Cybersecurity Awareness Month: A PR Win or Another Lost Opportunity for Brands?

Cybersecurity Awareness Month (CAM) recently ended, and while it always serves as a helpful reminder for the less security focused that cyber defense needs to be a top priority, marketers only need to look at the headlines that published each week to come to the same conclusion.  

Companies operating in the cybersecurity industry can leverage these moments as powerful storytelling opportunities, helping drive home the importance of the solutions they offer and gain the receptive attention of erstwhile skeptics.  

In this blog, we’ll recap some of the top stories that came out during CAM, discussing how brands can communicate around these to best ensure their expertise is inserted in the conversation, raising brand awareness and credibility.  

CISA Activity Steps Down, Orgs Need to Step Up

October certainly started off with a bang (or was it a whimper?), with the lauded 2015 Cybersecurity Information Sharing Act expiring on the first of the month. While congress considers its extension (and a provision that retroactively protects any information shared between expiration and renewal), critical infrastructure leaders have already expressed concern that they will be less secure without the information sharing made possible by the program.

Tim Starks of CyberScoop had a great conversation with Dave Bittner at The CyberWire about congressional efforts to extend the law here. Tim and Dave shared a great convo and a couple of laughs, with Tim giving some insider perspective on the work being done on Capitol Hill.

Compounding these issues, CISA now finds itself in the midst of layoffs, weaking the organization even more. Most cybersecurity vendors see stories like this as radioactive. Commenting on political debates feels risky with little upside. But avoiding them means missing valuable opportunities to stand out and fill a thought leadership vacuum. Companies can provide authoritative private sector perspectives for stories journalists are already writing, while increasing visibility by offering useful insights to those most affected.

Instead of avoiding the topic, companies should embrace it. This doesn’t mean coming out strongly against one side or the other. They should seek balance, engaging in communications strategies like exploring the importance of collaboration across the cybersecurity industry. Organizations could offer timely bylines, quick video bites or reels, infographics, and social media campaigns focused on best practices and steps to take for organizations feeling strain as information sharing and CISA advisories become more scarce.

Enterprises can build their brands as trusted experts that view potential customers as more than just dollar signs, but rather members of a living, breathing cybersecurity ecosystem that they want to help protect.  

Windows 10, We Hardly Knew Ye (But We Will Soon)

For my endpoint people out there, Windows 10 finally reaching end-of-life in October has been top of mind. While security patches are slated to continue for those who signed up for the Extended Security Updates (ESU) program into 2026, the future implications of Windows ceasing updates for 10 are immediately apparent. Once support ends, vulnerabilities discovered in the operating system from there on out will become a dinner bell for hackers, who will scan networks and systems for vulnerable devices that haven’t migrated to 11 as an easy intrusion point.  

Suffice to say, organizations that don’t know where they have Windows 10 still deployed at that point will find out quickly. Though not in the way they would prefer.  

For cybersecurity vendors, the end of Windows 10 support offers a perfect chance to pitch thought leadership and content on the importance of visibility, the necessity of monitoring endpoints, and the essentiality of cyber hygiene. With predictions around the corner, and costly intrusions nearly guaranteed to take place via Windows 10 systems in the near future, this is an opportunity to take a bold stance, raise awareness around the issue, and build their brand

Malware and Ransomware Haven’t Gone Anyware

It’s hard to view topics as persistent as malware and ransomware as “trends” in the typical sense. They are more facts of life that every organization needs to be vigilant about. And these facts couldn't have been better underscored than by two stories we saw last month (ok, one was early November but I couldn’t leave it out.)  

First, Jaguar’s catastrophic ransomware debacle made headlines once again as the UK.’s Cyber Monitoring Center determined it to be the most costly ransomware event in U.K. history, at a total of £1.9 Billion.  

If the exorbitant potential loss of revenue weren’t enough, ransomware attacks are evolving to become more effective even against those who have taken steps to prepare. According to research from F5 Networks, backups, a traditional saving grace when victimized by ransomware, could be becoming less effective as encryption-less, extortion focused attacks are rising in popularity among cybercriminals.  

In the malware world, Google just published research detailing what they claim to be the first known case of hackers using AI-powered malware in the wild. While this type of attack has long been warned against by cybersecurity experts, the advent of a sophisticated malware that leverages GenAI beyond its ability to enhance phishing attempts should sound alarm bells worldwide.  

While some communications programs can fall into a lull of looking at ransomware and malware focused storylines as old hat, they are anything but. The fact is that they remain one of the most pressing topics in the cybersecurity conversation and should be a core topic covered across thought leadership and rapid response efforts on an ongoing basis.  

Reflecting to Look Ahead

Cybersecurity Awareness Month is a great time for reflection, but one of the main points of reflection is so that we might alter and improve our actions moving forward.  

With the end of the year fast approaching, and 2026 on the immediate horizon, it is the perfect time for cybersecurity organizations to take stock of the stories they’re telling, understand what’s working and what isn’t, and determine how they would really like to present themselves to the customers, prospects, the media, and the general public in the year to come.  

‍