What Happened
Cyberattacks drain trillions from the global economy every year, yet new research reveals that most ordinary people cannot accurately describe what happens during a breach. Associate Professor Sky's work exposes a troubling gap: the cybersecurity industry has flooded the public with technical terminology, words like "phishing" and "breach," without ever ensuring people actually understand them. Familiarity with a word is not the same as understanding it.
The Communication Angle
Here is the comparison that matters. On one side, you have cybersecurity professionals who communicate like engineers talking to other engineers. They repeat the same terms so frequently that people nod along, assuming comprehension has occurred. On the other side, you have every other high-stakes public safety field, from medicine to fire safety, that long ago figured out how to translate danger into plain, visceral language that moves people to act.
Think about what "phishing" actually means to most people. They have heard the word. They could probably spell it. But ask them what specifically happens to their information, who takes it, what those people do with it next, and the answers fall apart fast. The cybersecurity industry confused repetition with education. Those are not the same thing. Repeating a label does not transfer understanding. It transfers the illusion of understanding, which is actually worse.
What should have happened: concrete, consequence-first language from the start. Not "phishing attack" but "someone pretending to be your bank, tricking you into handing over your password." Not "data breach" but "a stranger now has your name, address, and credit card sitting in a spreadsheet." When you lead with the consequence rather than the category, people stop nodding and start listening. That shift is not a small stylistic choice. It is the difference between someone clicking a dangerous link and someone pausing for two seconds.
The cybersecurity industry had a communication strategy. It just was the wrong one. They optimized for sounding credible to peers rather than being useful to the public. That is a trap many technical fields fall into, and it has a real cost. In this case, the cost is measured in trillion-dollar losses tied directly to human error, which is almost always a failure of understanding, not a failure of intelligence.
This is exactly the kind of scenario I break down in Say It Right Every Time. The chapter on audience translation gives you a framework for identifying the gap between what you know and what your listener can actually use, and then closing that gap without dumbing anything down. The goal is never simplicity for its own sake. The goal is precision aimed at the right target.
Never Be Lost
for Words Again
Get word‑for‑word scripts for the conversations that shape your life, from job interviews and negotiations to difficult talks with family and partners, so you always know exactly what to say and how to say it.
Never Be Lost
for Words Again
Get word‑for‑word scripts for the conversations that shape your life, from job interviews and negotiations to difficult talks with family and partners, so you always know exactly what to say and how to say it.
Key Takeaway
Before you use any technical term with a non-specialist audience, stop and ask yourself: can I describe the real-world consequence of this thing in one plain sentence? If you cannot, you are not ready to communicate it yet. Write the consequence first. Then, if the label helps, add it after. "Someone steals your login by pretending to be a trusted company. That is called phishing." Not the other way around.
