Building your brand in the highly competitive UK cyber security market is an essential ingredient for success, and PR is the most impactful and cost-effective way to do that. A unique advantage of PR over marketing activity is that while marketing comes down to you saying that you have the best technology on the market, PR will mean it comes from independent, third-party influencers, which is much more powerful – especially if they’re local sources.
Alongside the media, other advocates can include analysts, channel partners, end users and professional bodies. A good PR strategy should embrace all of these potential influencers. These advocates can play a powerful role in building the credibility of your company and differentiating it, and local knowledge is crucial for identifying the right people to talk to, and the right events to attend.
Press coverage and word-of-mouth among influencers will generate new business leads for your sales team and channel partners. A competent PR agency will also help you to refine your messaging and focus for the local market. PR activity, particularly when combined with a strong content creation strategy, can be the engine that drives an integrated sales and marketing campaign to build awareness and generate market pull by driving traffic to your website.
Unsurprisingly, there are many parallels between localisation for PR and for your channel strategy and many of the same misconceptions hold true. One of the most common mistakes is for a vendor to decide it doesn’t need to invest in localised PR or even marketing of any kind, because their distributor says they will take care of building the brand for them. While a good distributor can work wonders for establishing your route to market, channel activity needs to be supported by strong PR and marketing activity to be effective and the vendor should not delegate their responsibility for the vital task of building their brand in the market.
The timing for a PR launch can be one of the hardest decisions to make. A common approach is to put PR off until the channel is already set up and revenue streams have been established. As with many other big decisions, this can turn into an eternal wait, with the vendor finding they never quite have the amount of revenue they need.
Instead, channel and PR should be launched in tandem, as they are mutually beneficial on a number of levels. Coverage from the PR launch will start to generate new business leads directly, as well as providing some useful buzz that can be magnified in intensity through social media channels to a variety of stakeholders. PR can also directly tie into the channel itself, with campaigns focusing on the UK’s dedicated technology channel press – helping the vendor to attract new partners in the region.
Another common misconception is that a US agency will be able to take care of the new market – after all, they do all speak English. While a good US agency will usually be able to secure some opportunities with the UK media, it’s a huge mistake to assume this approach will create the kind of meaningful, consistent press coverage that will help to generate new business leads and develop a thought leadership position. This approach is usually born from the desire to cut costs, but instead the vendor will find they have wasted the increased fees they were paying to their existing US agency and will have little to show for it in the long term.
One of the biggest barriers for a US agency attempting to handle the UK press is the time difference. Unless your US team is happy to wake up in the middle of the night to check the news agenda, you will almost certainly miss all breaking news for the UK market – one of the most important opportunities to get involved in the media and make a name for yourself.
The UK security market is so crowded that most journalists in the field are inundated with offers for comment and interviews at the best of times – and positively buried alive when a major incident such as a big-name data breach occurs. Combined with the fact that journalists are forced to work to increasingly short deadlines, this means that only the fastest responses and most interesting comments and offers are likely to achieve coverage.
When a major breach is reported, or a serious attack occurs, getting in first with meaningful insight can create a powerful momentum that leads not only to coverage in the key IT and security trade titles, but splashes in the national newspapers and broadcast media too.
A compelling example came with last year’s WannaCry outbreak. The news of what would turn out to be one of the biggest security stories of the year first broke fairly late in the day for the UK. However, it was still too early for the US, and those first few hours were crucial in finding a place in the narrative. Before the end of the day, our team had clients appearing in broadcast interviews and speaking with journalists for national newspapers and news agencies.
East Coast-based PR teams will need to be up and working at 4am to capture opportunities like these, and the timing gets steadily worse the further west you travel. Even the earliest rising Californians will be only just gearing up for the day when the UK news cycle is winding down.
While important, breaking news isn’t the only problem presented by the time difference. Most security journalists operate on short and unforgiving deadlines for even standard stories. In many cases, a PR team will need to pitch the journalist and get back to them with comment or to set up an interview within two or three hours. Few journalists are able to hold their deadlines for a latecomer, even if they do have something genuinely interesting to add to the story.
Timing trouble is somewhat mitigated when the story is self-created by the vendor, such as the announcement of a new malware discovery or interesting new research findings. However, even though the vendor will be in full control of the agenda by setting the embargo time, the time difference often makes communicating with journalists a painful experience. It’s hard to establish a meaningful dialogue with a UK press contact if there are only a few hours a day where communication can run smoothly.
One particularly important difference between the US and UK press that many vendors are not aware of is the use of news wires. While they are a staple part of any US-based announcement, these services have very little effect in the UK or elsewhere in Europe. Very few journalists will pay much regard to a story that first appears on a wire service, and fewer still will deign to directly publish a press release as-is from the wire. Many US agencies tasked with tackling the UK will assume the wire can take care of most of the work for them, but this will achieve no useful traction in today’s media and will simply add further to the cost.
