Cyber-attacks and the role of comms

Back in May, I asked a cybersecurity expert which organisation he deemed most under threat from hackers, to which he replied, without a moment’s hesitation: the NHS.

The following morning, all the major media channels were rife with breaking news headlines of the WannaCry ransomware attack causing chaos for NHS Trusts and its patients.

A coincidence of course, but an example of the expertise cyber professionals have to understand how hackers work and where threats lie.

As B2B communications professionals, we often have a unique view of how organisations are dealing with the threat of cyber-attacks. We work with clients who employ some incredibly talented cyber-security experts to safeguard their data, and who have a lot to say about the ways governments, industries and everyday people should be defending against hackers.

When it comes to speaking externally, however, few companies are willing to discuss cyber policies. So why is this?

Recently, a security expert from another client shared with me his view that his industry is more vulnerable to a cyber-security attack than ever before. He argued that the threat is exasperated because no company is willing to share information about the attacks they are encountering, for fear of panicking their customers and appearing vulnerable.

This is the catch 22 situation of cyber practice. The best chance of preventing any potential breach is for organisations to share information on the latest malware attacks so that defences can be developed in collaboration with others, however no company wants to expose any potential weaknesses.

To date, this has led to work on cyber prevention continuing to happen in isolation.

But with the past 12 months bearing witness to a succession of high-profile attacks on major organisations, attitudes towards cyber-security do appear to be changing. A breach is starting to be looked upon less as a weakness of the targeted company (blame), and more as an example of cyber-crime becoming more sophisticated (support).

Media coverage has also started to focus less on the companies involved and more on the source of the hack and methods used, meaning the public image risk has reduced. Meanwhile people are becoming more interested in the quality of an organisation’s cyber-security practice, which is opening up opportunities for businesses to start publicly talking about their work, and even to become thought-leaders for their respective industries on the prevention of ransomware attacks.

Over the coming years businesses will become more dependent on communications agencies for consultation on the best ways to talk about their cyber-security in order to earn favourable recognition for their policies.

It remains a sensitive topic, however, and there will be small margins between success and failure.

Successful cyber-security storytelling will rely on intelligent messaging, delivery of the right type of content, and absolutely perfect timing. It will become a test of an agency’s ability to analyse the changing media landscape and make accurate predictions on the right time to chime in.  

The agencies that do this best will unlock exciting new business opportunities, and become a vital part of the way data is protected in the future.