Enhancing supply chain cybersecurity resilience through positive storytelling and clear communication

Recent disruptions caused by global IT outages have shed light on how a lack of IT supply chain diversification fundamentally undermines resilience by concentrating risk. Over the last few months, many organizations have been considering the makeup of their supply chains, and the strength of their incident management and response plans, accordingly.

As one of Clarity’s cybersecurity communications leaders, I work frequently with thought leaders and media navigating this environment in real time. As the communications lead for the Cybersecurity Business Network (CBN), a free community founded and managed by Clarity to provide a collective voice for UK’s cybersecurity companies, I have an additional, unique opportunity to consistently interact with cybersecurity experts. In the last month, I have also spoken with several cybersecurity leaders and teams at the International Cyber Expo, and during CBN’s webinar on how companies can bolster IT supply chains.

In this article, I will outline the communication challenges faced by cybersecurity leaders and organizations in this context, and the value powerful storytelling and clear communications can bring to cyber firms looking to boost reputations when trust is low.

Tackling supply chain obstacles that hinder business resilience

Many larger organizations have invested significantly in their cybersecurity practices, so some cybercriminals are focusing on weaker targets and entry points, like smaller businesses across the supply chain. Smaller organizations often don't have the security and compliance expertise that larger companies do, alongside often having tighter budgets to fortify their systems. 

The cybersecurity communications landscape doesn’t currently set these organizations up for success. A fear based narrative puts many off investing in the key technology they need to protect themselves, and means many put off building an ability to quickly respond to cyber-threats. 

Cybersecurity communications challenges

Based on my recent conversations with the cybersecurity community, the key communications challenges the sector is currently battling are:

1. A negative narrative: The overall cybersecurity narrative has often revolved around negative messaging, creating an environment of fear, anxiety, and stress. This can make many people shut down completely, meaning they don’t recognize the importance of addressing their cyber vulnerabilities effectively. While traditionally negative stories were focussed on cyberattacks, today this narrative also covers cyber firms ‘letting businesses and people down’ which has shaken brand trust and loyalty. 
2. Lack of awareness: Many smaller organizations underestimate the risk of becoming a target, and may not take cybersecurity seriously until they have been compromised. They need to understand that investing in cybersecurity is essential to safeguarding their operations, reputation, and sensitive data.
3. Lack of understanding: The technical and specialized language used in cybersecurity can feel like jargon to those outside the sector, creating significant barriers to entry for many professionals. This might make them feel alienated or overwhelmed, meaning they automatically switch off unless there’s a simpler explanation.

How clear, positive communications helps businesses navigate the supply chain cybersecurity storm

Positive and clear communications build trust, support organizations to better anticipate potential cyberattacks, and foster a collaborative environment within the organization and in wider society. Key actions to take include:

1. Positive and simple narratives: We need to change the messaging around cybersecurity, because the current approach is not working. Instead of tapping into fear and anxiety, companies need to highlight benefits of good cybersecurity practice like improved cyber resilience, better customer experience and building a trustworthy environment. This way we can transform a daunting necessity into an enabler of success, growth and opportunity. 

2. Educational campaigns: Sharing educational content pieces on social media platforms, brand websites, and webinars that highlight the gaps in the supply chain cybersecurity, and ways for the entire community to mitigate risks, will drive positive awareness. Storytelling and practical insights can be crucial to empower smaller businesses to adopt robust practices. 

3. Have a say in policy discussions: The recent global outage led to debates about the resilience of the UK’s networks, and the government proposed the new Cyber Security and Resilience Bill which will be introduced to ensure the security of critical infrastructure and digital services. While the sector will be watching closely for direction on how society will be better protected, the cybersecurity community has a responsibility to participate in the discussion and ask questions. For example,  cybersecurity firms can delve into the concentration of risk: 62% of the global external attack surface is covered by just 15 companies. What is the long-term viability of reliance on so few suppliers? 
4. Transparency and visibility: Timely, accurate and clear communications increase transparency across the supply chain, ensuring all stakeholders are well informed and understand the current state and potential risks. This facilitates better decision making, fosters trust, and ensures a better management of issues before they escalate into a full-blown crisis. Open communication also enables companies to better align their objectives with suppliers and customers, supporting a resilient supply chain.
5. Crisis management and recovery: During disruptions, effective communication channels are essential for coordinating crisis management efforts and recovery plans. This can help mitigate the crisis’ impact by ensuring swift decision making and resource allocation. Having clear and consistent messaging is imperative to maintain employee morale, maintain trust publicly, and ensure everyone has access to real-time updates and guidance to navigate the crisis.

Planning for 2025

As we approach year end, it’s time to reflect on key learnings and plan ahead. Have you thought about prioritizing communications between your internal and external stakeholders? What are the key communication challenges you’re facing, and what support do you need to reach your objectives? Are you willing to lead the positive cybersecurity communications drive?

At Clarity, we specialize in supporting cybersecurity organizations to reach, inform, and educate their audiences using intelligence-led, measurable marketing and communications.

Want to find out more about how Clarity can support your cybersecurity business to grow and reach audiences with meaningful communications and smart marketing? Contact us here.

For those interested in becoming a member of the CBN for free, or learning more about how you can contribute to and benefit from this initiative, please visit https://cb-network.org/

*Featured image credit to Andreas Gücklhorn on Unsplash