6 Things Cybersecurity PR Pros Should Do To Stand Out

Global spending on cybersecurity products and services will exceed $1 trillion by 2021. The sector’s accelerated growth, however, makes it hard for companies to stand out. That means cybersecurity PR pros must be savvy, creative and tactical to ensure their companies are noticed by target audiences. 

In honor of Cybersecurity Awareness Month here are six ways to help providers stand out in the cybersecurity space.

Understand how you fit into the big picture

Like ad tech, cybersecurity is a crowded and highly segmented market full of vendors, services and enough acronyms to make your head spin. Knowing where a company fits into the ecosystem is essential to differentiation. Beyond the umbrella of cybersecurity, PR pros need to adopt a granular understanding of their focus and expertise. Are the company’s offerings geared toward consumers through products like antivirus and firewall solutions, or toward business and enterprise via security information and event management (SIEM) software suites? Does it excel in enterprise data security for the private sector or are government contracts the goal? The answers to these questions will dictate strategy and help PR specialists discern what storylines can achieve the visibility they need.

React to breaking news

PR teams must be tuned into what’s happening in the cybersecurity space every day. Sometimes there’s only a four-hour window to jump on a breaking story, so we need to be ready. From massive breaches and ransomware attacks, to election security issues and data privacy concerns, the sheer volume of stories makes news monitoring essential. Cybersecurity PR professionals should be following key contacts on social media, as well as subscribing to major newsletters like Politico’s Morning Cybersecurity or the Washington Post’s Cybersecurity 202. 

But, pick your battles

It’s self-defeating to hurl yourself at every story, however. PR teams should recognize that it’s impossible to be included in every type of news and should keep a fairly tight focus when offering subject-matter experts for comment. When it comes to reactive commentary, we base outreach on company specialty and the nature of the news. For example, a company specializing in enterprise IT security probably has no place commenting on data privacy surrounding government contact tracing. The pool of cybersecurity reporters is relatively finite, so PR pros should pick and choose the most relevant trending story and offer their source only to the most appropriate reporters to maximize return-on-effort. 

Know your media targets

Cybersecurity PR pros must be savvy enough to understand the nuances of media targets’ disciplines within the cybersecurity space. For example, there are multiple contacts at The Wall Street Journal that cover cybersecurity. Approaching any one of them without understanding what they cover will ensure your pitch is ignored. Study up. Follow key reporters on social media, read the trades and learn the differences between contacts that cover breaking data breaches or ransomware attacks and those that cover IT security management policies or white hacks and research reports. PRs who are aware of these differences will be more precise in their outreach efforts and maximize the potential for media visibility.

Diversify vertically

In an industry as crowded as cybersecurity, we are often competing against hundreds, if not thousands, of other brands and executives for thought leadership space. At times it’ll be more difficult to garner coverage depending on the story being told. But thanks to how many industries are affected by general cybersecurity issues, PR teams may gain advantage by diversifying their coverage options based on vertical sectors. These sectors may range from education, government and energy to financial services, healthcare and insurance. If an industry depends on the Internet to operate, it will undoubtedly face cybersecurity challenges. Attacking industry trade publications creates more coverage opportunities and allows PR pros to position their company in an outlet that can yield visibility among a new audience segment and even create a customer lead-gen opportunity down the line.

Use research and data to cut through the noise

Data and research can be highly effective for creating visibility for a cybersecurity brand, especially in a crowded category like antivirus and encryption software. Since there are hundreds of vendors in this segment vying for market share, the odds can be stacked against us from a media perspective. By either leveraging a company’s own research team or commissioning and white-labeling research from a third-party vendor, PR teams can gain an edge over competing brands in the battle for media mindshare. Cybersecurity reporting is inherently data-centric, which makes media in the space comparatively more primed to cover emerging industry research. Successful promotion of a report on a trending industry topic can result in high-impact coverage at scale and a big boost in brand visibility for the cybersecurity companies.

20 Cybersecurity Reporters To Follow On Twitter

Twitter is an essential resource for PR pros whose job requires them to stay up-to-date and engaged with reporters across different sectors. For us, one of those is cybersecurity. With data breaches happening frequently, data privacy making news, and the presidential election looming, security is the hottest of hot topics.

How can PR specialists stay abreast of security news to create opportunities for client companies? Start by following these 20 cybersecurity reporters. This is in no particular order and is by no means a complete list, but it’s a good resource for anyone looking to learn more about cybersecurity.

Great Twitter Follows For Cybersecurity Geeks

(TechCrunch) Zack Whittaker | @zackwhittaker

Formerly of ZDNet, Zack is the security editor at TechCrunch. He’s a known name in security and gives great insight into many of the ongoing and current issues in the space. One of his more notable recent stories read was his piece last year on shutting down a massive child abuse website.

(ZDNet) Catalin Cimpanu | @campuscodi

Catalin is ZDNet’s cybersecurity reporter. Previously a news editor at Bleeping Computer, he’s been covering the security space for a while and is a go-to source for any breaking stories. As a highly active tweeter, he’s a great resource for large-scale stories as well as narrow technical aspects of the sector.

