Does cybersecurity have a comms problem?

Does cybersecurity have a comms problem?

Alexandra Kourakis

Alexandra Kourakis

Earlier this month, I attended Tech Show London at the behemoth that is the ExCeL. Aside from getting my hands on a free waffle, I listened in on a particularly illuminating session on comms in cybersecurity – now the basis for this piece.

Cybersecurity and the CSI Cyber Effect

How long is a piece of string? That was the first answer when panellists were asked about some of the common comms challenges faced in the cybersecurity sector. But seriously, what are some of the key challenges?

Firstly, public perception. Cybersecurity has been given the Hollywood treatment, with films and TV shows depicting impossibly attractive actors somehow cracking MI6’s firewall in minutes. Are these scenarios actually possible? Maybe. Regardless, the Hollywood effect has muddied our understanding of what cybersecurity professionals do, why it’s important, and what an actual threat looks like.

In reality, cybersecurity is just about taking care of things; it’s foundational, it’s normal, it’s part of the everyday. But building it into the day-to-day running of a business isn’t as straightforward as it seems. In fact, one of the panellists noted that, in his experience, a lot of companies don’t have a cybersecurity crisis comms plan in place until an incident actually occurs.

It’s going to be difficult to embed cybersecurity across a business if there’s a lack of internal comms, and absolutely zero external comms plans in place. But, as one panellist noted, comms is the number one life skill to have – so how can it be deployed here?

Bridging the internal comms gap

Improving comms in cybersecurity starts internally, by bridging the comms gap. When asked about how this can be done, one panellist said that the answer lies in relationship building, as it trickles down into every area of a business. Another argued cybersecurity should be embedded into projects; it might not be the most exciting aspect, but it is needed. And, of course, the importance of language came up – if an organisation develops a shared language of risk management, it can be incredibly beneficial.

Interestingly, one person said that they would like to see more difficult and awkward discussions happening, especially in the event of an incident. Sure, they’re uncomfortable, but a shared ownership of risk is needed, and being conscious of risk should be normalised across every area of a business. And if a breach occurs, trace it back to see what mistakes people are making to ensure that they don’t happen again.

Never neglect crisis communications

Bridging internal gaps is crucial, but the driving force behind a lot of the session was the need for a crisis comms plan. Think about it: we wouldn’t dare leave our homes without first locking the front door. We don’t even think about it because it’s engrained in us to just do it. The same line of thinking needs to be applied here, and having a comms strategy in place for incidents and breaches has the potential to either make or break a reputation.

In a nutshell, an airtight crisis comms strategy looks like:

  • Keeping communication lines open. Externally speaking, it’s important to keep the customer informed, even if there’s nothing to say. Not every detail needs to be shared but keeping them in the loop shows that you’re taking an incident seriously. Internally speaking, I’ll paraphrase what one of the panellists said: the organisations that handle incidents most effectively are the ones that can wake up at 3am and already know exactly who to call. And the ones who are being called will already know why, where the comms plan is, and the next steps to take.
  • Redefining messaging. It’s not just about processes. Stressful situations can impact articulation and make even the most unwavering spokesperson fluster, so prepare base responses in advance, stick to them, and update them as and when necessary.
  • Living and breathing the plan. Crisis comms is not a box ticking exercise, and a plan should not sit on a shelf gathering dust. Rather, treat it like a fire alarm: build an organisational culture that constantly tests the plan under various scenarios. Keep it updated and drill it into the workforce. Live and breathe it; you never know when you’ll need it.

You may not be munching on a waffle right now, but hopefully you’ll have read this and come away with some important insights. The bottom line? Both internal and external comms have a major role to play in cybersecurity, and if you don’t yet have a crisis comms plan in place, it’s never too early to start working on one.

Share this story:

Read more from the blog

Blog

Avoiding the pitfalls of impulsive PR

While it is tempting to be part of the hottest media topics of the day, businesses should be wary of getting involved in conversations they really shouldn’t be ...Read more

Matthew Healey
Matthew Healey
Uncategorised

Setting Sail: Navigating the Business Seas with Reputation

In the vast and often turbulent waters of the business world, organisations must navigate through ever-changing currents, unpredictable storms, and shifting tides. ...Read more

Selina Jardim
Selina Jardim
Blog

SAG-AFTRA Strikes and the Ripple Effect on AI Adoption

The influence of the recent SAG-AFTRA strikes extends far beyond pay. Driven by concerns over fair compensation and working conditions, the strikes have highlighted broader issues surrounding the relationship between technology (AI in particular) and labour. ...Read more

Emily Royle
Emily Royle

Add a comment

Time limit exceeded. Please complete the captcha once again.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Is it time to shape your reputation?

We operate in London, Paris and Munich, and have a network of like-minded partners across the globe.

Get in touch

Sign up to Spark, our newsletter

Receive thought pieces from our leadership team, views on the news, tool of the month and light relief for comms folk

You can unsubscribe at any time, please read our privacy policy for more information