Cybersecurity professionals have a responsibility to make consumers and businesses aware of the threats they face, and how they can protect themselves. But what’s the best way to inform without unduly frightening people? Marketers need to take a more positive approach.
In cybersecurity, the fear of a cyberattack often permeates the industry. It’s a classic conundrum in our business: how do cybersecurity companies appropriately inform security leaders, influencers, businesses and organizations about the threats and risk they’re up against without resorting to the usual fear, uncertainty and doubt tactics (FUD)?
How do you get their attention without unduly scaring the (figurative) pants off of them? After all, stolen identities, data breaches, phishing attacks, ransomware – these are all serious things. We all read about the millions of dollars lost to cyberattacks.
But how far is too far when it comes to scaring people? And is it possible to make businesses and consumers take note of cybersecurity threats in a more positive way?
Learn More: Taking on the Patching and Configuration Crisis: 3 Critical Steps for 2020Opens a new window
Fear in the Cybersecurity Industry
It’s perfectly understandable why using scare tactics to educate people is so tempting. We naturally want to wake people up to the problem. And other vendors might tell you, fear helps them sell. It’s why you can turn on the news at any hour of the day or night and see all sorts of scary things – not just about cybersecurity, although massive data breaches, ransomware and other types of cyberattacks have certainly made plenty of headlines in recent years.
But we can certainly take a more measured, reasonable and positive approach when we talk about the threats that exist. We can have a conversation without all the hype and hysteria. In fact, in my experience, most organizations are quite well-informed about the threats they’re up against and are often tired of FUD tactics from vendors.
Fear mongering only goes so far, and it loses its impact once people are aware of the problem. When you hit people over the head with a negative message time and again, they will eventually tune it out. Either they actively avoid it, or they become numb to it. Willful ignorance will set in.
Also, among people who have yet to be impacted by a cybersecurity incident, a sort of “Boy Cries Wolf†can become common. In other words, “Wake me when the threat becomes real.†But as we know, it is all too real. And I get it. It’s hard to sell someone on an event (data breach) that might happen.
Scare tactics also ignore any positive aspects there might be around a security incident. When a story breaks about a data breach, for instance, the focus is always on the damage done. How many individuals’ personal data was compromised? What was the financial loss? From a news media perspective, that makes perfect sense. As they say, “If it bleeds, it leads.â€
Learn More: Don’t Just Grant Access. Positively Identify Your UsersOpens a new window
The Responsibility of Marketers
But as marketers telling a story in order to educate, we should focus more on what went wrong – an unforeseen vulnerability, a protocol that wasn’t followed – and provide tips and best practices on how those mistakes can be avoided in the future. After all, what’s the point of highlighting these incidents if we don’t provide a lesson from which people can learn? It’s important to stick to the facts, and what we learned, so we can better inform and educate our audiences and fellow vendors on how to help, not berate.
What if we highlighted how an attack was caught and stopped – even if there was some initial damage done? Or better yet, how about seeking out stories about how potential threats were caught early and thwarted? In other words, we should celebrate the cybersecurity wins as much as much as we hype the big catastrophic losses. As many data breaches that have happened, there are thousands of others that never happened. We can learn from those events, too.
As marketers and strategists, we have to change the conversation around cybersecurity. Marketing used to be the strategic arm of an organization – the ones educating and informing the market in honest and authentic ways. Now it seems it’s simply become a race to gain attention at any cost. There is a balance we can strike between making people anxious and causing them to switch off and ignore the problem. The key is using these incidents as opportunities to learn and educate others about the risks, so we can all get smarter and be better prepared for the next threat.
While I understand that a little bit of fear can be a good motivator, as emotion brings these issues closer to our companies, even our lives. However, too much can have the opposite effect. It can be a fine line but telling more positive stories will allow us to take a more proactive approach in the fight against cybercriminals. And then maybe they can be the ones who are scared.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!