With journalists coming under so much pressure to get their copy out on time, giving them a heads up on a story will vastly improve the chances of securing quality coverage. To produce reliable results this needs to happen on an individualised basis, with pitches tailored to the individual preferences of the journalist and publication. Doing this correctly demands an in-depth knowledge of the UK press that few agencies outside the country can muster. Journalists need to be engaged with on a regular basis
Most journalists will have a little black book of preferred contacts that they have built up over the years, and it is absolutely necessary to communicate with them on a regular basis to make such a list. This means going beyond issuing press releases, and demands speaking, briefing and personally meeting them as often as possible. It’s also important to remember that these relationships generally extend beyond the vendor to focus on the PR agency as well.
Partnering with an experienced UK-based cyber security PR agency will enable even a newcomer to reap the benefits of these hard-won relationships to establish a name for themselves and get involved in stories much more quickly.
Many US-based vendors and PR agencies alike will talk about their media strategy for the UK as part of their approach for EMEA – a mindset that will almost certainly be doomed to failure. There are very few influencers or media that are common across the UK and Europe, let alone the entire EMEA region. Aside from the language differences, each country tends to be very insular about how it handles the news. If you want traction in the UK and across Europe it is essential to take each country and region as a separate entity, with its own bespoke PR plan.
One issue that can arise with a global PR approach is delivering an inconsistent message, as individual teams can go off in separate directions to suite their own markets. This can be best handled by working with a group of agencies united under a single network – the basis behind our own Code Red Network. A networked approach, where one agency acts as central coordinator, ensures a unified strategy and message, whilst still providing the local knowledge and implementation that is key to success. From the vendor’s perspective this also removes the burden of managing multiple agencies and allows the regional agencies to function as a virtual PR team, sharing ideas and materials to improve overall performance and efficiency.
The matter of control is an area that many vendors have struggled with over the years. A common mistake is to try and retain too much control at the head office in the US, with everything needing to go through a US-based decision maker. A firm grip on international PR is certainly recommended, particularly if the UK representative is not an appropriate local spokesperson, or the company’s messaging is still maturing. Too much of a laissez-faire attitude can lead to international representatives getting carried away and deviating too much from core messaging, or even contradicting the US office’s stance on issues. Likewise, defining strategic moves, as well as decisions on contentious issues – such as stances on the encryption vs privacy debate – will benefit from oversight from the top.
However, if you want to be seen as an influential player in the UK market and get involved in the breaking news cycle, it’s important to trust local representatives with the responsibility to sign off on certain campaign aspects.
For example, some Israeli security companies have excellent cyber security technology and knowledge, but only have Israel-based spokespeople. Inevitably, this leads journalists to publish pieces describing their company as “an Israeli cyber security company” – which annoys them no end as they want to be seen as a UK or international company.
If you want to be seen as a local player, you need to show that commitment by investing in local spokespeople. US spokespeople are still extremely valuable of course and will continue to play an important role in UK PR, especially senior executives and specialists in particular areas. But as your company grows and evolves you should consider putting in place a local market evangelist.
Having local spokespeople will make a stronger impression with media and analysts to show dedication to building a presence in the UK market. Likewise, it will also help immeasurably with securing breaking news opportunities and contributing to stories with short deadlines. It also opens new opportunities such as broadcast appearances, which are possible but more convoluted for international spokespeople, as well as the chance to arrange valuable face-to-face meetings with journalists and analysts.
Alongside local spokespeople, it’s also very beneficial to get local customers on board as soon as possible, as the media is generally very parochial in outlook. Convincing customers to talk about their technology solutions is notoriously difficult. Many see discussing a solution as admitting to having had a problem in the first place, or they may be paranoid about giving away their strategy to competitors. The former reasoning is particularly common when it comes to cyber security, with companies very reluctant to appear as though they ever had any security concerns. Thankfully, this mindset is beginning to change, as discussion of cyber becomes more mainstream, and we are finding more customers are happy to put themselves forward, aware that it paints them in a positive light.
It’s a good idea to include a customer reference agreement as part of your contract with new customers in the UK – particularly if they are asking for preferential pricing. At the very least this should include an announcement press release and a customer success case study further down the line, while more adventurous organisations may also be interested in other PR opportunities such as editorial features, journalist briefings and round table events.
Being able to capitalise on a UK-based customer success story in this way is a huge advantage for connecting with the local press and also helps to strengthen your customer relationship by providing the client with free PR coverage that demonstrates their strong approach to security.
PR campaigns also need to be localised as much as possible. Other than certain journalists and publications that have a more international approach, the majority of the UK press will be likely to ignore stories that have no local angle, and many are averse to receiving press release written with American spelling or quoting values in dollars.
