PR for Cybersecurity: four takeaways working with clients

Over the years, I have had the privilege of working with several companies across the spectrum of cybersecurity and the experience was very illuminating for me. The way we can approach stories, develop the angles and educate the audience is boundless, and I want to share some insights that I picked up along the way:

#1 – No longer a business story – it is everybody’s story!

The conversation has changed and especially over the last couple of years since the pandemic. Cybersecurity as a topic is definitely a C-level issue but it goes beyond today. Employees, other stakeholders including any self-respecting board member needs to be well aware of what is at stake here.

Business leaders need to think in the context of their bottom line, while board members need to pay attention to how a lax cybersecurity posture may impact their company’s reputation, revenue and indeed may place them in a position of neglecting their fiduciary duties. Business managers need to ensure their own people recognise the importance of cybersecurity hygiene within their departments/units and act accordingly.

Education and storytelling is vital in helping to promote, educate and understand the issues before behaviours can change. The business media recognise this and today are keen to help their readers make sense of cybersecurity. Help them tell the story!

#2 – Work the assets – Subject matters, data matters.

The majority of our cybersecurity companies have access to insightful data points, trend reports that are very current, local and real time. Working these assets to provide a context and flavour to the cybersecurity message adds another layer of sophistication to the story telling. It makes it real, local and very relevant. The spokesperson (or storyteller as we call them) is seen as dispensing very real and relevant counsel, helping readers make sense of what has become a global problem.

Threat intelligence reports, local subject matter experts and regional surveys are gold mines! Use them, polish them up for easy consumption through judicious editing – slicing and dicing the key parts with elements that deliver a wow!

Make your storyteller analyse, break down the problem and explain what it means to the various stakeholders, identify potential threats and vulnerabilities. Add the local regulatory framework and help readers, viewers understand the next steps. There we have an extremely powerful asset for PR.

#3 - React to breaking news – But do not be an ambulance chaser.

Stay tuned to and informed of what’s going on in the world. Cyber breaches, incidents and updates are more prevalent and frequent today in our global and national digital economies.

Usually, there’s only a narrow window of opportunity to jump on a breaking story, so we need to be “on our toes” and ready to jump. From high profile breaches to ransomware attacks, national security issues and data privacy concerns, the sheer volume of stories makes news monitoring essential and can be an excellent platform for proactive PR.

However, pick your battles wisely and there’s just no point commenting on every breach or commentary opportunity. Instead, stay on message and reiterate your value proposition so the journalists and media titles get to recognise your value and identify you as a learned partner working together with them to develop their story. Over time they will see you as a trusted advisor and source and as a “voice” for their stories.

#4 – Keep it simple – explain it to people!

Cybersecurity stories can very quickly become technical and stiff with jargon which becomes uninteresting and will alienate the reader. In the desire to be accurate, some of our cybersecurity experts’ content tends to be dry, pedantic and appeals to a limited technology audience.


It is vitally important that we explain, educate and inform to be effective. Simplifying the technical implications into issues that impact the business, the community and society at large, tends to resonate and work better.

It ultimately boils down to people – how does it impact people’s lives, daily routines, and changes their landscape and this needs continuous education. The media will be a willing partner and advocate only if we can help explain and provide unbiased opinions for people to help people make the decisions.


Do not sell products. Advice, counsel, insights and opinions help.


I have written these takeaways looking back at my personal journey working with cybersecurity clients over the years. I have found it particularly successful when clients were at the ready to partner with journalists and provide the support to help educate their readers/viewers.


We have worked and trained clients in the cybersecurity space in Asia for the last two decades and it is a developing area with more to come, I am sure.


I hope these tips resonate. Let me know your thoughts at