top of page

What is ‘Zero Trust’ and how does it apply to PR?

By: Gareth Lloyd, Cyber Security team

The crime beat was once the busiest of any reporter plying their trade on Fleet Street. And it’s been ripe for imitation over the years, too. Cinema, television and literature have all taken it in turns to create their own incarnations of the crime journo - usually depicted as a motormouth armed with a pen in one hand and a shorthand notebook in the other. If you go back far enough, you can catch a few of them wearing hats at jaunty angles.

The classic crime reporter isn’t seen so much in 2023, but they haven’t mysteriously vanished like so many of the John and Jane Does they’ve spent their careers tracking. Many have just stopped the mad dash between the crime scene and the courtroom, and opted to dig for details from their own offices.

Why? Because many of the biggest criminal stories don’t begin at misty lakes or shadowy warehouses these days - but in cyberspace.

The rise of ransomware

One of the most devastating crimes in 2023 is a ransomware attack - the process by which gangs target an individual or company, lock all their files, and demand money in exchange for returning them. Usually, the gangs will threaten to release the files to the wider world if the victim does not pay up quickly. One ransomware group went a step further recently, filing a complaint to the US Securities & Exchange Commission (SEC) after their targeted victim didn’t report the cyberattack within four days (which is a new requirement).

The rate of ransomware attacks has reached record levels, and we’re at a point where even cybersecurity experts are losing sleep over it. That’s why the principle of Zero Trust is gaining traction and increased adoption. And it’s a philosophy that is just as effective in communications as it is in cybersecurity…

What is Zero Trust in cybersecurity?

Traditionally, business security systems have adopted a model which offers software and users access to its interconnected network for speed and ease - with procedures in place to restrict known threats.

The problem is that new breeds of ransomware are so cunning and sophisticated that this model is no longer sufficient. Even the most innocent looking document or file could have something malevolent lurking within its code.

This is why cybersecurity teams are pushing for companies to adopt a new model with the title “Zero Trust”. The basic premise is a simple one: Trust nothing and verify everything.

This means actively taking steps to block absolutely every application or piece of software you don’t need to run your system, whilst refusing permissions to as many programmes as possible. That way, you know your business’s system is protected and safe.

Some organisations have been slow to implement Zero Trust, not because it doesn’t work (quite the opposite) but because it requires a carefully implemented strategy.

Each company has to understand its own restrictions and infrastructure - making decisions on what software needs to run in order to maintain high service levels whilst blocking the risk of dangerous elements breaching the security line.

But it’s all worth it. Statistics show that Zero Trust can reduce the cost of a data breach by millions of pounds, and that once implemented, Zero Trust segmentation efficiencies can free up nearly 40 person-hours per week.

What can PR learn from Zero Trust?

Zero Trust involves having a policy in place that readies you for the worst: You’ll assume that a bad day is going to happen and you have a strategy prepared for when it does.

This can be a very effective method for PR and communications. If your business is attacked in any way shape or form, you already have a way to handle it. This can ultimately prove the difference between a scrambled response with serious consequences, and a professional one that keeps everything - and everyone - calm.

The other big lessons to take from Zero Trust in PR/comms are the notions of “safety first” and “keeping it simple”.

Adopting a Zero Trust mentality means focusing on the essential things only - which in PR world means communicating the necessary information in a timely manner. This could be giving a journalist a quote they can use for a story that enhances rather than jeopardises the reputation of a business, or issuing a press release that oozes confidence and clarity, rather than opening up an organisation to speculation and scrutiny.

Crime reporting is different now. This is a brave, new, world we’re all living in. Everything is changing and nothing is wholly predictable. But with a cybersecurity-style Zero Trust mentality behind you, you can always be ready for whatever comes next.


bottom of page