However, the vast majority of issues in cyber security are international and a US-centric campaign can generally be adjusted to fit the UK as well – another area where insight from a local agency will be invaluable. Say for example we have a vendor pushing a campaign around security in the healthcare industry, including research around compliance with the Health Insurance Portability and Accountability Act (HIPAA). While the UK press is likely to be somewhat familiar with HIPAA, the findings will be almost completely irrelevant for their readers because HIPAA has no bearing here and we operate with a vastly different healthcare structure. On the other hand, if the same research also takes into account NHS organisations and judgements from the Information Commissioner’s Office, it will become a relevant and interesting story for the UK market.
It’s very important to set realistic expectations for a UK PR launch – including for the agency you’re working with, as well as for company stakeholders such as the board or investors. Some companies when launching for the first time into the UK say they just want to do a quick PR project, but don’t want to do PR on an on-going basis. The proposed activity may relate to a particular product launch, or tradeshow, in which case they suggest they could do a quick burst of PR for a few months.
Our advice is invariably to save your money until you can commit to investing on a longer-term basis. If you put your head above the parapet and become part of the cyber security media commentary, you don’t want to disappear again. PR is a very cumulative process, and generating real momentum means you need to commit to at least nine to twelve months to build full momentum. While you will see immediate coverage and new business results with the right agency, these opportunities will quickly begin to die out without continued efforts and the media are quick to forget companies that are not constantly on their radar. Sales and marketing teams need to be aware that PR will take some time to build up a head of steam, and they should not expect an avalanche of new business leads within the first week or two.
Similarly, it’s very important to set expectations with the agency itself, particularly in terms of how success is measured. ‘Share of Voice’ (SoV) tends to be a favourite measuring stick, and it can indeed be a useful indicator of how well the brand is being established. However, SoV needs to be set against the right competition and with realistic expectations. You won’t be overtaking a larger rival with a five-year head start in the market and double your PR investment within a few months, although with the appropriate strategy and budget it is perfectly possible to establish a leading SoV.
Objectives and expectations will often change as things progress, especially as the vendor gains familiarity with the UK market and builds its presence in the region. Don’t be afraid to change tact if an approach clearly isn’t working for the UK market, or to set greater or altered targets for the agency. However, these changes need to be communicated and agreed with the PR agency – abruptly changing the goal posts can sour the PR relationship and also make for a disjointed media presence.
It’s common practice among US agencies, and many in the UK, to invoice for their services based on billable hours. This can lead to agencies spinning out activities to fill their time allocation – such as arranging endless messaging sessions and focusing on effort rather than outcomes. Conversely, this can also lead to the agency passing up on opportunities because have already fulfilled their time quota. Instead, a payment-by-results model, where the agency must meet specific targets or forfeit part of the fee is likely to achieve far greater results. This type of business model creates a greater sense of shared risk and reward between the agency and vendor and encourages the agency to focus on proactivity and creativity over clockwatching.
Some vendors looking at international expansion will turn to a large global agency to handle their UK launch, but this will not work well for every company. Disruptive start-ups, without the bigger budgets of established industry leaders, will often find they are overshadowed by the larger, established clients that are generating the most revenue for the agency. Introducing a new company with a cutting-edge solution needs genuine mindshare with its agency and needs to be taken seriously rather than being an afterthought or side project alongside big vendors. It’s best to look for an agency that has experience in launching disruptive cyber security companies. Partnering with an agency more familiar with breaking through the noise for new companies entering the market is more likely to be successful. You need a team who will be proactive for you, going out of their way to push your agenda and secure great media opportunities, rather than just being reactive and doing the minimum required by the contract.
When assessing a new agency, you should always try to meet the team that will be working with you – including account managers and executives – rather than just meeting with the agency director or new business contact. This will enable you to be sure they genuinely do have experience in your field and you won’t be the guinea pig, as well as testing them on relevant acronyms, media contacts, and their knowledge of the security landscape. A specialist in cyber security will enable you to leverage their established contacts and understanding of what is current and topical in order to garner coverage, not only in the trade and specialist security media, but also in the wider business, national, broadcast and vertical press.
Choosing an agency should be done with as much care as your channel partners and even your own in-house team. Picking a team that is the wrong fit for your company and the message you want to convey can be a costly mistake, wasting both funding and perhaps more importantly time. Finding the right agency partner that can help you leapfrog the competition and build awareness in the market is on the critical path to success. The right experienced and invested team, that can demonstrate a strong track record of building thought leadership positions for other disruptive cyber security companies, will enable you to hit the ground running and drive momentum across all your sales, marketing and channel activities. It should be seen as a strategic investment in your brand and is one of the cornerstones to building a successful go-to-market launch strategy for your company.
3. Building a Successful Channel
✓ Channel Approach
✓ Finding the right distributor
✓ Establishing the partner network
✓ Margins of error
✓ When is a distributor not a distributor?
✓ Accelerate your launch
✓ Managing a new channel
4. Becoming a Cyber Security Super Star
✓ Why Public Relations?
✓ The need for a local approach
✓ Why real relationships matter
✓ Why genuine localisation matters
✓ You can’t fake being a local
✓ Setting realistic goals and expectations
✓ Choosing the agency