What the Cybersecurity Media wants from Tech PRs
We ask the editors
If you want to get more out of your cybersecurity PR and news stories, this article will tell you how. We interviewed some of the top industry journalists to find out what they valued most and least from cybersecurity article pitches and press releases.
A big thank you to our contributors:
Beth Maundrill, Editor at Infosecurity Magazine
Tom Allen, Editor at Computing, computing.co.uk and Delta
Tony Morbin, Executive News Editor EU at Information Security Media Group
Dan Raywood, information security freelance writer.
1. What makes a good security story? What turns cybersecurity editors’ heads?
Editor of Infosecurity magazine, Beth Maundrill comments that she’s always on the look-out for, “real-life case studies. A breach that was dealt with, how it panned out on the inside and what lessons were learned. We know this is difficult because many orgs don’t want to go public with this information but that’s what makes it so exciting, and the cyber community can really learn from this information.”
According to Dan Raywood, a freelance journalist who’s been writing on the subject of IT security for 15 years, the rules for a good security story are simple: “Something that engages the reader, seeks to tell a story and is well written and researched.”
Tony at Information Security Media Group told us: “When choosing which story to follow up, we try to pick the one that will have the biggest impact on the reader in terms of doing their job better, helping their company or their career.”
He went on to say: “Our audience targets cyber security professionals, so we are not looking for advice to consumers.” Tony also looks for new, insightful, attributable comment (which give the full name and job title of the person quoted). “We want quotable quotes, i.e. not what everyone else has already said”
Tom, Editor at Computing says: “The most interesting stories, aside from those about something going wrong, are always the ones that involve a new use of technology, whether it’s a brand-new approach or an innovative use of existing systems.” He reported finding it frustrating when people don’t explain properly why a certain technology, such as AI, has been used or what is important about it and what benefit it will bring to security that other solutions don’t.
In most instances, the media want board level contributors – not a sales or marketing executive, as this can make readers feel that they are being sold to. Editorial content should be about sharing information and knowledge, while provoking discussion and debate.
At EC-PR, our rule of thumb is that a story needs to introduce something new with a clearly articulated benefit, and it should only be sent to media who have an expressed interest in the subject matter. Stories should always be well-researched and written in a way that’s engaging to the reader.
2. Why do some ‘great’ stories sometimes fail to be published?
Over the past 20+ years, we have never once failed to get press coverage for a story. Our process for researching, writing and securing approvals is robust – this is rooted in deep professional respect for both our clients and our press contacts.
Interestingly, Tom tells us that some great-sounding stories arrive in his inbox incomplete and even when he asks for further details, he gets no response or an unusable one. He firmly believes that where subject knowledge is concerned “a little really does go a long way – any journalist will respect their PR contact more if they can discuss a press release with them instead of hearing the dreaded words, “Let me get back to you on that.”
Tom also says that slow response times can kill a story.
“Occasionally, answers to my questions come back within an hour; at other times I’ve waited days, by which time the story is old news. There’s often a reason for it, but journalists need to be informed if there’s a significant delay so that we can find another source.”
Beth also believes that “it is hugely important to be clear and concise, so we have a good, quick understanding of the story you are trying to tell. If I take a quick read of a press release/email but don’t fully understand it, then it is less likely to get picked up. ‘Why this is important to the industry’ is key.”
3. What can PRs do to help cybersecurity editors produce interesting content?
An editorial campaign should include a variety of content types including news, thought leadership, comment, blogs and case studies. Case studies are particularly prized by the media and as such, are often the hardest to secure in any depth.
Tony commented that, in addition to providing the basics (who, what, why, when, where and how), providing detailed narrative on why something is important will help a story to stand out, especially if your story is one of several on the subject. He also points out that a good picture can sell a story.
Asked the same question, Beth talked about the need for diverse, interesting speakers and interviewees that are experts in their field. “We’re looking for quotes and commentary from people in cybersecurity roles e.g., researchers, CISOs, security evangelists and threat analysts etc. and not just from vendor marketeers. I am really keen to emphasize the diverse side of things here, at Infosecurity Magazine and give a voice to experts from diverse backgrounds within the cybersecurity industry.”
Dan made an interesting point about journalists being so busy with essential work and deadlines that they’re just not able to follow up on every opportunity.
PRs would be wise to take heed. With this in mind, partially formed, poorly thought-out ideas are simply not going to get a look in.
4. What are the most common mistakes people make when approaching you?
Over the years, we have learnt that telephoning cybersecurity editors and journalists to ask if they’ve received a press release is a waste of everyone’s time, but Tom’s experience surprised even us. He told us that PRs phone him
“Just to read off the first paragraph from a press release and then ask if they can send the PR to me: instant turn off. Don’t do it.”
Being accurate is critical to the credibility of journalism. Journalists check their stories and expect press releases to be accurate in the information they share, so this bugbear of Tony’s is understandable: “We make mistakes, but we get really annoyed when PRs make the mistakes for us, then send us a correction, asking us to change something they previously got wrong.”
Tony also gives a valuable heads-up: “A big mistake is not putting the most important/interesting thing at the front. E.g. Everyone at MYbank has had £100 stolen from them, is a lot more attention-grabbing than New research has been published by leading global cybersecurity company LockupmyData, conducted by the highly regarded Whatsitallabout research company, as a result of interviews with 6,000 cybersecurity professionals last year. The findings show that Lockupmydata is rated reliable by 49% of respondents… with a mention of the £100 three paragraphs later.
“We want all those details, but first we want to know why we should care.”
What Dan calls a ‘common mistake’ is more fundamental and perhaps less forgivable.
“Not knowing what we actually cover or what we and our audience look for.”
Beth also added that a personal touch is important. “If we’ve not spoken before and I receive a pitch it’s not likely to make it far. We receive dozens a day so there is something to be said for a personal touch – even if that’s just an introductory email to let us know who you are and who you represent before sending blind pitches.”
The key take outs from these conversations are that cybersecurity editors and journalists remain busy, inquisitive and professional people. They need fully formed, well written and engaging material combined with informed and responsive communication.
If you’re tardy in dealing with the press you can expect your media profile to languish but treat journalists with the same professional respect as you would any other highly-regarded business colleague and you’ll reap some impressive rewards.
Avoid these mistakes. Bring on board the Tech PR experts.
We work with tech editors on a daily basis and have vast experience in pitching, placing and writing articles that make the media, and their audience, sit up and listen.
Are you looking to rasie your company profile in the cybersecurity media? We can help you realise your goals. Get in touch with us.
Other content you may find interesting:
This blog was first published on LinkedIn.