This year Nine23 teamed with a group of companies to deliver a project for the cabinet office about defining cyber security culture in the public sector. Our partners: #Coode Associates, #Culture15 & #Paddle are all experts and SMEs in their fields. The project was without doubt enlightening and over the course of the project we got to meet and talk to many different elements of the UK public sector. From central gov departments to smaller focused organisations we discussed what cyber security was and how their organisations dealt with it at a cultural level.
The standout for me was the interview with Sir Ian Diamond from the Office for National Statics (ONS), who was the only senior board member from any organisation to attend a session on cyber security culture (we did over 100 interviews). His immediate introduction was that he had to lead the culture in the organisation, and he was a breath of fresh air in attitude to what cyber security means to an organisation. Many organisations had the IT/Cyber team, or the comms teams take part, who are all deeply passionate practitioners but not in charge. If you want to know more about the outcomes from this project, please do reach out and we will share as appropriate.
One aspect that we at Nine23 decided to follow up from this project on was regarding our external messaging. We asked Paddle to help us with our position in the market and how we explained what we do and very importantly “why”. The team at Paddle, Torie, Brian, and Jess did several interviews with the team and researched the messaging that is prevalent today within the cyber industry. We were clear from the start that our messaging is tied to our growth and that we must continue to be a trusted partner for our clients.
Through the interviews with us, and the research on the market, which is based on the classic marketing term “FUD” Fear, Uncertainty & Doubt IE. Scare everyone to be secure. The team identified the opportunity for Nine23 to stand out in a commodified and disliked industry. To do this we needed to think about our position in the market and what we want to be known as, we ended with “A strategic partner that gives it to you straight no matter what – Nine23 The refreshingly honest cyber security company”.
One slide from the deck given to us from paddle that was from just discussing with the team our thoughts:
Once we had agreed on our new messaging, we turned to our first trade show in a few years! CyberUK22 was cancelled a few times and we had been due to attend in Wales since 2020, so armed with our new messaging we decided to try it out at the event.
Yes, we did get a few comments and no one else had a message like this 🙂 We backed the message up with a few others “Here to sell you stuff” was a favourite (at a trade show).
To finish, I will give an example of how simple it is to be duped regarding cyber security and that it is not all about complex IT controls and systems. The week before the event I received an email from what I thought was the show organiser stating that we had not sent our company bio in for the digital magazine. I was busy! So, I passed it to marketing with a message to send this information off immediately to the organiser. I did not check the email, as it looked just like all the other messages from the event and just sent it on to be actioned. On review by the marketing team, who had already sent the bio weeks ago it was of course an email harvesting attack and as the CEO of a Cyber Security about to attend the UK’s Cyber Security conference I had not even noticed. The point is, it is extremely easy to be caught out and we are all human.