IT support for PR agencies: protecting reputation starts with your own systems

The UK PR and communications industry is worth £4.7 billion and employs over 43,000 people across nearly 7,000 agencies. Eighty-five per cent of those agencies have 10 or fewer employees. These are small firms handling extraordinarily sensitive information: embargoed announcements, crisis playbooks, journalist databases, merger details, and political communications. A single IT failure during a client crisis does not just cost money. It destroys the credibility of the very agency hired to manage reputations.

This guide covers the specific IT challenges PR and communications agencies face and what to look for in a managed IT provider that understands the demands of always-on media relations.

Why do PR agencies need specialist IT support?

PR agencies need specialist IT support because they handle highly sensitive embargoed information, maintain journalist databases subject to GDPR, operate in an always-on environment where IT downtime during a client crisis is catastrophic, face elevated phishing risks from constant interaction with unknown external contacts, and rely on high email volumes that create a large attack surface.

The confidentiality imperative

PR agencies routinely handle market-sensitive information that could move share prices. Embargoed press releases about mergers, product launches, or financial results sit in email inboxes, shared drives, and PR distribution platforms for days or weeks before publication. A breach that leaks this information could trigger insider trading investigations, regulatory action, and the immediate loss of the client relationship.

Beyond embargoes, crisis communications playbooks contain the most sensitive possible client information: anticipated scenarios, pre-drafted statements, internal vulnerabilities, and legal strategies. If these documents were exposed, the damage to both client and agency would be profound.

High email volumes and the phishing risk

PR professionals are among the most phishing-vulnerable workers in professional services because their job requires them to constantly interact with unknown external contacts. Journalists, influencers, event organisers, and new business contacts send unsolicited emails every day, and PR staff are trained to respond quickly. This is the exact behaviour that phishing attacks exploit. An estimated 3.4 billion phishing emails are sent daily, and new employees receive their first phishing email within just three weeks of starting.

The risk is compounded by the tools PR agencies use. Media monitoring platforms, distribution services, social media scheduling tools, and CRM systems all connect through email credentials and API access. One compromised account can cascade across multiple systems.

Always-on availability during client crises

Crises do not follow business hours. When a client faces a media storm at 11 PM on a Saturday, the PR team needs immediate access to media monitoring dashboards, journalist databases, email systems, and collaborative documents. If the IT infrastructure fails at that moment, the agency that was hired to manage the crisis cannot function. The reputational damage is not hypothetical: it is the reason PR agencies need IT providers with genuine 24/7 support capability, not just a promise on a website.

What technology do PR and communications agencies use?

PR agencies rely on media monitoring platforms (Cision, Meltwater, Brandwatch), media databases (Muck Rack, Prowly, Roxhill), coverage reporting tools (CoverageBook), wire services (PR Newswire, BusinessWire), social listening platforms (Talkwalker), and standard collaboration tools (Slack, Microsoft Teams, Google Workspace). Each platform requires IT support for integration, security, and credential management.

Category	Key platforms	IT considerations
Media monitoring	Cision (CisionOne), Meltwater	Enterprise pricing (typically £6k–25k+/year), always-on infrastructure, API integrations, bandwidth requirements
Media databases	Muck Rack, Prowly, Roxhill	Journalist PII subject to GDPR, SSO integration, credential management, access controls
Coverage reporting	CoverageBook	Integration with monitoring tools, client sharing permissions
Social listening	Brandwatch, Talkwalker	Significant bandwidth, integration with other tools, data retention policies
Wire services	PR Newswire, BusinessWire	Distribution network access, embargoed content handling, authentication

 

The integration challenge is significant. PR agencies typically use five to ten separate platforms, each with its own authentication, data handling policies, and user management requirements. IT needs to ensure SSO works across as many as possible, credentials are centrally managed, and data flows between tools are secure.

What are the biggest cybersecurity risks for PR agencies?

PR agencies face elevated cybersecurity risks from embargoed information theft, journalist database exposure, social media account hijacking, email interception of sensitive client communications, and the growing use of AI tools for content generation without adequate data governance. The irony is acute: agencies advising clients on crisis communications cannot afford their own IT crises.

Embargoed information and press release security

Press releases containing market-sensitive information are high-value targets. Email interception of embargoed material can trigger insider trading investigations. Compromised wire service accounts or email domains can be used to issue false press releases, potentially causing market panic. In 2023, attackers demonstrated this risk by issuing fraudulent press releases through compromised distribution platforms.

