How a Small Cybersecurity Firm Turned Obscure Data Into Incredible Content
A few weeks ago, as the fires ignited by the Cambridge Analytica political scandal smoldered in the media, a fellow content marketing nerd sent me a story about a trove of data mistakenly left online by Canadian data firm AggregateIQ. The data clearly linked the company to the work done by Cambridge Analytica on behalf of Ted Cruz’s presidential campaign, as well as other politicians in the U.S., Canada, and the U.K.
It was juicy information from an unlikely source: the unassuming website of California-based cybersecurity firm UpGuard. The company’s director of cyber risk research, Chris Vickery, discovered the sensitive data, which included user credentials that could be exploited by malicious actors. UpGuard published a four-part series that not only detailed AggregateIQ’s technical link to Cambridge Analytica and various political organizations, but also examined the weaknesses in the firm’s security (without revealing sensitive information).
Media outlets picked up on the find and wove it into their own narratives, netting UpGuard some nice earned media along the way. But good press is only a small part of this marketing story.
Serving two masters and getting it right
Vickery’s discovery wasn’t unusual in his line of work. His team spends their days trawling the internet for exposed data, alerting affected parties, and helping them secure it. This work is separate from the commercial arm of the firm, which provides B2B cybersecurity services. Once the data is secured, they report their findings, means of discovery, and the greater significance of the exposure, under a section of their site called Breaches. The AggregateIQ series joined stories about organizations like Booz Allen Hamilton, Dow Jones, and Viacom.
According to the site’s research policy page:
Publicizing these findings raises awareness of the problem of data breaches, both in its scale and the severity of the data exposed. While we believe this activity provides a benefit to the public, and indeed to ourselves as private citizens, it also benefits UpGuard in that UpGuard provides solutions for preventing data breaches and a mature market for cyber risk mitigation would logically benefit UpGuard.
UpGuard’s research team has tapped into a rich vein of content, one the company can leverage at any stage of the buyer journey. I can’t stress how rare this is when it comes to B2B brands and original research. It’s a daunting content category, either academic and hyper-specific or diluted to appeal to a mass audience. But when done right, this kind of research can attract top-of-funnel awareness, nurture leads through multi-channel outreach, and convert buyers at the bottom of the funnel.
Problem is, original research takes time. UpGuard, however, has managed to create a single format that can be deployed repeatedly. The breach reports combine the thought leadership of a white paper, the emotional and narrative elements of a blog post, and the expertise and detail of a case study. It’s newsy enough to work on social, can be teased in a newsletter, or compiled in a sales enablement publication to educate prospects and prove expertise.
So how exactly has UpGuard managed to create one story that works at every stage of the funnel? Let’s take a closer look.
Building a narrative
Unlike much original research, UpGuard’s breach reports tell a story. They go beyond the data at hand, instead offering a story that presents wider context. Take this lede:
Coming amidst a firestorm of scrutiny about how political operations can use and harvest consumer information, including from social media networks like Facebook, the UpGuard Cyber Risk Team can now reveal that a large code repository originating from AggregateIQ, a Canadian political data firm active in the 2016 U.S. presidential race, was left publicly downloadable online.
Since this stage is all about attracting eyeballs and raising eyebrows, the opening helps the audience ease into the technical reporting. The author describes how the data was discovered, which major players are involved, and how it connects to the American political landscape. The installment ends with some dramatic insight into the significance of the exposure:
The revelation that one inadvertent leak can reveal implements designed to potentially influence entire electorates, and perhaps expose millions of people to the invasion of their privacy and the possibility of harm by malicious actors, tells us that the stakes are too high to get this wrong.
This is not a dry, academic whitepaper, which makes it easier to push the story to a wide audience of potential buyers.
UpGuard doesn’t wait until the conclusion to present the immediate dangers of the AggregateIQ data breach. The piece builds a sense of urgency throughout:
If the potential power of the tools exposed in this incident seem extraordinary, the actual occurrence of data exposures as a result of potential misconfiguration is all too common…As it was left publicly downloadable, many sets of internal credentials that could have been used to launch damaging attacks were left out in the open.
For salespeople dealing with uncertain prospects, the ability to stoke the fires of decision is critical, and that’s where content like this can have a real impact. By demonstrating your business has its finger on the pulse of issues as they emerge, you remove the burden of education from the buyer. It’s legitimate thought leadership—the kind of extra perk that prospects care about.
Showing the work
Without the actual research, UpGuard’s pieces would simply be blog fodder. Demonstrating competence—a critical element that drives deals over the line—means illustrating the steps you took to reach your conclusions. UpGuard peppers its reports with screenshots of the data they uncover and takes the reader through the analytical process in varying degrees of detail.
The AggregateIQ series is not as complex as some of UpGuard’s other breach reports, but it still shows the company’s deeper capabilities. Taken in the context of its thought leadership and the urgency created by the dangers described, this serves as another kind of “demo” for UpGuard’s sales team.
Of course, UpGuard’s research is only one part of a larger content marketing program. The site also features blog posts, whitepapers, and more traditional case studies. Any program worth its salt deploys multiple strategic assets across multiple channels. But as far as high-impact, bang-for-your-buck assets go, the breach reports are some of the best research-driven content pieces I’ve come across. Now, you’ll have to excuse me—I’m off to change all my privacy settings.Image by Tom Quandt / Unsplash