Your Cyber Crisis Marketing Strategy: Doomed From The Start?

No offense to anyone who is doing great at talking up the cyber crisis marketing strategy and overall awareness around the need to do something, but strategy and lingering to-do lists alone aren’t going to cut it any longer. Time and time again we see organizations seeking such advice and Internet counsel, only to check that box for awareness and never really prepare. Okay, maybe a bit of preparation, but never really enough to count for much once things have to be put in motion.

But this is the world we live in. When a real cyber crisis is actually looming or present, everything suddenly gets even more compartmentalized. Legal wants to lock stuff down. Information security wants to hide behind the firewalls. Marketing wants that specially worded public statement or press release that will be so amazing that it restores faith in an instant [sound the heavenly angels singing clip]. And right on queue, all that great strategy kind of goes out the window. As Mike Tyson said so well, “Everyone has a plan until they get punched in the face“.

The Cyber Crisis Marketing Strategy Needs Execution

Take, for example, a great blog post by Bess Hinson, where, from her view as an attorney, lays out all the core fundamentals of crisis communication. And, we might add, certainly better than most posts that we have seen. What really makes hers come to life over all the noise though, is her recognition that social media is the new game changer. It’s the new fire, which of course must be fought with fire.

As evidenced by public reactions to the recent, high-profile breach reported by Equifax, regulators and security bloggers can respond quickly by posting real-time feedback to breach events on Twitter and other social media platforms. As such, communication professionals need not only to sit at the table as company leadership prepares announcements to affected customers, but communicators are also likely to be called upon after the breach event is made public. In that capacity, they can help to strategize regarding the response in the face of often emotional, fast-changing criticisms from a variety of interested parties, including those persons who are directly impacted by the breach, as well as shareholders, law enforcement, and government regulators from various jurisdictions.

Elizabeth K. Hinson | Crisis Communication Management and the Cyberattack

Execution Time


When a breach or other major cyber incident happens, you can bet that there’s going to be a fair amount of execution. The best of the best will execute their strategy to perfection. Those who don’t will find another far less personally and professionally beneficial definition of the word.

The most obvious gap is one that, while manageable, is seldom accounted for at the scale required. It’s simply not the strategy, but rather the ability to sustain the multiple channels of communication and brand restoration for as long as it takes. This means social media marketing. It means influencer marketing. It means tireless creativity and daily refinement to the playbook. But most of all, it means asking all those “strategy” consultants just how on earth the existing in house talent pool can do all of that, day in and day out, when it absolutely must be done. Because the lack of realistic planning for the support team is where the strategy will ultimately fail.

The second gap to any otherwise successful strategy is only focusing on the overall brand itself. After all, it’s not the company that most lost trust in. They lost faith in the cybersecurity program. And they deserve full credit and respect for being able to separate the two. All of this means that in order to defend and recover the company brand, the execution surrounding the information security program will be the real high impact area. But alas, all the strategists out there don’t like to talk so much about that, as that’s not really their field of expertise. If it were, they would be able to look at incident response findings and detailed Governance Risk & Compliance (GRC) data and absorb it without so much as a single “now what does this mean”.

Subscribe to the Academy

Written by Kevin Peterson

Kevin Peterson is the founder and chief content officer at ZecurityAscent, where he is the combined marketing/cybersecurity thought leader in enhancing your corporate brand before a cyber crisis, so that you can quickly recover after one. His background includes over 30 years in various security-related roles (up to the Fortune 5), of which the majority are as a Silicon Valley security marketing and branding expert. Adding to this is his own professional brand as an author, blogger, speaker, and United States Air Force veteran.
Find me on: