The Path to Playing Offense vs Cyberattackers Requires Communicators to be Conveners

Talk about a body of work, Ray Kerins has held senior communication positions at Merck, Pfizer and most recently at Bayer, where he was SVP, head of corporate affairs. He’s also been on the other side, at Porter Novelli and GCI Group (now BCW), where he started the same week as Bob Pearson, some 23 years ago. Both Pearson and he now are PRNEWS Hall of Fame members. And Kerins has joined Pearson’s newest venture, The Bliss Group, as CEO of its Next Solutions Group.

One of the first things he did was change the group’s name, from Next Security to Next Solutions. It’s more than a name change, though.

This is “an opportunity to do more corporate communication-style engagement, with cybersecurity obviously being one of the main pillars,” he says. The solutions he wants to provide center on corporate-level engagement, including crisis and issues management, public-private partnerships and C-suite executive visibility.

One of the keys to fighting cyber, he says, involves the communicator’s role as a convener of corporate departments. IT alone can’t tackle cybercrime. “It’s too big” an issue, he says. PR pros are key to a multi-pronged effort, which includes training, he says.

Kerins’s remarks were lightly edited.


PRNEWS: With people returning to the office, the White House and Congress paying more attention to cyber and companies like yours ramping up cyber units, will we see fewer cyberattacks in 2022? Or will bad actors work harder to evade defenses as a new report suggests?

Ray Kerins: Cybercrime is growing and is relevant to all organizations, large, small and medium. It’s on the increase and must be stopped. Our ability to work with our partners, clients and other organizations, be they the government or third-party groups, is where the real offering comes in. We are much stronger together, working on a partnership level, than we are as individual organizations.


PRNEWS: Will the emphasis on cyber perhaps reduce the frequency of attacks, or are bad actors so good that we must get better?

Kerins: We, as a society, have to get better. Think about it. We’re on 24/7, on our phones, computers, smart TVs, our smart thermostats. We have to behave better as a society. That includes every one of us, including yours truly.

Currently we’re playing defense to both organized crime and state-sponsored bad actors who are trying to disrupt [us and our businesses]. For example, with state-sponsored ransomware, [cyber criminals are] disrupting your business, but also stealing your intellectual property.

We need to, collectively, figure out how to play offense. We have to think about how we approach, behave and interact with our systems. Because [hackers] are constantly looking for a way into your system and it’s coming in different forms.

Our cyber team goes into a company’s system, looks for weaknesses and if it finds any, reports back and offers solutions for those challenges. But you can only do that so much.

We have to instill high-level training so people understand how these things work. So, for example, you go into a hotel lobby and you see ‘Free WiFi’ signs. Is that secure? By the way, when you click on it, the system tells you ‘This is not secure.’ But, yet we all do it.

So, when I talk about changing our mindset and the way we behave, training becomes a very important part of that.

But, again, we must be partnering with like-minded organizations to change the way we’re thinking.


PRNEWS: On that point, you’ve been doing some work across industries. That must have influenced your thinking.

Kerins: For the past five years I’ve been chairman of the Global Innovation Policy Center, which is under the Chamber of Commerce. The whole idea is protecting innovation and intellectual property, thwarting counterfeiting and working with governments all over the world to make sure they have laws to allow innovation, but also laws to protect innovators against people trying to steal intellectual property.

It’s a terrific organization of a multitude of different industries. So, it’s healthcare, technology, entertainment. The concept becomes, once again, that we are much stronger together than as stand-alone companies. This is what I’ve spent most of my career doing, which is [answering the question], ‘How do you build those organizations into something that will have a real impact?’


PRNEWS: So, how do communicators fit into all this?

Kerins: Having worked for three large global corporations and now with my third major agency, [I’ve learned] communicators, especially in large corporations, are the epicenter, the connectivity, the wiring that connects all the different groups. There’s no other group that cuts across the enterprise like communicators.

Communicators typically are the conveners. They don’t often have the subject-matter expertise, but they have the ability to bring all the parties together.

The partnerships that have to exist at the highest levels [to fight cybercrime] are beyond IT. Now, IT is a terrific partner, but it also needs legal and compliance. And the C-Suite as a whole has to understand the challenges that the company faces. The pipeline can be shut down. Just a few years ago, the U.S. government was hacked. Names of employees were exposed; members of my [current] team were hacked.

