Five Things Every Internet Security Company Needs To Know about PR

Posted on February 23, 2016

By Angelique Faul

The RSA Conference turns 25 this year. It started in 1991 under the drab moniker “Cryptography, Standards & Public Policy,” adopted the RSA name two years later and is now the world’s largest information security conference, drawing nearly 30,000 attendees and 400 exhibitors. I’ve attended about half the RSAs so far and will be at the Moscone Center in San Francisco again the first week of March.

The silver anniveRSAry has me reflecting on the special work, all year long, of carrying out communications strategies for security companies (an area of expertise we’re very proud of at Kulesa Faul).

Special not only because Internet security is an inherently important and fascinating topic but because security companies need to play by some unique rules when they do PR. These idiosyncrasies might explain why most security firms insist on working with communications pros with deep experience in the space.

Here are five hard-and-fast PR principles for security companies:

  1. Insights are essential. Security companies must be able to offer compelling and unique information to reporters and other influencers, and one of the most effective tactics has proven to be original research or data about pressing security issues. Great examples are BitSight’s Insights reports and Distil Networks’ annual Bad Bot Landscape studies. These reports generate excellent news coverage and get cited in ongoing media coverage; they’re also a wellspring for other content marketing vehicles such as contributed articles, blogs, podcasts and infographics.
  1. It’s about the problem your product solves, not the product itself. Security clients sometimes are initially surprised to hear this, but very few reporters and other influencers care about their product. Giants like CheckPoint and McAfee may get some product coverage, but hardly anyone else does. The conversation has to be about particular security challenges, not features and functions.
  1. You have to be able to make PR hay without customer references. Customer references typically are a requirement for tech companies in media work and a host of other PR and marketing activities, but these usually don’t exist for security companies, for the obvious reason that few companies want to talk publicly about such a sensitive matter. The good news is that most security beat reporters understand this. But the lack of third-party validation makes Principle #1 all the more vital.
  1. You need a super-tight crisis communications plan. Security companies must have a detailed plan in place to inform media, analysts, customers, employees and other key stakeholders quickly, clearly and consistently in the potentially embarrassing event that a customer suffers a breach. At the same time, you need a similar plan in case you get breached.
  1. Lose the marketing-speak. To break through the noise in the security space (remember how I said 400 companies exhibit at RSA?), every security company needs an articulate technologist/evangelist, especially when talking to reporters. That spokesman must be able to speak at a high level about security challenges and how to address them. I’ll say it again – it’s all about thought leadership.

Security companies that adhere to these five rules are likely to enjoy the increased brand awareness that results from a smart communications strategy.

See you at RSA!