Protection requires end-to-end email encryption for sensitive communications, properly configured SPF, DKIM, and DMARC records to prevent domain spoofing, and strict access controls on shared drives containing embargoed content.

Social media account hijacking

PR agencies manage client social media accounts through scheduling tools that require stored login credentials and API access. A compromised scheduling tool account can give attackers broadcasting capability across multiple client platforms simultaneously. The 2025 figures show 429 million social media accounts compromised globally, with a 34 per cent increase year on year. For PR agencies, the risk is not just the agency’s own accounts but the client accounts they manage, which may represent years of audience building and substantial brand equity.

AI tool data leakage

Sixty-nine per cent of PR professionals now use generative AI, with 64 per cent integrating it into daily communications work. The risk is that sensitive client information, including embargoed content, crisis strategies, and draft statements, is being processed through AI tools without adequate governance. When a PR professional pastes a crisis response draft into ChatGPT for refinement, that client’s sensitive information has left the agency’s control entirely.

The same three-tier governance framework applies: enterprise-licensed AI tools with audit logging for approved use, restricted access for non-confidential ideation, and prohibition of free-tier personal AI accounts for any client work.

How do PR agencies comply with GDPR?

PR agencies must comply with GDPR when storing and processing journalist contact data, with legitimate interest as the accepted legal basis rather than consent. Agencies must keep journalist data accurate, respond to subject access and deletion requests, maintain a compliant privacy policy, and ensure data security. The Data (Use and Access) Act 2025 aligned PECR fines with GDPR levels, reaching up to £17.5 million.

The journalist database question catches many PR agencies off guard. Storing journalist contact details, including personal email addresses and mobile numbers, is processing personal data under GDPR. The legal basis for this processing is legitimate interest, not consent. All major media database platforms operate under this basis.

However, legitimate interest is not a blank cheque. Agencies must keep data accurate and up to date, respond swiftly to subject access and deletion requests, maintain a privacy policy explaining what journalist data is processed and why, and secure that data appropriately. Mass, untargeted pitching undermines the legitimate interest argument, as GDPR effectively pushes agencies toward more targeted, relevant media outreach.

What IT infrastructure does a communications agency need?

PR agencies need cloud-first infrastructure supporting remote crisis response, redundant internet connectivity, mobile device management for teams that operate heavily on phones, VoIP or unified communications platforms for media briefings and press conferences, and backup internet connectivity for failover during critical communications.

VoIP and unified communications

With the UK PSTN switch-off scheduled for January 2027, all businesses must move to digital telephony. For PR agencies, this is an opportunity to upgrade to unified communications platforms that integrate voice, video, messaging, and media briefing capabilities. Microsoft Teams Phone integrates deeply with Microsoft 365 environments. Zoom remains preferred for external-facing press conferences due to superior video quality. Cloud phone systems typically save 30 to 50 per cent compared to traditional telephony.

Mobile device management

PR teams are among the heaviest mobile users in professional services. Media monitoring, crisis response, journalist communications, and social media management all happen on mobile devices. BYOD is prevalent in the agency sector. Mobile device management creates a secure container on personal devices, separating business apps and data from personal content. IT can remotely wipe only business data if a device is lost or stolen, protecting journalist databases and embargoed content without affecting personal photos and messages.

How much does IT support cost for a PR agency?

For a 30-person London PR agency, outsourced IT at a mid-tier MSP costs typically between £20,000 and £25,000 per year. A single in-house junior IT hire costs between £50,000 and £58,000 annually. The always-on nature of PR, with crisis communications and media monitoring outside business hours, makes 24/7 IT support a necessity rather than a luxury.

The cost argument for PR agencies goes beyond the numbers. A single in-house IT person cannot provide 24/7 coverage. They cannot be available at 11 PM on a Saturday when a client crisis breaks. They take holidays. They get ill. For an industry where availability is everything, the built-in redundancy of a managed service provider is not just cost-effective but operationally essential.

What should a PR agency look for in an IT support provider?

PR agencies should prioritise IT providers with experience in the media and communications sector, understanding of always-on availability requirements, 24/7 support capability with proven response times, expertise in email security (SPF, DKIM, DMARC), ability to manage both Macs and PCs, and familiarity with GDPR obligations for media contact databases.

Cubit Technology has supported PR and communications agencies in Central London for over 20 years, including a PR Week Top 50 agency whose email migration from an outdated Exchange server to Outlook 365 was completed in six weeks with zero disruption. We understand that when a client crisis hits, your IT cannot be the reason you cannot respond.

Book a call with Ralph to discuss next steps