Could you imagine trying to explain a zero-day vulnerability to your grandma? Or maybe do a deep dive into the mechanics behind ransomware to a friend who still writes their usernames and passwords on sticky notes?
If you work in cybersecurity, you’ve likely already faced similar challenges—translating extremely technical concepts to non-technical audiences.
And while this may seem like a trivial problem at first, it can be a significant blocker to business growth, especially when securing widespread media coverage. Journalists are the gatekeepers to the publications that your prospects and investors read each and every day. Yet, while many may cover the infosec space, very few have the technical acumen to understand the value you bring as a company honestly – never mind being able to translate it themselves.
Why this matters now more than ever
Media coverage of cybersecurity has exploded in recent years. Whether it’s high-profile data breaches, ransomware attacks on schools and hospitals, or privacy concerns brought to light due to the actions of corporate CEOs, these events regularly make headlines. Yet much of this coverage oversimplifies vastly complex issues or gets technical details completely wrong.
Those working in the cybersecurity space (or those with technical chops) have probably winced reading an article that describes hacking as “breaking into computers” or refers to any cybercriminal as a “hacker,” regardless of their methods or motivations.
The gap between accurate technical information and accessible media coverage isn’t just annoying—it’s potentially harmful. When the public and policymakers don’t correctly understand cybersecurity threats, they can’t make informed decisions about their digital safety or create effective regulations.
Speaking their language, not yours
You know your stuff. That’s not the problem. The challenge is translating your expertise and the insights you’ve gained without losing all the nuances. After all, the devil is in the details. Here are some tips for bridging that gap:
Start with impact, not mechanics. Media professionals (and people in general) want to know why something matters before they care about how it works. This means you need to frame your explanations in a way that emphasizes the consequences. For example, “AI is outpacing our security efforts” will make journalists’ ears prick up over technical descriptions of how exploits function.
Use concrete examples. Try to make abstract concepts more understandable by providing specific scenarios. Analogies are your friend here, but don’t overdo it—and make sure it makes sense.
Avoid acronym soup. CSRF, XSS, MITM, and APT mean something to you, but for non-specialists, it’s just a random bunch of letters that makes them feel like this piece of content probably isn’t for them. Spell things out or, better yet, find plain-language alternatives when possible.
Finding the right balance in media relations
If you want to do cybersecurity public relations well, you must find that all-important balance between technical accuracy and public accessibility. Think of yourself as a translator between the technical security landscape and the media ecosystem. Each has its language, priorities, and constraints.
When working with journalists, most of them want access to information that’s both technically sound and story-ready. This doesn’t mean that you need to water the facts down to the point they are just plain inaccurate. Instead, it means you need to reframe complex ideas in ways that reveal their significance to broader audiences. When speaking with the media, here are some questions you should be asking yourself:
Who is their audience? A technical publication needs information different from that of a general news outlet.
What’s their deadline? Journalists often work under tight time constraints. Having clear, concise explanations ready helps them get the story right.
Can you provide visuals? Diagrams, infographics, or simple illustrations can clarify concepts better than words alone.
You know the old adage, “Any publicity is good publicity.”. Well, that’s simply not true. Not when you’re trying to build a reputable and trustworthy security brand. Because of this, remember that cyber PR and media relations aren’t about getting any coverage possible—it’s about getting accurate coverage that advances public understanding and builds your authority while maintaining your technical credibility.
This may mean declining to comment on certain topics or gently responding when a reporter’s framing doesn’t align with the technical reality.
Common pitfalls to watch out for
When you’re reaching out to the media or carrying out any form of cyber PR, you need to catch yourself if you feel the need to oversimplify. Be mindful not to:
Making threats sound scarier than they are. Sure, you want that reporter to pay attention, but painting every vulnerability as “catastrophic” or “unprecedented” burns your credibility fast. You’ll find journalists tuning you out when a truly serious threat emerges.
Cutting corners on technical accuracy. The temptation to skip “boring” details can backfire spectacularly. That minor technical distinction you glossed over might be exactly what separates a minor bug from a critical flaw. Find simple ways to convey nuance without sacrificing facts.
Leaning too heavily on scare tactics. While risks are real, constant doom and gloom messaging leads to what people call “cybersecurity burnout” – where people simply stop caring because they feel overloaded or even helpless.
Missing the forest for the trees. Getting lost in technical specifics while failing to explain broader implications leaves journalists scratching their heads. Always connect the dots between the technical issue and what it means for businesses, individuals, or society.
Final word
One way to give this another perspective is to think of explaining cybersecurity to the media as not dumbing things down—it’s about lighting things up. Yes, the reporters you’ll be connecting with are unlikely to be technical experts, but neither will some of your buyers.
Journalists want a good story, and it’s your job to ensure you help them get the details right. So, meet them halfway with straightforward, honest, and accurate explanations. If you do that, you’re not just helping them—you could be assisting many others to understand digital security a little better.
(Image source: Pixabay)
