 |
| Nate Hawthorne |
The state of cybersecurity PR has shifted more in the past two years than in the five prior. Historically, the sector was somewhat insulated from the broader disruption reshaping the media landscape. Despite the shrinking number of reporters and outlets, the constant stream of breaches, vulnerabilities and high-profile hacks kept the news cycle rolling. Unlike other verticals, there was never a shortage of stories to pursue.
That steady drumbeat did something interesting: it raised the profile of the entire cybersecurity industry. As public interest spiked, so did the perceived value of cybersecurity products and services. What was once a niche, highly technical category became broadly recognizable, even to non-technical audiences. This increased visibility has helped stabilize funding, marketing budgets and sustained media attention for cybersecurity-focused coverage.
The Playbook That Held Up for Years
Because cybersecurity remained insulated longer than other verticals, the best PR people could stick to a tried-and-true playbook that had worked for a decade or more. Success came from execution and timing, not reinvention. Take the long-standing belief against announcing product news at the RSA Conference and instead doing it a week or two before the conference due to media noise. In practicality, the big conferences like RSA or Black Hat are often the smartest time to drop product news. Timed correctly, inclusion in “best of show” roundups, trend pieces or on-site coverage can amplify the message, turning noise into leverage.
AI Forced Us to Rethink The Playbook
Over the last few years, the name of the game has changed. Executives, buyers, investors and even journalists now turn to their AI tool(s) of choice (ChatGPT, Gemini, Claude, etc.) for research and context, often bypassing traditional web search entirely. While AI searches skyrocket, website traffic has plummeted. As a result, brand visibility within AI models is now a key pillar of a successful PR program.
These models pull heavily from credible publications, repeated citations, and sources that are easy to crawl and parse. If a company’s story isn’t showing up consistently in those data sources, you’re effectively invisible.
This shift has upended several long-held assumptions. Not long ago, companies would deprioritize press releases (unless you were a public company) in favor of blog posts, citing stronger SEO and better ROI. Today, that thinking has flipped. AI models routinely ingest press releases, making them a critical vehicle to ensuring the correct associations between brand, category and key messages are correctly represented in AI outputs.
Additionally, trade publications have grown in importance. A well-placed Q&A article that goes into more depth on a topic aligned with your brand can rival, and in many cases, outperform, a brief quote in a top-tier business press article. The more ways you can seed your key messaging in authoritative and trusted sources, the better.
Ungating Research Is Strategic & Smart
In the age of AI-driven discovery, gating research doesn’t just limit readers, it limits your influence. Assets like research and whitepapers were traditionally gated for capturing leads, but that tradeoff now works against companies. If the content is gated, AI can’t read it, cite it, nor help establish your organization as the go-to voice. This is of particular importance for cybersecurity companies whose threat research, vulnerability discoveries, etc. are brand defining assets, making the AI visibility boost from letting it be freely accessible outweigh the leads you might miss.
The PR fundamentals haven’t changed. Relationships are still critical. Reporters prioritize sources they trust. Analysts cite voices they respect. And storytelling remains king; it’s still a game of putting stories in the right context, and the right channels, to turn information into influence.
All Channels Need to Reinforce the Same Story
In a crowded market, authority isn’t built on one great article. It’s built on alignment and consistency across every channel. Blogs, social posts, press coverage, podcasts, webinar content, and executive quotes all have to reinforce a clear, repeatable set of messages. AI rewards that consistency; scattered signals get lost. Integration is how you build the kind of authority that influences AI results.
This influence reaches beyond general AI searches. Media outlets are already using AI-generated analysis to identify the “most trusted” or “top innovative” companies. What’s changed is where discovery happens and how authority is measured.
In the end, cybersecurity PR in 2026 comes down to this: keep doing the things that have always worked; building trust, telling sharp stories, picking the right moments, while adapting fast to where discovery happens now. The algorithms decide more than ever who gets seen, so PR professionals must blend the old craft with this new reality.
***
Nate Hawthorne, a senior VP at ICR, has spent his entire PR career working with deeply technical cybersecurity clients. He has provided strategic guidance to organizations of every size, from the largest public companies to the fastest-growing startups, helping them untangle the cybersecurity media landscape and build trusted reputations in a high-stakes industry.
Cybersecurity PR, when executed well, is an essential tool for fostering transparency, promoting best practices and ensuring that the public feels secure in the hands of technology providers.
Gone are the days when the person hacking into your company’s data is sitting alone in a dark basement. More than likely the culprit is a sophisticated and organized threat actor.
Scott Radcliffe, who did a nearly four-team stint on Apple’s corporate communications team in Austin, has joined FleishmanHillard as global director of cybersecurity.
FTI Consulting has hired Brian Boetig, a 24-year veteran of the Federal Bureau of Investigation, as senior managing director in its cybersecurity unit.
