94% of cyber comms professionals call for clearer standards or a code of practice to reduce miscommunication risk
New Whiteoaks International research links demand for greater accountability to commercial pressures, with 61% saying those pressures influence how boldly cyber security capabilities are marketed
Hook, UK – 8 July 2026: 94% of cyber security marketing and PR professionals believe their industry needs clearer communication standards or a code of practice to reduce the risk of miscommunication, according to new research from Whiteoaks International.
The survey of 152 senior UK cyber comms professionals suggests broad recognition that existing safeguards may not always be applied consistently enough. It also points to growing concern that inaccurate, oversimplified or unsupported claims may weaken trust in a sector where buyers need to understand risk clearly. Seven-in-ten (70%) professionals have called specifically for clearer communications standards, while 55% supported a code of practice.
The research suggests this is being intensified by commercial pressure, with six-in-ten (61%) cyber security marketing and PR professionals saying commercial pressures influence how boldly cyber security capabilities are marketed to a moderate or large extent. In a crowded and technically complex market where differentiation is difficult this can create conditions where language drifts from accurate descriptions of what a product does towards broader claims that may imply more certainty than any solution can realistically deliver.
Hayley Goff, CEO of Whiteoaks International, said:
“The pressure to differentiate in a crowded cyber security market is growing, and we see it shape how capabilities get described, often gradually, and often without anyone making a conscious decision to overstate. That’s what makes this a communications problem as much as an accountability one. Buyers making decisions that affect their operations, compliance and reputation deserve language that reflects what a solution can realistically deliver. Clearer industry standards would help ensure that’s consistently the case.”
The risk is not only reputational. 72% of respondents believe exaggerated or vague language increases legal exposure, while almost half (47%) say their organisation has already experienced commercial or reputational impact linked to inaccurate or oversimplified messaging, including lost business, reduced customer confidence and negative coverage.
Speaking at a roundtable convened by Whiteoaks International in London to explore miscommunication in cyber security, Laura Irvine, Head of Regulatory Law at Davidson Chalmers Stewart, added:
“Legal liability arises when a claim does not match what is actually delivered. Cyber security is still earlier in its development as a marketing discipline, and clearer guidance would help reduce ambiguity around the standards they should be able to rely on.”
The research also points to gaps in how communications are reviewed before they reach the market. Only 23% of respondents say all claims are checked by legal teams before publication, while just one-in-three (34%) say they always collaborate with technical teams to ensure their messaging accurately reflects product capabilities.
While (75%) routinely include disclaimers, plain English explanations or risk guidance in their marketing materials, 30% say their messaging is often misunderstood by target audiences regardless, suggesting context alone cannot fix claims that overpromise from the outset.
Joanna Goddard, Chief Experience Officer at National Cyber Resilience Centre Group, said:
“Too often, cyber resilience is communicated as though technology alone can make an organisation 100% secure. It cannot. When brands oversell what technology can do, they create more confusion and ultimately more risk. True cyber resilience needs practical communication focused on risk, relevance and action, and clearer industry standards would help ensure that becomes the norm, not the exception.”
The recommendation builds on issues first raised in the 2023 Business Resilience International Management (BRIM) whitepaper ‘Should the marketing of cyber be regulated?’, co-authored by Joanna Goddard, Laura Irvine and Dr Rois Ni Thuama. The whitepaper set out the case for clearer communications standards to prevent overpromising, reduce buyer confusion and support more responsible marketing of cyber security products and services.
Informed by the BRIM whitepaper and in response to its latest research findings, Whiteoaks has developed a proposed voluntary communications code of practice designed specifically for the cyber security industry. The code sets out ten principles covering accuracy, evidence, clarity, audience relevance and cross-functional review. Whiteoaks International is inviting input from across the cyber security industry to help refine it.
The full report, including the proposed voluntary code of practice, is available here.