top of page

The role of PR in the age of cyberattacks

By: Gareth Lloyd, Cyber Security team

“I’m installing a firewall,” the IT expert explains.

“Ok…what’s that?” replies the exhausted employee.

Recognise this exchange? It’s a little snippet from an episode of Britain’s seminal sitcom The Office - which originally screened in 2001. The series was painfully relatable at the time, but the workplace has changed so much since its premiere, The Office might pass for a period drama with today’s younger viewers - many of whom won’t have ever been asked to send a fax or save files onto a floppy disk.

But the most interesting timestamp of the series is this aforementioned conversation between a bored worker and a smarmy bloke in the IT department. It’s reflective of a time when the only people who needed - or wanted - to know about online security were the trained experts.

When I LOVE YOU means chaos.

Shortly before The Office was beamed out to TV screens, a third of the world’s business computers were infected by one of the first cases of a major international cyberattack. A 24-year-old in the Philippines created a malicious piece of code - hidden as a text document - and it was sent to email addresses with the subject line ‘ILOVEYOU’. It spread like wildfire, bringing 33% of the world’s workforce to a screeching halt. The outbreak was later estimated to have caused US$5.5–8.7 billion in damages worldwide and forced businesses to think seriously about internet security and allocating extra resources to IT departments.

Things have gotten better since. Fast-forward twenty years from “The Love Bug” virus, and everyone in any office in the UK will have a basic understanding of what a firewall is and what a spam email looks like. Indeed, most people are too tech-savvy in today’s age to fall for a subject line like “ILOVEYOU’, but the problem is that most cyberattackers know that, too. Basic cybersecurity is part and parcel of an employee’s training at any big business - and firms are now in a position where they can effectively defend themselves and implement a Plan B if they are hit.

How the media cover hacking

Hacking has become so sophisticated and cunning that businesses are still being brought down left, right and centre. The UK government estimates that more than two million instances of cybercrime took place in Britain from April 2022 to 2023.

The evolution of hacking has created a new breed of media reporter - the Cyber Correspondent. These journalists are tasked with uncovering breaches, data leaks and cyberattacks and investigating the circumstances around them before publishing an ongoing story which usually follows a pattern: Breaking news of a breach; analysis of what happened; evaluation of the fallout. Reporting on incidents can go on for weeks, months or years - which may sound like devastating news for any business that is subject to a breach.

A natural reaction for any firm connected in any way to a cyberattack is to bury their head in the sand and wait for it all to pass. But clear communication is often the best course of action in these scenarios. And this is where PR comes in.

Good PR can turn disaster into opportunity.

First, any business that is breached has a chance to calm its stakeholders with a timely response, clear set of actions, and mitigation plan. If a firm has a good cybersecurity solution already in place, the damage will be limited, and they can liaise with their PR firm to craft a statement that will reassure clients/customers whilst also giving journalists the soundbites they are looking for.

Similarly, tech firms and cybersecurity providers have an opportunity to weigh in on these situations with their own expertise. These experts can work with their PR agencies to share comments that emphasise the value of good security and provide journalists insight they desire to make sense of - and add context to - any breaches they might be reporting on.

Firewalls set up by a scruffy IT guy might have been the be-all-and-end-all in the days of The Office. But now everyone in work is responsible for cybersecurity. And everyone is responsible for responding in the right way. PR can play a big role in making that happen.


bottom of page