In the cybersecurity world, fear is easy to sell. Headlines announce devastating breaches. Alerts warn us that phishing emails are on the rise. Yet for all the anxiety that cybersecurity messaging generates, it rarely leads to meaningful behavior change. In fact, scare tactics often backfire. People tune out. They freeze up. Or they file the message away under "someone else’s problem."

This disconnect is not a technology issue. It is a communication issue.

The PR Challenge Hidden in Plain Sight

At its core, cybersecurity awareness is a PR and marketing challenge. Getting people to adopt secure behaviors like updating passwords or enabling multi-factor authentication is not all that different from getting them to recycle, wear sunscreen, or floss regularly. It takes more than awareness. It takes connection, consistency, and creative strategy.

The cybersecurity industry would benefit from drawing more directly from the public relations and marketing playbook. We already know what works. The best behavior-change campaigns understand how people think, feel, and act. They tell stories. They simplify complex decisions. They meet people where they are. And they keep showing up with the same message until it sticks.

From Simulation to Strategy: Jigsaw’s PR-Inspired Cyber Campaign

Consider Jigsaw’s suite of personalized security tools for high-risk audiences like journalists and activists. Jigsaw built a phishing quiz based on training with over 10,000 such individuals, informed by real attack simulations and user stories. Supported by the broader Google News Lab initiative, this work included advanced account protection, password alerts, and DDoS mitigation tailored for these vulnerable groups. Though not framed as a storytelling video series, this campaign-level approach centered real threats and real people in its design, modeling the empathy-driven methodology that leads to genuine behavior change.

This is a textbook example of empathy-driven communication, a core tool in the PR arsenal. When you humanize a threat, people see themselves in the narrative. That creates motivation. It builds a bridge between awareness and action. Instead of hearing “you should use multi-factor authentication,” the message becomes “people like you have been targeted, and here is how they protected themselves.”

Interactive Engagement: The UK’s Cyber Aware Innovation

Another campaign that took a page from marketing best practices is the UK government’s Cyber Aware initiative. Rather than pushing static warnings, the campaign created interactive tools that allowed users to test their password strength and simulate real-world cyber scenarios. It turned security education into something participatory. This mirrors what we know works in digital marketing: engagement drives retention.

Marketers have long understood that attention spans are short. Passive content gets forgotten. But when people interact with a brand or message, they are more likely to internalize it. The Cyber Aware campaign did not just tell users to act securely. It helped them feel the urgency of doing so by showing them what was at stake in a format they could control and understand.

Peer-to-Peer Messaging: TikTok’s #SaferTogether Approach

Perhaps the most modern example of PR-savvy cybersecurity messaging came from an unlikely source: TikTok. In 2023, the platform launched the #SaferTogether campaign, which promoted digital literacy and basic cybersecurity hygiene to its core user base, Gen Z. Rather than relying on corporate messaging or government PSAs, TikTok worked with trusted creators who spoke their community’s language. These influencers explained how to spot phishing attempts, manage privacy settings, and avoid misinformation in short-form, relatable content.

This was more than influencer marketing. It was a strategic use of peer-driven messaging, a staple in both public health and consumer PR. People are more likely to take advice from someone they trust, especially if that person feels familiar or aspirational. For a generation skeptical of institutions and traditional authority, this peer-to-peer approach cut through the noise. It was not just a smart PR tactic. It was effective behavior design.

The User-First Framework

Each of these campaigns shares a common trait. They started with the user in mind. They treated cybersecurity not as a technical topic but as a lifestyle behavior. This shift in framing is critical. We do not need users to become experts in threat detection or encryption protocols. We need them to take a few key actions consistently. That is a messaging problem, not a systems problem.

The same rules that drive successful behavior change campaigns apply here. Consistency is key. Language matters. Emotion motivates. And channels must be chosen based on where the audience actually is, not where the brand wants them to be.

Breaking the Expert-to-Expert Communication Trap

Too often, cybersecurity messaging is written by experts for experts. That might work internally. But the public needs plain language, real examples, and clear instructions. More importantly, they need to hear these messages repeatedly, across formats and platforms, before they act. The most effective PR campaigns do not assume a single press release will move the needle. They build momentum through multi-touch storytelling and constant reinforcement.

Cybersecurity leaders would benefit from deeper collaboration with communications professionals. That includes internal communicators, external agencies, and public affairs experts who understand how to translate complexity into clarity. In today’s risk environment, the firewall around your data may be strong, but if your messaging is not, your people are still exposed.

From Compliance to Brand Strategy

We also need to stop treating cybersecurity awareness as a compliance box. It is a brand issue. It is a trust issue. And increasingly, it is a reputation issue. When employees ignore warnings, reuse passwords, or fail to report suspicious activity, it is not because they do not care. It is because no one ever reached them in a way that felt relevant. PR has the tools to fix that.

As the cybersecurity landscape continues to evolve, so must the way we talk about it. Fear may get attention, but it does not create habits. Action comes from understanding. From empathy. From repetition. And from communication strategies that speak to human nature, not just technical standards.

The Path Forward: Connection Over Fear

Cybersecurity does not just need stronger systems. It needs smarter messaging. And the path forward lies in applying the lessons PR and marketing have spent decades perfecting.

If we want people to care, we have to stop shouting warnings and start telling stories. Real behavior change begins not with fear, but with connection.