From the Security Practice: How to Execute a Successful Rapid Response Campaign


By Lauren Bogoshian and Reagan McAfee

Rapid response is the wildcard of PR strategy, particularly for the security industry. As breaches, leaks, and cyberattacks occur, we often experience a “Hunger Games”-style fight to get security experts in front of business and trade press with thoughtful, unique, and (most importantly) helpful analysis.

Over the last 12+ years, Offleash has been building its security practice, so we have become authorities about rapid response and what it really takes to rise above the noise. In fact, we’ve shared these best practices to benefit our clients across other industries, too. If you’re looking to execute a rapid response campaign strategically and effectively, but aren’t sure where to start, here are five baseline rules of engagement that have a proven track record of success:

Have something unique to bring to the conversation
Security is a crowded market. Unfortunately, every cyber event will have “experts”crawling out of the woodwork with generic canned quotes, begging to be included in coverage of a security event. Before all else, ask yourself, “What unique insight can I add to this story?”

Simply restating the facts of an event won’t add to a reporter’s understanding. Instead, you must provide new details/discoveries on a reported threat, including how the incident occurred and who is responsible, and/or best practices related to mitigating the risk in question. If possible, include relevant data and technical knowledge to further build credibility and foster a relationship with key industry press.

Rapid response isn’t going to happen on its own — it’s all hands on deck
Within our security practice, we joke that rapid response opportunities often break just before the weekend, as reporters and colleagues begin to sign off. Whether this is the case or not, a full team effort is key to the successful execution of a rapid response campaign.

When a piece of relevant breaking news comes through, we immediately flag to our clients, stress the need for prompt, “rapid” commentary, and execute with every team member’s participation. While one team member strategizes with the client, another is pulling a press list while making note of who has covered the news already, and others are drafting pitches. No matter the task, everyone at all levels of our team jumps in to execute.

The minutes between the initial news flag and the receipt of commentary are precious. If possible, an open line of communication between the client’s security experts and the communications team will eliminate any bottlenecks when a story is breaking.

Set expectations
There is enough of the pie to go around, and unless you are the security company that discovered the unsecured AWS S3 bucket of a Fortune 100 company, don’t get discouraged when rapid response results in just a couple pieces of coverage. While quantity has value, quality mentions and inclusions are the core drivers of thought leadership. By participating in rapid response, clients position themselves as sources on important security topics. Even if a reporter doesn’t include a client in her piece around the latest breach, the outreach is a reminder of the client’s expertise, and could result in different opportunities in the future.

Be prepared
No crystal ball exists to foresee the news cycle and breaking news opportunities, so preparedness is key. Our security practice meets on a regular basis to discuss the media landscape, reporters who have changed beats, publications and focuses, and reflect these updates in a master database. This knowledge sharing is the foundation of successful rapid response execution.

No matter what space, maintaining a strong pulse on the media landscape is key in pulling a quick, yet thorough press list for rapid response. Establish a process for teams in advance for communication and execution. Keep a repository of previously used rapid response comments, and tweak and update with new information around specific events as needed.

Share insight with integrity, and when in doubt, tread carefully
Unfortunately, there are some nefarious threat actors that will go beyond a run-of-the-mill phishing scam, and will capitalize on a national tragedy or natural disaster. There’s a right way and a wrong way to go about commenting on these types of situations. Carefully evaluate the situation and any opportunity to add insight. Think about whether your insight will add positive value, and whether it’s appropriate to offer “best practices” in a time of distress.