We cannot ignore cybersecurity in 2024: it’s at the top of the agenda for almost all organizations. But have you thought about using these efforts in your communication to create a success story for your company? Kristof De Roeck, managing director of IT communication agency All Colors of Communication, explains how to approach this.

1. Get the team on board with your story

It’s a cliché in cybersecurity, but people are the weakest link. This has become particularly true since the rise of working from home, and now that AI-driven phishing is more convincing than ever before. Raising awareness about cyber threats is crucial.

Training starts with strong internal communication about the risks and pitfalls that employees encounter. Develop a concrete policy with rules and best practices on how people should communicate, make backups, and upload or download files.

The golden rule of good communication? Repeat your message regularly. If you want every employee to be aware of how to correctly handle links and files, cybersecurity must constantly be on their radar. A one-time email or an annual training session is not enough — you want to create a mindset that keeps everyone alert.

Update your story regularly to align with the latest security challenges. The rise of AI is a case in point. Sharing sensitive information on ‘open’ channels like ChatGPT is dangerous — and employees should be made aware of this.

Finally, your internal communication should foster a culture of openness and trust that enables people to recognize and report any incidents and threats immediately. If someone clicks on the wrong link, a quick response is essential to minimize the damage. Make it clear that this can happen to anyone. A culture of transparency makes it easier for employees to promptly report incidents. And if something goes wrong? Make it a learning moment.

2. Show what you do

Communication about cybersecurity is not limited to the workplace. You also strengthen your company’s image by showing how serious you are about security. This doesn’t mean you have to publicize your security strategy — simply demonstrate that you keep up with the latest trends and leave nothing to chance. You will foster an image of reliability and professionalism, and prompt competitors to think about cybersecurity too.

If you organize an internal workshop on phishing, post about it on your social media. If you unleash an ethical hacker on your company, first close all the back doors, and then share your experience. Or if you partner with a strategic partner to strengthen your cybersecurity, issue a press release. By proactively communicating about measures, you make it clear that you are not blind to today’s risks and that you are addressing them. This instills confidence in partners, customers, and prospects. Think about it as a home alarm system — cybercriminals will think twice before attacking a company that has invested in strong security.

3. Keep your story under control even in times of crisis

Communication is essential in a crisis, but some companies keep silent about cyber-attacks for fear of muddying their image. But what happens if the story comes out anyway? With good crisis communication, you take control and prevent a story from taking on a life of its own. Communication is the bedrock of any Incident Response Plan.

How do you start communicating at such a moment? First of all, ensure that the key figures in your organization are aware of the problem. Then notify your security partner so that they can be on-site promptly to start extinguishing the fire. The next step is to inform the outside world: your customers, partners and suppliers. In the worst case, the hackers will also try to infiltrate their systems too. Consider sending out a press release afterwards and provide regular updates on the situation.

Meanwhile, companies and customers understand that a cyber incident can happen to anyone. If you communicate openly, you will receive understanding, and help to further break the taboo. The information you share may even help other organizations identify vulnerabilities before cybercriminals can exploit them.

And finally, after an attack, share the lessons learned, both internally and externally. Even events and trade shows (such as Cybersec Europe) offer a strong platform for exchanging knowledge.

Your security story has no end. Every experience is the beginning of a new chapter and will ensure that cybersecurity remains on everyone’s radar.