Raising cyber awareness through media relations

Improving cybersecurity requires raising awareness of threats. Stormshield and DAGMA IT Security have undertaken efforts to improve the knowledge of organizational managers, which should ultimately result in greater national resilience to cybercrime-related risks. The focus of the activities was real-time communication, including highlighting challenges, presenting model responses to emerging incidents, and demonstrating examples of implemented security measures. The materials were created based on the knowledge of cybersecurity practitioners and experts, taking into account the specifics of various industries.

Available data shows that cybercrime is one of the most serious challenges for businesses and public institutions. The digital security of member states is a priority for the EU, hence the directives describing mandatory security measures that must be implemented by businesses and institutions operating in specific industries. Stormshield, a European manufacturer of IT security technologies, sees part of its mission as inspiring and actively participating in public discourse on this important topic. The media campaign was launched due to the grim diagnosis: many companies and institutions – including those managing so-called critical infrastructure – still operate under the belief that digital threats do not apply to them, unaware of the upcoming new obligations, which cannot be implemented overnight.

A key observation for the strategy is that the lack of cybersecurity initiatives in many organizations stems not only from a lack of awareness of the existence of threats, but often from the belief that they don’t apply to a specific company or institution. Therefore, we made the maxim: “Ignorance doesn’t exempt you from risk, and investing in cybersecurity costs less than the losses incurred as a result of an attack” our central message. Convinced that publicly available education, warnings, and advice are approaching maximum effectiveness, we used illustrative, real-world cases as a vaccine against “denial” of threats, serving as a “keyword” to the awareness of IT infrastructure managers.

The pretext for preparing the announcements, alongside the RTM addressing current events, was the milestones regarding the implementation of the NIS2 directive into EU legislation. Constant monitoring of cybersecurity incidents, combined with the ability to respond immediately, was crucial to achieving the campaign’s results. This short response time was made possible by efficient contact with experts from Stormshield and DAGMA IT Security. Journalists received expert commentary on topics of current interest, allowing them to supplement the prepared material with an assessment of causes, effects, and recommendations.

The target groups were specialists directly involved in IT security issues and C-Level staff who have a decisive influence on the implementation of new technologies and products. The ability to present information in a format that appealed to diverse audiences was also crucial to the effectiveness of the campaign.

• A global outage. What does the CrowdStrike incident teach us?
• A turbulent start to the year in the cyber world. High-profile incidents, thousands of people’s data at risk.
• Logged out of Facebook? Beware of phishing attempts.
• NIS2 – final countdown.

The headlines of the developed messages demonstrate that the campaign narrative addressed current events and included skillful use of RTM (e.g., European digital sovereignty in the context of the US-EU customs war, attacks on critical infrastructure as part of hybrid warfare). During the campaign, 24/7 monitoring of cybersecurity incidents was conducted, which were immediately commented on by Stormshield experts. At the same time, the subject matter addressed is highly specialized, requiring tailored messaging for both non-specialists and professionals. The opinions of Stormshield/DAGMA IT Security experts are useful for both sides of the process, as they help clarify what awaits companies/public institutions (process requirements, equipment, and technologies) and, on the other hand, present to legislators the impact of the proposed legal solutions (costs, implementation barriers) on the functioning of various entities. One of the key assumptions was to focus on the issues, which allowed journalists to avoid labeling them as “marketing messages.”

Media relations efforts resulted in approximately 300 publications and mentions in online materials, and approximately 30 press releases in general and industry media outlets using content developed as part of the campaign. In addition to articles, these also included materials prepared in response to individual inquiries from editors/journalists (Rzeczpospolita, Gazeta Prawna, IT w Administracji). Despite the complex subject matter, which could pose a barrier to media coverage, the message reached approximately 3 million recipients, thus increasing awareness of cyber issues and building and solidifying a positive image of national experts and the brands they represent. The estimated AVE of these materials is approximately PLN 3 million [according to Inforia; January 1, 2024–June 30, 2025]. The dedicated website has been visited by over 25,000 people since the beginning of 2024. 864 people participated in a series of webinars prepared by Stormshield/Dagma IT Security, devoted to cybersecurity in the context of the NIS2 directive.