Skip to content

Why The Cybersecurity Team Should Be The Marketers' Best Friend

Cybersecurity and marketing share the same goal: trust. Learn why closer collaboration strengthens brands and reduces risk.

Photo by Michaela St / Unsplash

Pure technical communication can be accurate and unreadable. Pure marketing communication can be provocative and empty. The best cybersecurity communication sits somewhere between the two: clear enough to be understood, precise enough to be trusted and interesting enough to be remembered. It takes a trusted partnership to achieve it.

Throughout my career, I have translated the latest threats into business impacts, turning feature lists, feeds and speeds into benefits, outcomes and relatable stories. You can’t do that effectively without understanding the technology, and as importantly, you can’t do it successfully without understanding the audience.

I’ve seen the damage a lack of trust between internal cybersecurity researchers and marketing can do. At best it means that campaigns don’t resonate with the target audience because marketing didn’t gather real insight from actual researchers, at worst it can lead to disengagement by the cybersecurity teams and contribute to a lack luster marketing response to incidents that impact corporate reputation.

Cybersecurity teams can be wary of marketing because they have seen the worst version of it. They have seen banal slogans and dramatic claims, and watched irrelevant “insights” become a campaign theme that isn’t going to work with customers because it doesn’t work with them.

Marketing can see technical teams as too direct, lacking nuance and not appreciating the buyer cycles and business pressures their campaigns are addressing. A lack of understanding of each other’s motivations, daily objectives and communication values can lead to distance, and when you can’t get what you want out of each other, you start avoiding each other. One side wants clarity, pace and a message that can move, the other wants precision, evidence and caveats.

That is why, if you work for a cybersecurity solution or service vendor as a communicator, the CISO, head of cyber research and their leaders should be among your most important internal relationships.

Firstly, they hold the most fascinating insights on adversarial tactics, user behavior, latest threats, and what the hottest topics in the industry are. Threat intelligence is data gold for building primary evidence and news hooks. Secondly. Marketing need their oversight for technical accuracy, and thirdly, perhaps most importantly, when a cyber incident occurs, PR needs information – and they need it fast.

More Lessons in Cybersec Comms from Lucy Millington:

Internal Communications Overload Creates Security Risk
If you work in SecOps more noise equals more risk. The more alerts you have, the harder it is to find the ones that need immediate action. Yet in my experience, this idea of more noise being detrimental to understanding, does not stretch beyond the SOC into business communications.

Partnership starts with shared goals

In my experience, CISOs and SOC leaders can be skeptical of engagement with marketing. They harbor concerns that anything they share will end up inaccurately published without their consent. They don’t have time to explain what they are doing – they have business and customers to protect, and threat-hunting to do. The SOC team and researchers are busy, really busy. They do not need to be hassled by marketing people. Experience may have demonstrated that they are not listened to anyway so why bother, there's nothing in it for them.

Yet, without doubt, the most successful thought leadership and company positioning campaigns come from the threat landscape insights from your cybersecurity experts. The unique perspective from within your organizations should be its most valuable marketing asset. Which is why marketing and CISOs need leadership alignment. Leaders on both sides whose responsibilities include business growth, talent acquisition and reputation protection should create a culture of partnership. CISOs and SOC leaders know that if their team has a great reputation amongst industry peers then recruitment will be easier, they know that becoming a trusted source will increase perceived product value, and through research publication they can get credit for the critical work that the rest of the company rarely sees or celebrates.

To build impactful campaigns marketing needs interesting data. These days, AI has made sifting and interrogating data for trend analysis exponentially easier, but you still need to know what questions to ask it. This is where partnership is paramount, marketers often assume that they know what they want to know, and those questions can sound frankly stupid to the person managing the SOC.

Researchers and marketers need to be able to discuss what is the market is getting wrong, which claims make the SOC team wince, what are competitors are saying that is technically accurate but practically meaningless. Marketing will appreciate where the company has a right to speak and where it does not.

Sometimes technical accuracy is not the same as communication effectiveness, the most precise explanation may not be the most useful one. Sometimes the hook that will get everyone listening is buried in the product feature description, and the story you think is obvious is only obvious to people who already know it.

A true partnership will turn stress into success

Partnership becomes even more important during a cyber incident. When a high-profile attack occurs, everybody wants information – fast. The primary audience are and should be customers, but partners, the media and investors want answers too. And this is where an already stressed cyber response team can be quickly overwhelmed with too many people asking too many questions.

As part of your incident response plan, assign a single point of contact in marketing and in the technical team to funnel all questions. If you have individuals able to triage requests for information, both teams can achieve their objectives without friction when under stress. A great partnership with your PR team can be your strongest ally in these times.

Communicators need to know what can be said, what cannot be said, what is still unknown and what language will create unnecessary risk. For PR people, the majority of the time during an incident is spent managing perception and communicating uncertainty, cybersecurity professionals are critical to helping PR reduce panic and amplify the best advice.

If you are a communicator in cybersecurity, make the technical teams your priority. Learn from them, challenge them, translate their stories and build campaigns with them. If you are a leader in the cybersecurity team, suggest a coffee with your internal PR contact, you might be surprised at how willing they are to make your team look great!

HOU.SEC.CON CTA

Latest