(Bloomberg) William Turton | @WilliamTurton

William joined Bloomberg as a cybersecurity reporter last summer. He’s a must-follow for anyone looking to learn more about security, big tech and security implications related towards the top trending stories globally.

(Politico) Eric Geller | @ericgeller

Eric Geller is a security reporter at Politico. He covers security issues related to the White House, government policy and election security, along with breaking news. He’s extremely active on twitter, acting as a great source for general political news and the occasional meme.

(Motherboard/Vice) Lorenzo Franceschi-Bicchierai | @lorenzofb

Lorenzo is a go-to source for any and all happenings in cybersecurity. He’s been a writer for Motherboard Vice for almost five years and previously had a two-year tenure at Mashable. Along with security, Lorenzo also covers tech general tech industry matters.

(Motherboard/Vice) Joseph Cox | @josephfcox

Joseph is a security writer at Motherboard Vice, covering things like hacking and cyber crime. His stories comprise a range of topics impacting security such as hacking, data protection and breaking news.

(CNET) Laura Hautala | @lhautala

Laura covers cybersecurity and privacy with a consumer focus at CNET. She does great work in viewing common security issues through the lens of the customer, and framing them towards customers, often covering topics on the internet and database security.

(Cyberscoop) Shannon Vavra | @shanvav

Formerly of Axios, Shannon has been covering security at Cyberscoop for almost a year now, specifically focusing on the NSA, cyber command and cyberwarfare. Her feed is made up of terrific security stories and some politics news.

(Dark Reading) Kelly Jackson Higgins | @kjhiggins

Kelly is the executive editor at Dark Reading, a top cybersecurity trade publication. Although she doesn’t tweet too often, her stories and contributions to Dark Reading are essential to be current on happenings in the security space.

(Forbes) Davey Winder | @happygeek

Davey is a top contributor to Forbes’ cybersecurity section. His stories detail aspects of the threat landscape and cover data breaches with some frequency. He also contributes to SC Mag and InfoSecurity Mag.

(MIT Tech Review) Patrick Howell O’Neill | @HowellONeill

Patrick joined MIT Tech Review to cover security in July of last year. His coverage touches on the regular topics of hacking, along with a political perspective on tech issues.

(NYT) Sheera Frenkel | @sheeraf

Sheera is a cybersecurity reporter at NYT and covers trending topics like the upcoming election, Big Tech and large data breaches. She previously spent time at Buzzfeed covering the Middle East and cybersecurity.

(NYT) Nicole Perlroth | @nicoleperlroth

Nicole has been with NYT for over eight years covering the security space. She investigates trends in security, sometimes with a focus on national security and significant crimes in the US and abroad.

(WIRED) Andy Greenberg | @a_greenberg

At WIRED Andy is a dedicated cybersecurity writer. Previously at Forbes, he takes an investigative bent and has won multiple awards over his 14 years of reporting. He also has a book called SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.

(WIRED) Lily Hay Newman | @lilyhnewman

Lily is another of WIRED’s top security writers covering digital privacy, information security and hacking. Over the four years she’s been with the publication, Lily has covered breaking news and ongoing stories about many of the issues that plague technology. Although not the most active on twitter, she’s an essential follow for the latest happenings in security.

(Washington Post) Ellen Nakashima | @nakashimae

Ellen has been with the Washington Post since 1995 and covers national security. Her longevity and knowledge of security issues, especially on elections, makes her an unbelievable resource for knowledge and perspective on issues related to government affairs.

(Washington Post) Joseph Marks | @Joseph_Marks_

Joseph writes the Cybersecurity 202, a daily newsletter for the Washington Post that covers all major news security professionals should know.This is the first newsletter I check out every morning to make sure I’m up-to-date and it’s an invaluable resource.

(Axios) Scott Rosenberg | @scottros

At Axios, Scott is the main reporter for cybersecurity. He also covers a wide array of topics related to technology and government affairs. Scott publishes the Axios Codebook on a weekly basis, which is an essential read.

(CNBC) Kate Fazzini | @KateFazzini

Kate is the lead cybersecurity reporter at CNBC. Previously at WSJ, she often participates in CNBC broadcast segments as the network’s go-to cybersecurity expert and is a must-follow to better understand top stories within the greater security space.

(Politico) Tim Starks | @timstarks

At Politico, Tim serves as a dedicated cybersecurity reporter. Along with his usual reporting, he publishes POLITICO’s Morning Cybersecurity newsletter covering the latest news in cybersecurity policy and politics.

Top Cybersecurity Trends For PR In 2020

2019 was a landmark year for those who work in cybersecurity PR, and not in a good way. Many organizations fell victim to breaches, hacks and leaks — at an average cost per incident of nearly $4 billion.

From Capital One and Facebook, to the AMCA, Georgia Tech and more — each shows that no sector is off-limits to attack by bad actors. A varied threat landscape has driven extensive cybersec media coverage. And while data breaches, ransomware and malware attacks are among the “normal” cybersec vulnerabilities, 2020 brings additional issues that will warrant increased exposure. They include attacks by foreign actors, insider threats, the growing cybersecurity skills shortage, AI-enabled attacks and the consequences of business’ migration to cloud infrastructures. 

