How to secure customer case studies for cybersecurity PR

Written By Zoe McFarland

Customer validation is one of the most effective ways to make cybersecurity PR credible. Buyers and journalists trust what real users say more than what vendors claim.

But there is an art and a skill to getting customers on board. Those taking part need to be assured that the process will be smooth and painless. And if we’re honest, it helps to sweeten the deal if there’s something in it for them as well.

So, if you want to get your customers involved, here are our top tips: 

1. Start as you mean to go on 

Make sure you have the people, resources, and processes in place to manage and nurture key relationships. Turning customers into credible advocates requires ongoing trust, coordination, and active engagement rather than simply asking for occasional quotes or case studies.

2. What’s in it for them?

Customers are more likely to take part if it also supports their story, recognises their team, or gives them visibility for an innovation. So make it clear what they stand to gain by taking part. 

3. Set realistic expectations

While I applaud ambition, don’t expect to go from zero to a media interview with a national newspaper on your first attempt. Start with low-effort, low-risk contributions such as an anonymised insight, a quote for a thought leadership report, or a paragraph in an award entry.

4. Build a customer advocacy ladder

Once you have a foundation in place, then you can become more adventurous. You could invite a customer onto an owned podcast or ask them to take part in a panel debate. Depending on your objectives, you could organise a ‘myth-busting’ session or an event governed by Chatham House Rules, where customers tend to talk more openly because it’s peer-to-peer and useful. Afterwards, you can publish anonymised themes as thought leadership, without putting anyone on the spot.

5. To name or not to name

If naming is sensitive, don’t force it. A strong insight from an anonymised ‘UK retailer’ is still a great story. And once trust has been earned, then you can suggest a case study or joint press release. 

Regardless of your approach, customer involvement should feel like a programme, not a one-off favour. And that means making sure everyone internally has visibility of the process.  

6. Awards can be rewarding

Awards are an underrated part of customer advocacy. They’re recognition-first, not media-first. And customers are often far more comfortable being celebrated for a project than being interviewed about security.

To get the most out of each entry, make sure you do all the heavy lifting. Get your cybersecurity PR agency to write it so all they have to do is approve it. The story should centre on their team and their progress, with your brand in support.

Then ask if the same story can be pitched for a speaking slot. Two outcomes from the same effort. Customers like efficiency as much as you do.

7. Case studies

Make case studies modular. Start with a tight before-and-after narrative: what changed, what improved, what got easier? Keep it outcomes-led and specific. Then build versions you can deploy across earned and owned channels — or include in award entries — without having to rewrite from scratch.

Whatever happens, getting your customers to participate in such activities needs to be easy. Even 15 minutes is enough if the questions are sharp. Take notes, draft quote options, and let them choose what they’re comfortable with. Over time, build a customer quote bank tied to themes you repeatedly talk about, such as resilience, efficiency, audit readiness, and response speed. This reduces repeat asks and keeps approvals smoother.

8. Building trust makes outcomes visible and simple

A lot of customer hesitation is down to fear of the unknown. If that’s the case, share two or three coverage examples of the kind of piece you’re aiming for. Just make sure you keep it relevant to their world.

If you want to go one step further, create a mini media strategy with a suggested headline, key quote, proof points, and a couple of lines on context and media targets. It makes the ask concrete and internal approvals easier, because everyone can see what’s being proposed.

9. Getting ahead of the approvals process

The more you create a clear and consistent workflow for managing customer advocacy, the easier it will be to secure final sign-off. That means agreeing on a simple checklist upfront, confirming the named approver, and keeping drafts, plans, and deadlines clear and simple.

How can cybersecurity brands secure customer case studies for PR — Zoe McFarland, cybersecurity PR at Wildfire

10. Make it a programme, not a scramble

Customer advocacy programmes should run quietly in the background. Keep a living list of advocates. Refresh it quarterly. Use the ladder. And make the value exchange explicit every time. Finally, always close the loop by sharing the outcome — what ran, how it landed, and what they can share internally.

And if you want to make this dependable without adding workload to an already-stretched team, a cybersecurity PR agency can take the operational weight off your plate.

11. Show up for them too

Finally, customer advocacy should be reciprocal. Attend their events, offer a guest blog, host a lunch and learn session, and look for ways to support their goals as well as your own. The strongest advocacy programmes are built on relationships where both sides see clear value.

Zoe McFarland

Associate Director — Zoe prides herself on delivering stand-out results for clients and immerses herself in their businesses to create strategic campaigns that reach the right audiences.

Always on top of the latest trends, Zoe has a love for news-jacking and a passion for injecting new ideas for maximum impact. She is also the office panda enthusiast — not that it would take you long to notice once you see her desk!

Previous

Podcast: Cybersecurity PR Tips with Zoe McFarland
Next

How cybersecurity brands can break into top-tier media