AI & TechBusinessCybersecurityDigital MarketingNewswireTechnology

A Financial Planner’s Top Cybersecurity Lesson for You

▼ Summary

– A cybersecurity speaker realized his talk scared financial advisors, leading him to question if the industry’s language unnecessarily frightens non-experts.
– The author notes that cybersecurity terms like “threat actors” and “Advanced Persistent Threats” sound alarming to outsiders, though they refer to everyday scams.
– Non-experts often react to warnings by dismissing advice as alarmist or avoiding technology entirely, neither of which is helpful.
– The author believes cybersecurity should educate and empower people with practical risk-reduction steps, not intimidate them with worst-case scenarios.
– The goal is to help people recognize scams and make informed decisions, leaving them confident rather than frightened.

At a recent cybersecurity awareness event for financial planners and tax advisors, I noticed something surprising about the audience response. During my presentation, the room was clearly engaged, but afterward, many attendees approached me with a similar reaction: they said they were scared by what they had heard.

That word “scared” stuck with me long after I returned to the office. At first, I worried that I had failed in my mission to raise awareness about security threats and risks. Then I began to question whether the cybersecurity industry itself makes things harder than necessary. By describing risks in ways that sound frightening, overly technical, or overwhelming, we may be alienating the very people we want to help protect themselves and their businesses.

The problem with how we talk about threats

Anyone who has seen me speak knows I don’t indulge in irresponsible hype or claim the sky is falling. I reject the tactic of selling security through fear, uncertainty, and doubt (FUD). My goal has always been to frame information security as a critical business issue, not to scare people into buying products or services.

Because I work as a security consultant, I naturally view new or emerging threats as risks to be managed. I discuss data breaches, CEO fraud, and ransomware in a measured, professional tone. But I began to wonder: am I so accustomed to this language that I fail to recognize how frightening it sounds to those outside my field?

Later, I recalled a conversation with the event organizer, who worked in financial planning. He asked if I had proper protection for both my business and personal life. I believed I had most bases covered with insurance and pensions, but his questions stirred something in me. I’ll admit it: I felt a flicker of fear that I might be missing a crucial piece of protection.

What it feels like to be the non-expert in the room

His intention wasn’t to scare me. He was simply applying his domain knowledge to my situation. It was me, as a non-expert in financial matters, who reacted with anxiety.

We are all experts in our own fields. For him, pensions and insurance were natural conversation starters. For me, it’s information security. When we step outside our areas of expertise, even casual talk can provoke worry. For the uninitiated, any mention of technology can tip the needle toward panic.

Part of the issue is language. In cybersecurity, we use terms like “threat actors,” “Advanced Persistent Threats,” “phishing campaigns,” and “compromised credentials.” To us, these are everyday phrases. To everyone else, they sound like dialogue from a spy novel. In reality, we are often talking about criminals, scams, fraud, and people trying to trick us into handing over money or information.

The goal is confidence, not expertise

When people feel overwhelmed by warnings about cybercrime, two common reactions emerge. Some dismiss the advice as too complicated or alarmist. Others become so afraid of making a mistake that they avoid using technology altogether. Neither response is helpful.

My recent experience was a valuable reminder that what seems normal and everyday to cybersecurity professionals can be frightening to anyone outside that bubble. Many business owners rely on the expertise of professionals in legal, finance, or PR fields. Those experts use unfamiliar terms. It’s not our job to become experts in every domain, but to be informed enough to ask the right questions.

Conversely, when we are the ones sharing knowledge, it’s our responsibility to deliver the message in a way that educates rather than intimidates.

Cybersecurity should not be about frightening people with stories of hackers, breaches, and worst-case scenarios. It should be about helping people understand the practical steps they can take to reduce risk. The goal is not to turn everyone into cybersecurity experts, but to help people recognize scams, ask good questions, make informed decisions, and feel confident using technology. If people leave a security presentation feeling empowered rather than frightened, then we have done our job properly.

(Source: Help Net Security)

Topics

cybersecurity awareness 95% empowerment over fear 90% effective communication 89% fear uncertainty doubt 88% cybersecurity language 87% expert vs non-expert 85% practical security steps 84% Risk Management 82% Audience Engagement 78% professional expertise 76%