In the first instalment of our PR tips for cybersecurity providers series, we explored where organisations look for cyber guidance. In this latest blog, we look at when organisations are most likely to review their cyber insurance and wider security policies, and how brands can capitalise on those demand moments with the right PR strategies.
The 2025/2026 Cyber Security Breaches Survey tells a familiar story, with swathes of organisations across the UK continuing to be impacted by incidents year after year. According to the latest figures, more than four in 10 businesses (43%) experienced a cyber security breach or attack in the last 12 months.
By now, most enterprises understand that cyber threats aren’t hypothetical, and that it’s a case of if rather than when they’re targeted. For cybersecurity providers, that’s good news. Demand for solutions is consistent, and many firms already have a layer of different safeguards in place to ensure their protection.
However, despite the steady annual drumbeat of evidence, our own findings show that many organisations only revisit protective measures such as cyber insurance, and their wider security posture, after specific trigger points, rather than doing so as an ongoing strategic priority.
Having recently commissioned a survey of business owners and C-level execs, we found that the most common reason for companies to discuss or review their insurance policies was the growth or expansion of the business, highlighted as a trigger by 50% of respondents.
With the Cyber Security Breaches survey showing that medium (65%) and large (69%) businesses face more attacks than micro (42%) and small (46%) businesses, it’s a logical approach. As companies grow, they both need greater financial coverage, and are more likely to be confronted with threats, prompting them to review their security posture.
Alongside growth, other common triggers that prompt a review or discussion of cyber insurance policies include a cyber incident impacting the organisation (46%), a significant cyber incident occurring in the news (42%), and a competitor within the industry discussing cyber insurance as a necessity (34%).
Business leaders seek reliable partners in growth phases
From a resilience perspective, organisations only reviewing cyber policies when these triggers arise is far from ideal. It suggests that cyber risk only climbs the priority ladder during moments of change, disruption or scrutiny, rather than being treated as a continuous business consideration.
For cybersecurity providers, however, understanding these trigger points can offer clear insight into when demand for solutions is likely to spike.
It’s notable that growth or expansion is the top trigger for reviewing cyber insurance. When companies scale, they adopt new systems, hire rapidly, expand supply chains and enter new markets. All these changes introduce new points of risk. However, so much change may also push extensive cyber considerations down the agenda, with growth leaders prioritising forward momentum.
For cyber brands, this reinforces the value of early, contextual visibility. When companies in growth phases do start looking for solutions, they’re often moving quickly. In that sense, leadership teams will likely favour suppliers that they already recognise as trusted, credible and scalable.
This makes proactive positioning critical. If brands already see you as a reliable supplier of scalable, critical solutions, you’ll have a significant headstart in what can be relatively short-run races.
Successful PR in this space is, therefore, more about clearly demonstrating how scalable resilience, insurance and preparedness support long‑term success rather than responding to breach‑focused headlines, or alarming messaging.
Incidents can often force the issue
Breaches themselves change this equation, of course.
According to our survey, nearly half of security leaders (46%) say a cyber incident impacting their own organisation would cause them to review cyber insurance policies, while 42% would do so after seeing a significant incident in the news.
These are moments that can trigger an immediate response, when leadership teams stop kicking the can down the road and spring into action. Cyber discussions reach the board level, demand for expertise increases, and firms actively seek solutions that can protect them.
For cyber brands, this opens up natural windows of opportunity. However, capitalising in these moments requires the right PR preparations.
No cyber solutions provider can correctly predict what the next big attack will be. However, you can ensure you have credible spokespeople and trusted media connections in place, so that when threats do make headlines, you’re likely to be well positioned as an expert voice.
By providing the right advice in the right place at the right time, organisations that look to update their cyber policies and posture in the aftermath of incidents are more likely to consider you as a trusted partner to turn to.
Building influence across a broad range of channels
With that said, our research has also confirmed that cyber-related leadership decisions aren’t driven by news coverage alone.
34% of respondents say that a competitor discussing cyber insurance as a necessity would prompt their own review of cyber policies, while nearly a third (32%) point to government framing of cyber insurance as essential. Additionally, 30% say incidents affecting suppliers and instigate discussions.
For cyber solutions providers, these findings highlight the importance of broader visibility strategies that include:
- Collaborating with government‑linked bodies and advisory groups
- Contributing insight to supply‑chain and partner networks
- Building influence with trade bodies, industry associations and other professional networks.
Here to help you develop the right PR strategy
The key is to not rely on any one single method of building visibility and credibility. Firms should develop a strategy that combines proactive PR and reactive PR to ensure they’re at the forefront of prospects’ minds as and when they reevaluate their posture and seek new solutions in response to different triggers.
Very few organisations ignore cyber insurance altogether. Our research shows that just 6% of organisations say that it never comes up in discussions. The conversations will happen. The key for cyber solutions providers is to develop the right PR and marketing strategy that will give the best chance of being part of them.
At Origin Communications, we help cyber brands develop and execute the right strategy for their specific priorities. Contact us today to find out how to build sustained presence across channels that influence business leaders at the right moments.