Each is relevant fodder for PR teams looking to take advantage of their clients’ expertise as thought leaders. Reactively, pros will have to look for a way to position execs (CISOs, CIOs, CROs, research teams) to talk about how these trends compound a much larger issue — that most organizations aren’t equipped to mitigate cyberattacks from multiple avenues at once. And regardless of how well prepared a company may be to deal with an incident, breaches and attacks will happen – so advance PR prep is also in order.

What should PR pros anticipate within cybersecurity landscape in the next year? Here are the top trends — based on client conversations, journalist insight and industry expertise — that’ll give teams the edge, along with a warning for cybersec communicators.

Cyber attacks on industries outside of “tech” will see more exposure

Today, every company is a technology company. Major retailers’ e-commerce platforms are booming. Financial services companies are getting into cryptocurrencies and have invested heavily in mobile experiences. The healthcare and insurance industries — notorious for being slower to adapt to emerging tech — are in the throes of digital transformation initiatives involving cloud migration and AI. Everything is connected, which means every industry is vulnerable in some way. In 2020, cybersecurity PR pros should be well versed in how the threat landscape can affect many different business sectors at once and at any given time. By staying up-to-date on multiple verticals outside of pure ‘tech’ – especially those most frequently targeted by cyber attacks like healthcare, financial services, government, and energy — PR teams can ensure they’re prepared to take advantage of newsjacking opportunities in the event of a hack, keep their clients apprised of the latest news and generally be more effective at meeting industry trends and client needs.

Following new publications and key reporters in important verticals on Twitter, setting the right Google alerts and generally being vigilant through research each day will help PR pros advance client thought leadership. 

IoT’s vulnerability will take center stage

The internet of things has been a tech obsession for the better part of the last ten years. However, as IoT capabilities and connectivity have evolved, so have the vulnerabilities that put consumers at risk. 2019 alone has seen a spike in reports that show how easy it is to hack smart speakers. Coverage highlighted vulnerability and negligent security practices surrounding Amazon’s Ring cameras — where hackers gained entry and terrorized users through their own devices — and saw the FBI warning people that smart TVs can be compromised and used by bad actors to listen and watch them without their knowledge.

Especially in the wake of the incredible Ring coverage from the likes of Motherboard, Gizmodo, The Verge and others, cybersecurity PR teams should brace themselves for IoT debate to rage on in 2020. As the possibilities of the connected world expand, companies should be monitoring consumer data and implementing internal security protocols to protect customers, like 2FA out of the box (rather than blaming users).

For PR teams, these events have a silver lining and open up new opportunities for positioning cybersecurity execs as experts. Pros should have commentary in place for proactive/reactive outreach opportunities speaking on the larger impact of these events on consumer trust. Finally, they can use the trend as a fresh reason to offer best practices for consumers to protect themselves as threats proliferate.

Cybersec workforce shortage grows

Despite a constantly changing tech landscape and increased connectivity between people and devices, the cybersecurity space is notably short on qualified talent. Demand for talent isn’t showing any signs of slowing — the Bureau of Labor Statistics projected a 32% rise in available positions for infosec analysts between 2018 and 2028. Fifty-three percent of IT pros, however, have said they lack the security knowledge to safeguard the organizations they work for. If this trend continues and the need for skilled cybersec experts keeps surpassing their availability, industries around the globe could potentially see greater losses in revenue and consumer trust. The talent shortage could also be a significant contributing factor for a greater frequency in breaches, hacks and leaks in 2020.

The cybersecurity talent gap isn’t going to close overnight, so PR teams should take advantage of the attention the issue commands. Proactive and reactive commentary strategies, as well as bylines positioning cybersec clients’ expertise on how to solve the problem in the long term will further thought leadership. Additionally, highlighting ways businesses can circumvent a lack of talent internally (like investing in AI and contracting with third-party cybersecurity vendors) or how they should evolve their own hiring practices (better training and sourcing, for example) will make for strong story angles to address the issue in the new year.

Attribution announcements must be clear and credible

When an attack happens, security providers and others often clamor to publicly identify the attack and its source. There’s a natural incentive for us to make such announcements to show leadership and expertise. But there’s a risk of misinformation that may grow in 2020. In the event of an attack by foreign state actors, our government often doesn’t want to identify the culprits, even when it knows who they are. It often leaves that to cybersec companies in order to guard the intelligence sources or methods used to track down bad actors.
The problem is that as foreign-government-backed attacks proliferate, security companies or hack victims may by tempted to blame foreign actors even when they’re not involved. Foreign hackers themselves may even claim credit where it’s not due. This situation is more likely following the U.S. airstrike on Iran, amid widespread speculation that Iran could retaliate through cyber attacks. It’s important for communicators to make any attribution claims or assessment in a rigorous way, based on quality information. The last thing we need is a credibility crisis in cybesec communications.