66 days back: inside MalwareBytes's campaign to give cyber professions back their time
FMXA won the ‘B2B for Good’ category at The Drum Awards for B2B in 2021 with its work for MalwareBytes. Drawing attention to the serious issue of stress among cyber security works, it gave a platform to the important subject of mental health. Here, the team behind the entry explains the reasoning behind the project and the plans for its execution.
The nature of cybersecurity jobs is causing burnout, with 88% of CISOs considering themselves under moderate or high stress.
Stress in cybersecurity matters. The nature of cybersecurity jobs is causing burnout, with 88% of CISOs considering themselves to be under moderate or high stress and 48% seeing a negative impact on their mental health.
Our research found that the average time it takes to remediate a cyber breach is 66 days. Using this statistic, FMXA devised a campaign to give cybersecurity professionals these 66 days back. The campaign itself consisted of 4 phases - education, conversation, relaxation and socialization.
Education consisted of a 5000-word report that looked at why mental health matters within the context of global cyberattacks. This was complemented by a series of live webinars analyzing the findings with a panel of cyber experts.
Conversation was kicked off with a series of CISO roundtables in a closed environment. The roundtables validated the report findings as well as uniting peers in person, which participants found refreshing after a year of working from home during the COVID-19 pandemic.
For Relaxation, we offered 15 annual subscriptions to wellbeing apps including Peloton, Headspace, Fender, all selected to help decrease work-related stress levels.
Finally, in the Socialization phase, we conducted a programmatic campaign with a focus on education and awareness.
The webinars generated 2,380 sign-ups while 90 CISOs attended the cyber stress roundtables. The programmatic ads targeted cybersecurity professionals, boosting the reach of the report to 100k. The campaign is still ongoing, with the focus having shifted to Malwarebytes’ digital marketing channels, enabling conversations around cyber stress.
The Objective
Stress in cybersecurity matters. The nature of cybersecurity jobs — defending against cyber attacks carried out by hackers, all whilst fielding increased pressure from the board to cut costs and maintain customer reputation, is causing burnout, negatively affecting performance and wellbeing.
88 percent of CISOs consider themselves to be under moderate or high stress, with 48 percent seeing a negative impact on their mental health. 60 percent of SOC team members are even considering changing careers or leaving their roles due to stress and burnout. Nearly a quarter (23 percent) of CISOs in the UK and US are turning to medication or alcohol to help them cope and almost all (95 percent) are working longer than their contracted hours, missing milestones including family birthdays, weddings, and holidays.
“The front liners are stressed and working long hours as complexity, business awareness and expectation, and serious organized crime ramp up the workload in an environment that is indescribable.” - Global CISO/BISO, Cognizant
Malwarebytes Inc. is an internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. With a deep-rooted belief that when you’re free from threats, you’re free to thrive, Malwarebytes wanted to conduct a campaign focusing on the human impact of cyber threats. They approached FMXA because of our deep-rooted experience in the IT and security market, as well as our history of delivering creative and empathetic campaigns.
“FMXA’s deep-rooted experience in the IT and security market really gave us the running start we needed to ideate and execute quickly.” - Dermot Hurley, International Director of Marketing, Malwarebytes
66 Days Back
Whilst raising awareness and opening the conversation regarding mental health was important, we were also keen to also offer a way to alleviate stress, all whilst tying the campaign back to Malwarebytes and its automated remediation capabilities.
Our research found that the average time it takes to remediate a cyber breach is 66 days. Using this statistic, we devised a campaign concept to give cybersecurity professionals these 66 days back.
“A very real issue. There is simply too much work, so having one less thing to worry about is helpful. As is being mindful of having time back - whether applied to the company or yourself.” - Ex-CISO, Gatwick Airport
The campaign intentionally took a lifestyle approach in terms of design - an approach not traditionally seen within the cyber industry. The design concept asked professionals what they would do if they had 66 days back - whether that be sport, hobbies, or even meditation. The campaign itself consisted of 4 phases - education, conversation, relaxation, and socialization.
Education consisted of a 5000-word research-based report that looked at why stress and mental health matter within the context of global cybercrime and cyberattacks. The report used real data about stress levels amongst security leaders to decipher what the main drivers and impacts of increased stress are. The report was also used as an opportunity to outline tips on how to destress — and how Malwarebytes can facilitate this — with imagery and design reflecting lifestyle and personal wellbeing.
This was complemented by a series of live webinars presenting and analyzing the findings of the cyber stress survey, featuring key stats and discussing Malwarebytes’ capabilities and technology with a panel of cyber experts. Participants were encouraged to ask questions and open up about their experiences with stress at work.
After the success of the live webinars, Conversation was kicked off with a series of roundtables of no more than five CISOs in a closed environment. This was an opportunity for industry professionals to meet their peers, share personal experiences, and discuss the findings of our cyber stress survey. We wanted to provide CISOs, who are often expected to be the most stoic within their organization, with a safe space to discuss topics of workplace stress and mental health with those facing the same challenges as them.
The roundtables allowed us to have the report findings validated by CISOs themselves, as well as unite peers in person, which participants found refreshing after a year of working from home during the COVID-19 pandemic. By focusing not only on the causes and challenges of cyber stress but on potential solutions, we were able to motivate CISOs to take action and start tackling stress with their entire team.
“I like the concept. Working from home has not only opened up the cyber attack space but has also changed how we spend our days, with work and personal merging.” - Advisor to CISO, Clifford Chance
For Relaxation, we offered annual subscriptions to participants to wellbeing apps including Peloton, Headspace, and Fender, all selected to help users reclaim their time and decrease work-related stress levels. By offering a choice between three different subscriptions we made sure to cater to a variety of interests and allow participants to take back their time, their way.
After these initial phases, we wanted to ensure that even cyber professionals who could not attend our roundtable or webinar were made aware of our research around cyber stress and wellbeing. In the Socialization phase, we conducted a programmatic campaign, targeting all cybersecurity roles, with a focus on education and awareness. The programmatic ads took professionals to the cyber stress report, boosting the reach of the report with the aim of opening up the conversation around mental health in the cybersecurity industry.
The Results
By having the confidence to address cyber stress and mental health head-on, we have achieved the intended reaction — opening up the conversation around mental health in cybersecurity — both in the press and with Malwarebytes’ prospects. Cyber professionals have validated that their experience with stress and mental health is reflected in our cyber stress report, and more cyber professionals are talking about mental health within their teams and prioritizing their wellbeing wherever possible.
This has helped transform Malwarebytes’ brand reputation, as customers and clients alike see their concern for the mental health and workplace wellbeing of security teams. By empathizing with security professionals, Malwarebytes is seen as a company that strives to help customers with more than just security, helping them to focus on what matters — both in their professional and personal lives.
“The feedback has been overwhelmingly positive from CISOs and security professionals alike. Everyone can relate to our message and feel this is a topic that should be addressed more often. We have run several webinars over the past few months with over 65 percent attendance rates. We have used the campaign report in a number of events both virtually and in-person and commercially it has helped grow our pipeline significantly.” - Dermot Hurley, International Director of Marketing, Malwarebytes
The 66 Days Back campaign webinar generated 2380 sign-ups and 90 professionals attended the cyber stress roundtables. The subsequent campaign to the wider cyber audience reached over 100k employees. This campaign is still ongoing, with the focus having shifted to Malwarebytes’ digital marketing channels and enabling conversations with professionals around the effects of cyber stress.
This campaign was a winner at The Drum Awards for B2B. To find out more, including which competitions are currently open for entry, visit The Drum Awards website.