Missing out on your Colin the Caterpillar cake? What it takes to make us finally care about cybersecurity.

I’m a huge fan of Marks & Spencer. So you can imagine my frustration at not being able to browse the latest fits or order the full food range online recently. Unfortunately, a trip to my local Co-op hasn’t helped to fill my cupboards, as the supermarket’s shelves have also been looking a little sparse.  

Recent cyberattacks on Marks & Spencer, Co-op and Harrods have crippled their operations. For many customers, this is the first experience of a physical side to cybercrime. Previously, the impact was invisible – data leaks and ransomware attacks don’t have an immediate physical effect. 

This has led to apathy around cybersecurity. The intangibility of stolen data is hard to process. Abstract technical language, unclear victims and fatigue from scaremongering tactics make it hard for cybersecurity warnings to resonate. 

Recent attacks have disrupted our physical worlds – not being able to buy milk or order a birthday present online shakes up everyday convenience. What was once a business concern now impacts many more of us. 

It’s not just a technology issue. Yes, tech brands often hold more responsibility when it comes to protecting customers. But heightened awareness of how attacks can impact our lives – whether that’s protecting data or simply ensuring our favourite crisps will be in stock – means that brands must show the steps they’re taking to look after customers, or risk losing their trust. 

Cybersecurity brands have a moment to cut through the apathy and lead while interest is high and the impact of attacks is clear. Other brands can also stand out by showing what they’re doing to protect customers and keep operations moving. Here’s how: 

1. Less Fearmongering, More Relevance 

Messaging and media reporting around cybersecurity have relied on “apocalypse now” scenarios – hackers in hoodies, dark web doomsday language designed to shock. But fear without context creates fatigue, not action 

Brands must show why cybersecurity matters – how it connects to the food they buy, the bills they pay or the logistics that keep society moving. Communicators should stop trying to scare people and instead show how cyber resiliency underpins everyday life. 

2. Fewer Acronyms, More Relatable Stories  

DDoS, APT, MFA, SOC – the jargon often used in cybersecurity excludes anyone outside the IT department. In crisis moments, this alienates customers, fuels distrust and makes it easy to miss key details. 

Storytelling must focus on people. How did a cyberattack stop someone from accessing their prescription? Why did a bakery run out of flour? Which small businesses were collateral damage? Good cybersecurity communication should translate complexity into clarity. 

3. Real Case Studies That Link Digital Risk to Physical Impact  

Whether you’re a retailer or a cybersecurity brand, use real-world impact as the starting point. Talk about outcomes, not input. People understand queues and outages more than they do “ransomware payloads.” 

If your brand is providing critical services, show it. Don’t just list your technical capabilities – show how they prevented outages, kept services online or helped a business recover faster. 

With a public appetite for understanding, not just reassurance, this is an opportunity for communicators to lead. Build in transparency. Invest in customer education that goes beyond password hygiene. Create ongoing content that treats cybersecurity not as an emergency response, but as a part of the brand’s long-term commitment to operational resilience. 

This is a teachable moment for the industry. The public is paying attention. Let’s not waste the chance to speak in ways that inform, engage and build trust.