Elevating Cybersecurity Messaging After Black Hat 2025 - FleishmanHillard

Article

August 27, 2025

By Miranda Sanders

Las Vegas was sweltering for Black Hat 2025, and so were the conversations on the show floor. AI led to much of the discussion as both a powerful tool for defense and a fresh attack vector. For example, there was news on major advances in cloud and endpoint security and rising concern among experts about rising supply chain and infrastructure-targeted threats.

But what stood out to us this year wasn’t just the tech. It was how the conversation around security itself is evolving, raising the bar for communicators everywhere.

The news isn’t gone. It’s just different.

If you felt this year’s coverage was somewhat muted, you’re not alone. Gone are the days when Black Hat was the moment, a guaranteed headline in every tier-one business publication. Instead, the coverage that mattered most came from a handful of reporters, probably with deep, longstanding relationships in the Cyber space. Those publications included The Verge, VentureBeat, Wired, ZDNet or Network World. These reporters already have a clear understanding of a brand’s enterprise security business strategy. They can dive deep to better understand the industry implications from product news, from Google’s move towards better supply chain security, to SentinelOne’s managed services expansion, Microsoft’s “Project Sentinel AI”, Cisco’s quantum-resilient encryption and more.

The threat intel has hit home.

Five years ago, a single research report could dominate the news cycle, with dozens of stories written by security media during Black Hat. Now it takes more. The bar is higher, and editors want hard evidence that connects to real-world risk.

Outlets like Reuters and Bloomberg focused on threats with tangible implications for infrastructure and public safety. For example, Reuters covered activity around APT41 and Iranian cyber espionage. At the same time, Politico discussed the news’ geopolitical implications and potential policy responses.

Bloomberg reported on credible threats to electrical grids and potential impacts on critical infrastructure. The common theme? If threat intelligence impacts – or has a real, credible threat to impact – people’s lives, then it’s worth covering.

Former NYT reporter Nicole Perlroth’s keynote put it bluntly: the human impact of cyber risk is no longer hypothetical. It is today’s reality, and it’s only going to get more devastating. For communicators, translating technical findings into stories about people and policy is now essential.

Reporters want to experience, not just observe.

Several reporters on site said that the things they enjoyed most this year were moments set up by brands where they could place themselves in the shoes of security professionals on the front line of today’s biggest threats – whether during panels, sessions or dedicated private events. Several tier-one media outlets attended a Cisco Talos tabletop exercise. In this hour-long immersive session, they played a Dungeons and Dragons-like game to understand how an incident may play out in real life.

As communicators, prioritizing these immersive opportunities can turn complex topics into compelling stories.

What does this mean for security communicators?

If Black Hat was any indication, media are looking for clear, authoritative voices who can cut through the technical noise and connect security stories to business, policy and human impact. Here’s how to best do that for the most relevant themes we saw come out of Black Hat this year:

AI Dominance: Position spokespeople to discuss both the promise and risks of AI in cybersecurity, using clear, non-technical language.

Supply Chain Risk: Share concrete examples or data on how your organization addresses third-party and supply chain vulnerabilities.

Quantum Security: Media are looking for thought leadership and educational content if your brand is working on quantum-resilient security solutions.

Cloud & Zero Trust: Highlight practical business benefits of zero trust and cloud-native security in your messaging.

Critical Infrastructure & IoT: Prepare proactive statements around your efforts to protect critical infrastructure and IoT.

Real-World Impact: Emphasize how your solutions or research address current, active threats with clear, actionable outcomes.

Geopolitical Context: Be ready with expert commentary connecting cybersecurity developments to broader policy and international issues.

The pace of change in security and security communications isn’t going to slow down. As the landscape evolves, so does our approach to telling the stories that matter.

Stay tuned for more insights into security communications from us in the coming months.