Making your voice heard in the aftermath of a cyber attack

If you work in b2b tech PR you are likely to recognise the scenario.

Another big brand has hit the headlines, becoming the latest company to be hacked. Sensitive customer data has fallen into criminal hands, and a hungry media has questions: how did it happen, who was responsible, how does the company plan to respond and how can other firms reduce the risk of becoming the next victim?

Those journalists know that they won’t have to wait long for answers. Within minutes their phones are ringing with offers for briefings and interviews, while their email inboxes are filled with statements from PRs offering ‘unique’ and ‘insightful’ commentary from their cybersecurity clients.

The tactic of the ‘issues jump’ – responding to breaking news stories in the hope of getting coverage for your own brand or client – has long-been the bedrock of many PR campaigns. Tech journalists, particularly those who regularly cover data breaches and cybersecurity issues, are well accustomed to being bombarded with generous offers of expert commentary every time a hack becomes public knowledge.

And the rate at which details of those hacks see the light of day has increased in recent years. In the UK there are a number of situations in which an organisation is obliged to disclose a data breach which may have involved a cyber attack. For example, the General Data Protection Regulation (GDPR) requires all organisations to report certain types of personal data breach to the relevant supervisory authority.

From a PR perspective, a timely and carefully considered public disclosure of a breach allows a company to guide the external narrative: the last thing you want is a journalist contacting your press office to let them know a breach has occurred before your comms team has been told. A company’s statement will be carefully scrutinized – not only by the press, but also by dozens of cybersecurity experts keen to offer their own response. So how can you cut through the noise and get your views in front of the most influential journalists?

Last month, Babel hosted a live-streamed event which looked at how cybersecurity has been impacted by COVID-19. Panelists included Nicole Perlroth, cybersecurity reporter at the New York Times. Nicole has covered Russian hacks of nuclear plants, airports, and elections, North Korea’s cyberattacks against movie studios, banks and hospitals, Iranian attacks on oil companies and the Trump campaign, and hundreds of Chinese cyberattacks. We took the opportunity to ask Nicole for her tips on how to best to pitch to her and other tier one media in the aftermath of a major breach:

1. Know your journalist. Don’t email a journalist about a story they have written with the introduction, ‘you may have read a story about this cyber attack…’ and then use your brand’s spokesperson as a mouthpiece. They know about the story…they wrote it! They’re not going to cover it again and they’re well aware that you’re “blasting every journalist on earth. It’s not going to go over well. You might as well not send it. It’s a little bit embarrassing,” said Perlroth. Think about the development of the story
2. A story has broken and been covered extensively. Opportunity lost? Not always. You’ve done your homework and researched your target journalist and their beat. You know which element of the breaking story they’ve already covered so it’s obvious they’re not going to cover it again…with your client shoehorned in. So, “think creatively about: what’s the day two story? The day three story?” How is the story going to develop and what can you add to the story to progress the narrative, shine a new light on an emerging threat, provide solutions etc.
3. Dig deep for data. Your organisation is likely sitting on a wealth of data. Dig deep and see if you can re-purpose facts and figures to provide a new angle on an existing narrative or breaking news story. Is there data you can pull from your networks? From your clients? Do your marketing and product teams have insight that could be useful? Or, get fresh data. Could you commission a new survey around an upcoming trend/ hot talking point you’ve identified?
4. Think about the reader. Readers want to learn how to protect their business and users from attacks, but every business is different, the threats may be different, their objectives and motivations will be different. The cybersecurity and tech trade press are not a homogenous mass. Titles have different readerships, so make sure you have a strong knowledge not only of your journalist, but of your reader. And don’t forget: readers want to be entertained and engaged. “If it’s not interesting for the reader then forget it, you might as well not send it at all.”

You can read more about our cybersecurity event in this free whitepaper. And if you’re a brand trying to get your name out there and your messages heard in the cybersecurity space, we’ve got the knowledge, the contacts, the experience and the team to help you – get in touch.