellen Nakashima | @nakashimae

Ellen has been with the Washington Post since 1995 and covers national security. Her longevity and knowledge of security issues, especially on elections, makes her an unbelievable resource for knowledge and perspective on issues related to government affairs.

(Washington Post) Joseph Marks | @Joseph_Marks_

Joseph writes the Cybersecurity 202, a daily newsletter for the Washington Post that covers all major news security professionals should know.This is the first newsletter I check out every morning to make sure I’m up-to-date and it’s an invaluable resource.

(Axios) Scott Rosenberg | @scottros

At Axios, Scott is the main reporter for cybersecurity. He also covers a wide array of topics related to technology and government affairs. Scott publishes the Axios Codebook on a weekly basis, which is an essential read.

(CNBC) Kate Fazzini | @KateFazzini

Kate is the lead cybersecurity reporter at CNBC. Previously at WSJ, she often participates in CNBC broadcast segments as the network’s go-to cybersecurity expert and is a must-follow to better understand top stories within the greater security space.

(Politico) Tim Starks | @timstarks

At Politico, Tim serves as a dedicated cybersecurity reporter. Along with his usual reporting, he publishes POLITICO’s Morning Cybersecurity newsletter covering the latest news in cybersecurity policy and politics.

Top Cybersecurity Trends For PR In 2020

2019 was a landmark year for those who work in cybersecurity PR, and not in a good way. Many organizations fell victim to breaches, hacks and leaks — at an average cost per incident of nearly $4 billion.

From Capital One and Facebook, to the AMCA, Georgia Tech and more — each shows that no sector is off-limits to attack by bad actors. A varied threat landscape has driven extensive cybersec media coverage. And while data breaches, ransomware and malware attacks are among the “normal” cybersec vulnerabilities, 2020 brings additional issues that will warrant increased exposure. They include attacks by foreign actors, insider threats, the growing cybersecurity skills shortage, AI-enabled attacks and the consequences of business’ migration to cloud infrastructures. 

Each is relevant fodder for PR teams looking to take advantage of their clients’ expertise as thought leaders. Reactively, pros will have to look for a way to position execs (CISOs, CIOs, CROs, research teams) to talk about how these trends compound a much larger issue — that most organizations aren’t equipped to mitigate cyberattacks from multiple avenues at once. And regardless of how well prepared a company may be to deal with an incident, breaches and attacks will happen – so advance PR prep is also in order.

What should PR pros anticipate within cybersecurity landscape in the next year? Here are the top trends — based on client conversations, journalist insight and industry expertise — that’ll give teams the edge, along with a warning for cybersec communicators.

Cyber attacks on industries outside of “tech” will see more exposure

Today, every company is a technology company. Major retailers’ e-commerce platforms are booming. Financial services companies are getting into cryptocurrencies and have invested heavily in mobile experiences. The healthcare and insurance industries — notorious for being slower to adapt to emerging tech — are in the throes of digital transformation initiatives involving cloud migration and AI. Everything is connected, which means every industry is vulnerable in some way. In 2020, cybersecurity PR pros should be well versed in how the threat landscape can affect many different business sectors at once and at any given time. By staying up-to-date on multiple verticals outside of pure ‘tech’ – especially those most frequently targeted by cyber attacks like healthcare, financial services, government, and energy — PR teams can ensure they’re prepared to take advantage of newsjacking opportunities in the event of a hack, keep their clients apprised of the latest news and generally be more effective at meeting industry trends and client needs.

Following new publications and key reporters in important verticals on Twitter, setting the right Google alerts and generally being vigilant through research each day will help PR pros advance client thought leadership. 

IoT’s vulnerability will take center stage

The internet of things has been a tech obsession for the better part of the last ten years. However, as IoT capabilities and connectivity have evolved, so have the vulnerabilities that put consumers at risk. 2019 alone has seen a spike in reports that show how easy it is to hack smart speakers. Coverage highlighted vulnerability and negligent security practices surrounding Amazon’s Ring cameras — where hackers gained entry and terrorized users through their own devices — and saw the FBI warning people that smart TVs can be compromised and used by bad actors to listen and watch them without their knowledge.

Especially in the wake of the incredible Ring coverage from the likes of Motherboard, Gizmodo, The Verge and others, cybersecurity PR teams should brace themselves for IoT debate to rage on in 2020. As the possibilities of the connected world expand, companies should be monitoring consumer data and implementing internal security protocols to protect customers, like 2FA out of the box (rather than blaming users).

For PR teams, these events have a silver lining and open up new opportunities for positioning cybersecurity execs as experts. Pros should have commentary in place for proactive/reactive outreach opportunities speaking on the larger impact of these events on consumer trust. Finally, they can use the trend as a fresh reason to offer best practices for consumers to protect themselves as threats proliferate.

Cybersec workforce shortage grows

Despite a constantly changing tech landscape and increased connectivity between people and devices, the cybersecurity space is notably short on qualified talent. Demand for talent isn’t showing any signs of slowing — the Bureau of Labor Statistics projected a 32% rise in available positions for infosec analysts between 2018 and 2028. Fifty-three percent of IT pros, however, have said they lack the security knowledge to safeguard the organizations they work for. If this trend continues and the need for skilled cybersec experts keeps surpassing their availability, industries around the globe could potentially see greater losses in revenue and consumer trust. The talent shortage could also be a significant contributing factor for a greater frequency in breaches, hacks and leaks in 2020.

The cybersecurity talent gap isn’t going to close overnight, so PR teams should take advantage of the attention the issue commands. Proactive and reactive commentary strategies, as well as bylines positioning cybersec clients’ expertise on how to solve the problem in the long term will further thought leadership. Additionally, highlighting ways businesses can circumvent a lack of talent internally (like investing in AI and contracting with third-party cybersecurity vendors) or how they should evolve their own hiring practices (better training and sourcing, for example) will make for strong story angles to address the issue in the new year.

Attribution announcements must be clear and credible

When an attack happens, security providers and others often clamor to publicly identify the attack and its source. There’s a natural incentive for us to make such announcements to show leadership and expertise. But there’s a risk of misinformation that may grow in 2020. In the event of an attack by foreign state actors, our government often doesn’t want to identify the culprits, even when it knows who they are. It often leaves that to cybersec companies in order to guard the intelligence sources or methods used to track down bad actors.
The problem is that as foreign-government-backed attacks proliferate, security companies or hack victims may by tempted to blame foreign actors even when they’re not involved. Foreign hackers themselves may even claim credit where it’s not due. This situation is more likely following the U.S. airstrike on Iran, amid widespread speculation that Iran could retaliate through cyber attacks. It’s important for communicators to make any attribution claims or assessment in a rigorous way, based on quality information. The last thing we need is a credibility crisis in cybesec communications.