Four Principles for Clear Cybersecurity Communications

Four Principles for Clear Cyber Communications

A version of this article was originally posted on

Four Principles for Clear Cybersecurity Communications
Effective cybersecurity communications can be a challenge — especially for experts steeped in the industry. How you deliver cyber comms is as important as what you’re saying.

As the world rapidly adopts digital transformation, protecting business and organizational data and operations has become more critical and, at the same time, more complex. New technologies and platforms have come out of the digital realm that have no precursors or parallels in the analog world.

Cybersecurity and digital risk professionals also have the added challenge of contextualizing highly technical and, often, abstract data with “real world” business and organizational experiences, which is not always easy to do quickly and memorably.

How do you deliver clear cybersecurity communications in a quick and compelling manner?

As technology improves, cyber and digital risk practitioners have one advantage on their side — lots of data. But technical communicators also have to avoid the temptation of relying solely on data to captivate and motivate action. Human decision-making requires interpretation and context.

If your leadership has come up through a technical career path and can make implicit connections and interpretations on the fly, congratulations! You have it (relatively) easy. But many leaders don’t, so their technical staff do not have that luxury. Plus, there are always competing priorities or risk managers reporting in with different requests.

Where many cyber communicators get it wrong

Often, the group responsible for curating and analyzing the data is the same as the group providing the brief or performing the front-end software development in use by leadership.

Recall the early scene in The Matrix (The first one. The good one.) where Cypher, played by actor Joe Pantoliano, is showing The Matrix to Keanu Reeves’ character, Neo. Much like an analyst in an operations center, his default view is raw code cascading down.

…there’s way too much information to decode the Matrix. You get used to it, though. Your brain does the translating. I don’t even see the code.

Because of their close proximity, technical communicators sometimes know the data so well that they forget to consider their implicit biases and the context necessary to help others interpret it. They’ve lived and breathed in raw data enough that they can almost read it without a second thought.

But some of your audience can’t. Even if they can, you shouldn’t require them to.

The human brain makes split-second decisions constantly — especially when being presented with new information. The easier a decision is to make based on the information, the more committed we are to it and the more motivated we are to make it. And there’s science to back this up. The harder your audience has to think, the more calories they burn, and the more fatigued (mentally and physically) they can become.


When complex presentations are more pleasing and straightforward, they are easier to consume. Your technical data can be included as an appendix or leave behind.

Here are four principles to keep in mind for good, clear, compelling cyber communications.

1. Consider your “experience” layer

Literally where the rubber hits the road.

To borrow a page from the OSI model — the delicious seven-layer bean dip of Open System Interconnection — understand that every player in your presentation has a clear and distinct role.

At the one end, you have the group responsible for the nuts and bolts — the collection and analysis. On the other, you have the delivery package — the presentation, the brief, the dashboard. Make sure you have experts behind the development of each.

You have a technical subject matter expert doing your analysis, correct? You should also have communication and design subject matter experts assisting in the development of your presentation.


Build a strategic communications team or find a resource that can provide targeted support by focusing on your experience layer while your technical experts focus on getting the data and analysis right.

2. Keep it accurate.

Getting the data right is of critical importance.

You should not keep your technical and communications teams separate or insulated, however. To the contrary, they need to be tightly integrated and cross-trained if possible.

You need to ensure that the communications and design team is also well-versed in your technical subject matter. Your presentation must be grounded in how cybersecurity actually works, which protects the integrity of your message.

Yes, it’s possible for a “creative” design team to also be well-versed in your tech.


Finding a “unicorn” designer or strategist isn’t impossible, but they are hard to come by and very valuable.

3. Make it clear.

Complex doesn’t have to mean confusing.

It’s common to get too technical too quickly when it comes to communicating the intricacies of cybersecurity. The data is important, but you must first hook your audience and make them care, which means connecting your brief to them on a human story level.

This takes communications strategy and a clear playbook BEFORE you embark on developing a presentation. You have to clearly understand the motivations of your leadership, what they’re dealing with right now, and how your problem (or solution) can help them. Shifting your perspective from what you need — your ask — to what your audience needs  — their pain point — can mean the difference between receiving blank stares or a blank check.


Do as much work up front as possible and create a playbook. Documenting the audience profile and motivations, your key messages, your ask, and your requirements.

4. Make it memorable.

Capturing attention requires intention.

Your presentation should present your main point and very select supporting details in a way that sticks psychologically.

How it looks is critical. But are you presenting something that’s pleasantly forgettable?

Packaging the data and messaging you worked hard on in commodity language or stock images is a surefire way to be overlooked or underestimated.

Having the right background on your team to apply neuropsychology or UX/UI design principles can give your project the extra “stick-factor” necessary to be noticed, understood, and remembered.

Writing compelling content for cyber is not difficult, but it can be challenging.

When your team’s work developing new cyber technology or performing analysis is done (and we know it’s never fully over), there’s still a little left to do.

You need to:

  • Package it to be compatible with your audience;
  • Ensure the integrity of the presentation by engaging SME designers;
  • Strip away unnecessary information, and ensure your framing is helpful; and
  • Be very deliberate in your design choices, so your audience is impacted.