Cybersecurity Awareness Month: Communications for the threat landscape

Now in its 20th year, Cybersecurity Awareness month is co-led by U.S based organizations, the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Security Agency (CISA).

The theme for this year is to look back at the last two decades: at how far we have come, progress we’ve made, and the vision for the next few years.

It will come as no surprise that the cybersecurity industry has changed drastically over the past two decades, largely due to key trends like the jump from desktop to mobile technologies, remote and hybrid working models, cloud migration, and the fast-paced evolution of disruptive new technologies like Generative AI. 

In an era that’s starting to be shaped more by advanced technology, unparalleled computing power is on the very close horizon. This rapid advancement also means individuals, organizations and Governments are faced with new, sophisticated challenges requiring them to advance cybersecurity rapidly to help protect themselves against threats. 

Today, with 560,000 new pieces of malware detected every day, cybersecurity is one of the highest costs that enterprises face, taking up 12% of IT budgets on average, and this cost is rapidly rising. At the CYBERUK 2023 event, the National Cyber Security Centre (NCSC) released a report warning that the proliferation of commercial hacking tools is already lowering the barrier to entry for state and non-state actors, transforming the threats that organizations and individuals face.

In this environment, and despite data privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) working to protect consumer data, 70% of consumers in North America, the UK, France, and Germany believe businesses aren’t doing enough to adequately secure their personal information. They also assume it has been compromised without them knowing it.

How communications can support cybersecurity’s evolution

In this complex landscape, the role of communications is more pivotal than ever. Cybersecurity communications strategies need to consider all stakeholders, and establish messaging and an approach specific to their interest and concerns. 

For instance, all brands should prioritize building a data breach crisis preparedness response (regardless of how solid your cybersecurity practices are) which can include setting up a secured communication platform for sending out real-time instructions to employees during an attack, outlining security protocols to follow, and establishing a schedule for delivering regular updates effectively. 

As well, external stakeholders should have insight into what the organization is doing during BAU to ensure cybersecurity and protect data. If a breach does occur, it is imperative to communicate transparently about the incident and provide updates from assessments undertaken by the threat team to partners, customers, analysts, legal advisors and media.

How Clarity supports the cybersecurity sector

At Clarity, we’ve provided marketing, public affairs and communications consultancy, services and strategic guidance to some of the world's most progressive companies. Clients we’ve supported with cybersecurity-focused communications include Red Hat, the ISPA (Internet Services Providers’ Association), the TCBN (Transatlantic CyberSecurity Business Network), Corero, Nokia, and Flashpoint, amongst others. 

To celebrate Cybersecurity Awareness Month 2023, in this blog we’ll share some insights and use cases of how communications, including PR and public affairs, can help in the battle against cybercrime.

Running Australian cybersecurity comms during a breach-heavy period

Luke Ireland, Senior Account Manager, Sefiani (part of Clarity Global), said, “In Australia, we've found those who succeed in cutting through the noise in what has become an oversaturated conversation with myriad competing voices, are those who can offer novel intel, data and practical guidance on how businesses and governments can get ahead of the evolving threat landscape. It's the brands who actively play a leadership role (backed by data) in moving the conversation forward, rather than spruiking products, that stand out, particularly to the media. 

If you're a cybersecurity brand looking to add your voice to the mix, first think about what value you're adding to the conversation and how this promotes discourse and action not only at a board level, but a policy level too."

Leading with insights for UK cybersecurity comms

In the cybersecurity industry, most brands are unable to share customer success stories, therefore it’s important for businesses to evaluate how they can create a niche for themselves in this increasingly competitive space. Whether they provide unique and valuable insights that show business impact, or deep dive into a new vertical that has been impacted by cybersecurity but not spoken about, thought leadership campaigns are an effective way to drive innovation and inspire others to take action. 

If cybersecurity brands are trying to increase their share of voice, or if they’re thinking about how they can be positioned as an industry expert, it’s important to involve internal subject matter experts in the planning process to identify key themes and messaging for stories and campaigns. This will enable the comms team to lead industry conversations backed by trends from informed experts, or even insights from a survey curated with their involvement, thus ensuring that brand has a pulse on the ever-evolving industry.

Managing the Transatlantic CyberSecurity Business Network’s Secretariat

Clarity’s UK Public Affairs team manages the Secretariat for the TCBN, an informal coalition of UK and U.S. cybersecurity companies committed to facilitating dialogue, collaboration, and the championing of the sector to help address critical security challenges on both sides of the Atlantic. 

Co-Founded by Clarity’s President of Public Affairs, Nick Lansman, and Andy Williams, the former international trade advisor and Cyber Envoy for the British Embassy in Washington DC, the network focuses on fostering the transatlantic relationship in cybersecurity commerce and innovation. Through events, policy spotlights, and working with the UK Government, the TCBN looks to facilitate the growth agenda and help businesses scale. 

Putting DDoS at the heart of Cyber Policy for Corero

Clarity’s public affairs team supported Corero, a DDoS (Distributed Denial-of-Service) mitigation specialist, to draw up a plan to help it use the political and regulatory environment to stand out from the competition, and raise awareness of DDoS.

Clarity ran a public affairs workshop to develop a bespoke plan then created messaging collateral to manage targeted engagement of a range of relevant bodies, including the NCSC, NCA, DCMS, Parliament and the DIT. Clarity also supported Corero to be involved in policy support around key regulations, like the implementation of the Network Information Security Regulations (the first set of measures to set and raise cybersecurity standards for CNI), and DDoS protection. 

These efforts helped Corero become part of key industry-government working groups on DDoS and build a network of senior contacts in relevant government and regulatory departments. Regulations partly created by Corero are also being used to drive take up of real-time DDoS protection.

Conclusion

Malicious actors are consistently raising the stakes, and are often one step ahead of organizations. Therefore, with the constant launch of new technologies, the private and public sectors must urgently prioritize communications to be best prepared. 

Do you think you’re able to effectively communicate your cybersecurity value story? Is it tailored to each of your stakeholders, and communicated in a clear and concise way? Do your stakeholders know about achievements, challenges, and opportunities of your cybersecurity program?

Want to find out more about how Clarity can support your cybersecurity business in this landscape? Contact us here.