Making an announcement, of any kind, at a major trade show is always a risky business, without the benefits of Tom Cruise. On the plus side, your prospective audience, both journalists, and potential customers, will be in one place and focused on the topic at hand – in Infosec’s case, security. On the negative side, all of your competitors at the show will have exactly the same idea: meaning that any announcement could be drowned out in the general tumult. Worse still, journalists won’t just be investigating your competitors, but also the conference events and keynotes; after all, if the UK Information Commissioner uses the show to make a major announcement, then that’s where the majority of headlines will focus.
For our client ViaSat UK, an Infosec 2011 announcement was a major goal for the company. Not only did it have to demonstrate its presence and expertise at the show. It also had to make known the fact that it had changed its name from Stonewood, yet was still the same business offering the same high level of secure encryption. To make a big splash at the show, ViaSat needed two things. It needed a story that was more than just another product announcement or self-serving survey. And it needed an angle that would guarantee a reaction and make it drive the show’s agenda.
For the story, we hit upon the idea of a Freedom of Information request. By asking the Information Commissioner’s Office, precisely how many data breaches had been reported in the past year, we could present the true scale of the threat to individuals’ and organisations’ sensitive data. While this tactic has become much-imitated since, at the time it presented a fresh approach beyond simple consumer or business surveys. To give the story a stronger impact, we combined these statistics with the public record of the number of breaches the ICO had actually acted on: showing that the vast majority of breaches went unpunished, with not even a minor slap on the wrist.
The story’s impact was immediate. The initial announcement was scooped up by the technology, security and national press. However, it also reached the attention of the ICO itself: which felt compelled to respond to the statistics and so nurture and expand the story. Thanks to this reaction, ViaSat served all of its goals at Infosec. It made its presence known through a hard-hitting story; it made clear the name change from Stonewood to ViaSat UK and had the added bonus of impressing the need for encryption on the public. After all, if the ICO potentially can’t deal with all the breaches it encounters, then security that will reduce the impact of breaches regardless is crucial.
Given the success of the FoI approach in 2011, following it up in successive years seemed a natural path to take. However, we realised that this would soon become subject to diminishing returns. First, other organisations were quickly seeing the potential of similar FoIs, meaning the impact as a whole would be reduced – it’s hard to interest the media in your particular ongoing research simply by being the original. The media would also be naturally less interested in an organisation that simply told the same old story year after year. Each year we modified the Freedom of Information request and the story attached to it, to ensure that ViaSat’s audience was always receiving fresh insights. This might mean highlighting the discrepancy in how often public sector organisation breaches were reported and penalised against the private sector; it might mean showing how increased financial penalties demonstrate the ICO potentially demonstrate the ICO taking control of its remit. Or it might mean performing additional FoI requests on UK police forces to demonstrate that the real scale of potentially dangerous security breaches is far higher than even those reported to the ICO.
Throughout these stories, we refrained from constantly attacking the ICO: while this might have seemed to have merit, e.g. when showing how the private sector is apparently favoured over the public, as a forward-thinking organisation ViaSat also needed to show it recognised that many of the issues were beyond the ICO and were due to the environment it has to work in. As a result, ViaSat never gave the press the same old same old but was able to engage them year after year with fresh stories. Indeed, it has reached the stage where ViaSat is now a sought-after voice on the ICO and security; for example, by giving comment on the ICO’s own annual report.
Essentially, getting the attention of the media during a scrum such as Infosec can often seem like a crap-shoot. But with the right data, the right story, a willingness to evolve, and a lot of persistence, it can definitely pay off.