As anyone working in the media, PR or the cybersecurity industry knows all too well, not a week – and arguably a day – goes by without a data breach, major cyber-attack or some serious security threat impacting a major corporation, not to mention thousands or potentially millions of consumers whose personal data and financial information is often exposed during these incidents.
Underscoring this assertion are some rather ugly numbers courtesy of the Online Trust Alliance (OTA), who reported earlier this year that cyberattacks targeting businesses nearly doubled in the past year, from 82,000 in 2016 to 159,700 in 2017. As with many things in life, such as college tuition, taxes and price tags on waterfront real estate, these numbers never, ever go down.
At the same time, 451 Research recently found the total number of cybersecurity firms worldwide as of December 2017 was more than 1,600 and growing.
So, when the next adult (ahem) dating site, credit bureau rating agency or online retailer gets hacked – and they will – the electronic flood gates will open. The initial wave of media reports will inevitably focus on the who and the what. Very quickly however, enterprising business/finance and security reporters and bloggers will shift their focus to the why and now what? This is the stage that usually creates a feeding frenzy for PR professionals everywhere. This has come to be commonly known as “Rapid Response” media relations.
When this happens, should you join the fray and attempt to get your company/your client and its “expert” quoted by the business and tech media covering the next inevitable breach du jour? If so, how do you do so effectively without wasting valuable cycles – yours, your executive’s and the media’s?
More than likely, it is not a matter of if, but when to seek out media opportunities. Here are a few thoughts on rapid response media relations and some suggestions for doing it well:
“Stay in Your Lane”
This might be stating the obvious, but many times even the best PR professionals – whether because we are just a bit too busy, over-caffeinated or simply (over?) eager to produce results for a new client or boss, can fall into this trap. If you work for an application security provider and the attack du jour involved a malware attack, that’s not an ideal opportunity to provide commentary. The relevance between the incident and your client should be immediately apparent.
“Save Your Bullets”
And by doing so, take a rifle shot vs. a machine gun (pardon the warfare terminology). In other words, go for the high percentage opportunity based on timing, insights you can deliver, etc. If you think your analysis is good but not great, hold off until the next incident to potentially save face with your target media.
“Follow the Sun”
If you work for or with an organization with operations around the globe, leverage the expertise in EMEA or Asia Pac to have a statement, response, report, set of data points, etc. ready for delivery to media as they are just waking up to their favorite mode of communication.
“Don’t Guess or Speculate”
Yes this is a PR 101 statement, but this tweet below suggests it still happens far too often and even more frequently in the wake of a data breach.
“No Means No”
If an overburdened media member gets back to you and says, “no thanks,” or lets you know that the input wasn’t a fit or was otherwise too promotional, move on. As Eminem put it, “You only get one shot.”
“Rapid Response is NOT Newsjacking”
I expect some pushback here, but by its very definition, rapid response is a reactive activity for dealing with issues as they happen or shortly thereafter. The best rapid response efforts require preparation/anticipation, insider knowledge, active monitoring of immediate news coverage when an event occurs, some degree of waiting/analyzing media or other third-party reaction and then determining if, and how, to contribute to the dialogue. Finally, once readiness and messaging is determined, its Go Time.
Newsjacking (full acknowledgement to the inventor of the term, David Meerman Scott) is, in my opinion, more strategic and one that involves a proactive plan for inserting a brand, commentary, data points or pre-planned stories into the conversation about an entirely different entity. Think of this more in terms of an election campaign, ballot referendum, major sporting event or a rather controversial story scenario (Google Earth and Warby Parker/Solar Eclipse and Oreo/Super Bowl Black Out are some of the best-known examples by major consumer brands).
Newsjacking done strategically – and hopefully successfully – again includes preparation, monitoring, waiting and then swift action, but also requires a bit more creativity and innovation on the part of the communications team. With newsjacking, the key is to evaluate each news story or trending topic to determine if there’s a good fit for your brand, executive, client, to get included in the conversation. And do so quickly!