The importance of cybersecurity awareness (beyond the month of October)

If you work in B2B tech PR or marketing, you will no doubt be ‘aware’ that we are in the final few days of Cybersecurity Awareness Month.

In fact, you may even question why on earth we need a specific month dedicated to a topic which is part of our daily (working) lives. It seems that every day there is news of a data breach or hack, or government policy about how to reduce the rate of such incidents.

Only this past weekend we have seen another big brand – Tesco – hit the headlines for all the wrong reasons. At a time when retailers are increasingly reliant on online orders, Tesco became subject to an apparent hack, leaving shoppers unable to access the website or app to make orders.

The Tesco incident is the latest in a seemingly endless stream of cyberattacks reported by the media in recent months. They include an attack on the US Colonial Pipeline in June which disrupted fuel supplies for several days causing fuel shortages and queues at pumps. The following month US IT firm Kaseya was the focus of an attack by REvil ransomware actors, which used the software vendor to breach and infect hundreds of other firms and caused disruption.

No industry is immune to such attacks, with organisations in both the healthcare and education sectors coming under fire from adversaries. Even UK charities have found themselves as targets – 26% reported a cyber breach in the 12 months to March 2021. The unscrupulous nature of cybercriminals, combined with the growing diversity of methods employed to trick their way past enterprise defences, is making it increasingly difficult for firms to avoid becoming the next victim.

Which means that these attacks will continue to happen and the media will continue to report on them, helping all of us – consumers and employees alike – to remain ‘aware’ that cybersecurity is a key priority for all businesses. Yet while it may appear – particularly to those that work in B2B tech – that the rate at which the media is reporting on cyberattacks is on the increase, is that really the case? A recent study suggests otherwise.

A team of researchers at George Washington University’s School of Media and Public Affairs, commissioned by the Hewlett Foundation Cyber Initiative, examined mainstream news coverage of cyber issues. They found that coverage of cyber stories dropped by 87% in 2020 amid a huge volume of pandemic and US election-related coverage. However, the depth and sophistication of that coverage continued to increase, with more than 80% of the cyber stories in the study classified as “substantive.”

The Cyber Initiative comments that the trend toward deeper coverage of cybersecurity stories is “laudable”, but warns that “many stories still focus on the hack of the moment, and coverage can still be surface-level or sensationalistic, particularly when a story brushes up against news beats like business or politics, where journalists have less experience writing about the underlying technologies of cybersecurity and their policy implications.”

It is true that a proportion of cyber media coverage in recent years has been ‘sensationalistic’. Fear, uncertainty and doubt – or FUD as it’s affectionately known – is often used as a communications tactic to capture attention. Unfortunately, some security vendors are still selling FUD by the bucket load and, according to Babel’s recent cybersecurity FUD report, the media and its loyal followers are no longer buying it. The full report, which is available for free on our website, includes the views of a number of journalists and aims to identify the most effective, authentic and accurate way of telling cybersecurity stories.

Here are Babel’s top tips when considering how best to comment to the media in the aftermath of a cyberattack:

• Educate your audience on the potential and real risks, but avoid hyperbole;
• Focus on solutions, not the nitty gritty of technology to deliver a business proposition;
• Provide simple, but effective tips or guides to demonstrate solutions in action;
• Step outside of the FUD and say something positive and constructive to move the conversation forward;
• Work with the media to learn what they need to build a clearer story for their audience.

The above gives you a flavour of the type of counsel we offer our cybersecurity clients, and will continue to do so long after the end of this particular awareness month. So, if you’re ready to scrap the FUD, build a compelling communications campaign, and are interested in hearing what Babel has to offer, get in touch.