We have to open our eyes. This is for real. This is not going away. You can’t let the other guy handle it or say, ‘We’ll handle it when it comes our way.’ This has to be a proactive approach, now, to make sure you’re protecting yourself and your organization, as well as your customers and anyone else who has information in your system.


PRNEWS: Are people taking cybercrime seriously?

Kerins: Yes. As you said, the US government is supporting and putting in place the proper folks. There’s a new group under the Department of Homeland Security (CISA, the US Cybersecurity and Infrastructure Security Agency). There are other groups in the government, like the FBI, who are looking at how you create public-private partnerships to share information.


PRNEWS: Speaking of information-sharing, talk about transparency and cybercrime reporting. We noted in October that new federal rules and legislation is pending regarding communicating cyberattacks and divulging information.

Kerins: Right. Let’s look at ransomware. The concept is that [hackers] will go into your system…for up to a year…the average is about 280 days. They’re in your system looking for other ways in…eventually, they take over your whole network.

OK, often we don’t hear about all the ransomware attacks. But, as you said, rules and legislation are pending about reporting and disclosing attacks.

The question we have to ask is, ‘Is it a good idea for all of it to go public? Or should there be a location where [the information] can be shared with government and also with other corporations?’ So, wouldn’t it be interesting if the answer was that you have a convener, in a public-private partnership, that allowed companies to share confidential information with other companies and we all learn from it?


PRNEWS: Say I’m a member of a small, one- to two-person, communication team. I don’t think my company has done much about cybersecurity. What should I do?

Kerins: I’ll give you two actions that any organization should take. Number 1, as I said, it goes beyond IT. Instead, go to your risk-management team, which usually is comprised of folks from different parts of the organization. That is a tailored group that needs and wants to hear about the [cyber] challenge.

When I was in my previous life, cyber was one line, buried in a [risk-management assessment] of threats corporations are facing. Now, it’s almost half a page. It’s a challenge for companies and, by the way, it’s a reputation issue. You get hit with a cyberattack and the people whose information was unfortunately divulged are not very happy with you. It can hurt your reputation with customers, employees and suppliers. So, pay attention to it.

Number 2 is training. Find out who’s in charge of training at your company. And don’t just mention cyber; discuss other issues that have an impact on reputation.

Look, we know there are challenges with training. Everybody knows they have to do it, but particularly, you find people saying, ‘Ok, ok, I’ll get to it when I get to it.’ Of course, that shouldn’t be the approach. It needs to be a holistic approach and you need buy-in from the C-suite. It needs to come from the top.

Those two things are standard across the board, no matter the size of the organization. First, risk management and then training.


PRNEWS: You’ve been a corporate communicator for years. What will you bring to the agency side?

Kerins: [On the corporate side] I always ran my team as an agency. I’ll tell you why. There’s no greater feeling when you walk into a room for brainstorming and you receive great thinking. When you work as a collective team, you know you’re working together to solve an issue. That’s one of the benefits of working on the consulting or agency side. You have a group of people who really want to help you succeed and want to get involved. It’s real camaraderie.

So, I’ve always run teams as an agency...and referred to our [executives as our] clients or customers. It’s a very customer- and service-oriented view of the world.

What will I bring to the agency world? Do what’s right, not political, and you can’t go wrong. If you do what’s right, I will stand in front of any speeding bullet that comes your way.

Don’t be afraid to speak up. I want to hear different opinions. Nobody gets everything right. I want to hear about what’s going wrong from my people, not from external sources.

Any researcher in the bio fields will tell you, ‘We fail more than we succeed.’ Now, I don’t want to fail more than I succeed on the communication side. That would be a bad thing, but don’t fear innovation in your communication or in a partnership. Let’s try something new. If we fail, maybe we’ll learn from it for the next time. Taking risk is OK.

You empower people, you trust them and set them free. Don’t micromanage them. It’s OK to speak truth to power. Show them with your actions it’s OK to question and speak up. Of course, it’s important how you say it.

You pay me to tell you things you don’t want to hear. Again, the message is as important as how you say it. But if we truly respect our customer, you have to give them an honest opinion of what’s happening. n