BLUF
There is rightful concern about events being misinterpreted, misconstrued, and wrongly portrayed by media, thus affecting public perception of an organization. Often the result is organizations not saying anything (or much of anything) to avoid message mishaps. Trouble is the lack of messaging is interpreted as a message in and of itself. If messages will be conveyed either way, it’s in our best interest to take control of what goes out to the public, using it to our advantage.
Background
Recently I was part of a media fright from a brand reputation perspective. Without the details, essentially there was a commonly occurring incident of the kind we in cyber security handle on a regular basis. It was effectively dealt with – but the media got ahold of it. Not a massive story, but enough.
The event type was BAU, handled over a hundred times each week. But this one incident with media attention caused alarm for both the business and clients.
In response, my initial thought was to highlight it not being of consequence, with teams having addressed it long before the media gave any attention. A feel-good success story of how we normally secure cyber for us and our clients . However, because it was going to the business – likely to be relayed to clients – the short feel-good piece was handed to the external messaging teams and re-framed. No longer talking about the good work being done, we instead addressed that there was an incident and it had been handled. And the message stopped there.
I’m not blaming the public or client facing elements to say what they did was wrong. They have their reasons for wanting to present as little as possible. Potential liability alone is a limiting factor for saying anything. If you do, the desire is to keep it from being twisted. Trouble is, if we haven’t given the media much, they will make it up themselves and come to their own conclusions. As will the business. And the public.
If – and this is purely if – we are looking to take a more central role in thought leadership and setting the standards for cyber, it requires people to pay attention. If we want them to, we have to give them something to talk about further. This requires a different approach utilizing a basic, fundamental concept.
Everything is messaging.
All we say or don’t. The actions we take or do not. Support we give, accept, or abstain from. It’s all a message to those paying even cursory mind to us.
Creating a smart advantage requires preemptive messaging.
Putting thoughts out there for others to interpret. Offer advice or commiseration. If we keep transparency and communications up internally, we can look for and capitalize on opportunities to make cyber a part of the conversations had with and about us.
As here’s the beautiful chance we presently have for a limited time: none of our peers know what to say.
-scl
Maelstrom Advantage 
Pingback: Losing in Cyber – Maelstrom Advantage
Pingback: Starting Somewhere – Maelstrom Advantage
Pingback: Narrative Void – Maelstrom Advantage
Pingback: Securing Third-Party App Risk and Controls – Maelstrom Advantage
Pingback: Left of Launch – Maelstrom Advantage
Pingback: On Challenging Rationality – Maelstrom Advantage
Pingback: Uncovering Possible – Maelstrom Advantage
Pingback: Messaging, Hanlon’s Razor, and the 95% Rule – Maelstrom Advantage
Pingback: Enemies Required – Maelstrom Advantage
Pingback: Stories, Arcs, and What to Hang on Them – Maelstrom Advantage