Cutting through a deafening sameness

By Pat Southwell:

Lynsey and I were at the RSAC Conference in San Francisco last week. It’s one of the world’s biggest cybersecurity events with over 43,000 attendees, 60,000 hotel room nights and an economic impact of over $90m.

It was intense. The stands were like fairground rides. The speakers were top global CEOs and US forces generals. The streets were flooded with fleets of branded vehicles and whole hotels were taken over by cybersecurity firms.

It really was an event like no other. Driven by the need for brands to stand out, not just be present. And some really did. But the majority sounded strangely similar. It was all “Securing the AI era” this or “The AI risk equation” that. It all blurred into one. AI, AI, A-aaaaaarrrgggghhhh!

There was a deafening sameness.

This is a challenge all cybersecurity comms professionals will know. In fact, many of those we spoke to at the conference felt the same. They had to focus on AI. It’s creating huge challenges and opportunities in the sector and must be central to messaging. Yet it doesn’t offer any differentiation.

What can brands do?

One option is to be wise to the challenge and call it out. This creates empathy with audiences. One of the cloud security companies we saw did exactly that. It carefully balanced the need to address AI with the realisation that it may fall on deaf ears.

It created a “No AI zone.” Here, people could grab an ice cream, read a newspaper with a cup of coffee, play chess, take a photo at the photobooth, or browse through a small vintage merch shop. According to the brand, it wasn't about pushing against AI - quite the opposite. It was just a different take.

Another tactic is to change the conversation (or at least add a layer over the top of the AI one). One company that creates AI security operations centres (SOCs) achieved this. To explain, an AI SOC is when AI agents triage, investigate and respond to security alerts so humans can focus on higher value activity. The company has AI at its heart.

Yet the messaging at RSAC leant into the brand’s tone rather than the technology. It invited people to come and see a giant inflatable skeleton, grab some merch, sing some CISO karaoke or even – for those brave enough – get a tattoo. This underlines the message that the brand can free cybersecurity professionals to do something other than constantly monitor alerts. 

Finally, and definitely something cybersecurity brands are more comfortable doing, is to campaign against an enemy. This can be literal enemies – from criminal gangs to rogue states – or something that stands in the way of security teams. The brand can then champion its customers to defeat the foe. This narrative becomes the central theme rather than the technology.

What’s the story?

Importantly, all these approaches lend themselves to PR and media relations as much as they do to conference stands.

For example, a brand going against the AI flow could tell stories showing how people feel about working alongside AI, the challenges it creates and how they can be resolved.

A brand changing the conversation from AI to how it feels to be freed from cybersecurity drudgery could explore the huge skills gap in the sector, the hours wasted to low value work and the psychological impact of working in an overwhelmed SOC.

And a company that chooses to campaign against an enemy could research the latest cyberwarfare threats and how many organisations have been hit by nation state attacks.

Thinking like this is important, because while RSAC is huge and sets the tone for much of the industry, it’s only one week out of 52 in the year. And there’s a world beyond the conference centre that needs to hear a brand’s story.

Now RSAC is over, comms professionals need to keep banging the drum. And do so in a way that cuts through the deafening sameness.