News

Kaseya cyberattack: semiological deciphering of CEO Fred Voccola’s speech

12 July 2021

Decryption on the Kaseya cyberattack

On July 2, the American software company Kaseya was the victim of one of the biggest cyberattacks in history.

The latter, operated by the REvil group, is said to have impacted between 800 and 1,500 companies. A few days later, Fred Voccola, CEO of Kaseya, spoke on video.

Semiological deciphering of the CEO’s speech following the ransomware cyberattack of which the American company was a victim. By Claire JUIFF, crisis management and crisis communication manager at Alcyconie.

Staff enter the headquarters of information technology firm Kaseya in Miami, Florida, U.S., in an undated still image from video. Kaseya/Handout via REUTERS NO RESALES. NO ARCHIVES. THIS IMAGE HAS BEEN SUPPLIED BY A THIRD PARTY.

On the first viewing of the video, one can only be, at first glance, surprised by the apparent serenity of the scene.

Far from the usual swarming and images of data centers in effervescence, to which the media have accustomed us in such circumstances, we find ourselves here in front of a CEO facing the camera, with a serious face and an assertive word, unfolding a well-crafted speech. A calm, which at least surprises and can also raise questions. A leader perched in his ivory tower completely disconnected from the situation? Or a desire to break the codes of crisis communication by not being the “victim” of an attack but rather the outstanding manager of the resolution of an event that has sadly become commonplace?

I propose an analysis of this second bias, based on the deciphering of the discourse, but also on the analysis of metadiscursive elements (such as posture in front of the camera, clothing and choice of décor) that make it possible to reinforce certain messages and nuance others.

Observation 1: Kaseya’s CEO does not pose as a victim, but as a crisis manager

While we often talk about companies being “victims of cyberattacks”, Fred Voccola gives us a lesson in reaction and tells us about the exemplary nature of their management of events with a lot of discursive hyperbole and visual symbols.

YouTube Video Link

To name but a few:

  • The choice to film the CEO from an office. The bias could have been to film the IT teams in the data center or to film the CEO in front of the company’s headquarters: instead, we are embedded in the offices, where strategic decisions are made. An office high up, like a control tower, symbolizing the panoramic view of events and teams.
  • Graphically, it is still Fred Voccola who is the center of attention. The camera is focused on him, alternating between front and profile angles. Not on his IT teams, not on the assets affected by the attack, but on the crisis manager, straight in his boots, with a confident posture.
  • A notable opposition between reason and emotion: the rationality and wisdom of the imperturbable crisis director, in opposition to the emotion of his customers: “that decision was very easy to make because we were following a playbook, but painful for our customers”. The well-known historical opposition of logos and sophia – its second sentence begins with “So first, the facts” – with pathos and doxa.
  • The first minutes of his intervention are structured in the manner of a situation report from a crisis director to his cell. He even announces the agenda: “what we know, what we are doing to solve the incident”, “to help”, “the next steps”. This is followed by a speech with a lot of numbers and statistics – the facts take precedence and he takes us on board in his crisis management.
  • The structure of the speech reinforces Fred Voccola’s message that the situation could not have been better managed: after a quick description of the weak signals, he describes an immediate and methodical action that follows step by step the “cyberdefense playbook” (a kind of operational crisis management manual dedicated to the management of cyberattack situations). He depicts a prepared, processed, quasi-military company operating when the crisis imposes it. The lexical field used to describe the preparation and responsiveness of its teams speaks for itself: “in an hour”, “immediately”, “the rapid response team of Kaseya”.
  • Fred Voccola does not content himself with recounting the facts; He embarks on a real storytelling of the attack: chronology of events, organization deployed internally and impact on the physical and psychological well-being of employees… Making the crisis an opportunity for communication by sharing a subject of interest, occupying the media space, speaking out to avoid it being done for him: techniques that are well known in crisis communication but which can still give rise to certain criticisms. The criticisms, in our case, have not focused on the facts themselves, but on the interpretation that Fred Voccola makes and claims. He says it himself: “the attack was managed very well”. Let’s now see in detail what this posture and interpretation is, which has given rise to strong reactions in the French cyber sphere.

Finding 2: Kaseya’s impacts and responsibility are minimized

If this speech, already viewed no less than 20,000 times on YouTube, has caused so much reaction, it is because depending on our cultural habits, we are more or less sensitive to certain elements. Fred Voccola’s message can indeed be trivially summarized as: “not only does it happen to everyone, but we were damn well prepared and surrounded!” A message that makes people cringe without too much surprise.

A key to deciphering this message lies in the opposition between the global, growing and highly impactful aspect of cyberattacks, which is highlighted with a lot of hyperbole, and the minimization of the impacts in the specific case of Kaseya. Some illustrations in detail:

  • “Even the best defenses in the world gets scored upon”: a statement by Fred Voccola will support several times in his speech, with his own words “we all experienced it (…) it was Kaseya’s turn”, but also with a quote from Karspersky’s CEO: “it’s not a matter of if it’s a matter of when”. Finally, an interesting communication strategy, it begins a substantial list of the competing companies that have borne the brunt of similar attacks. After specifying that Microsoft had been attacked on multiple occasions, named Juniper and Solarwinds, among others. Voccola claims “huge energy companies have had breaches” alluding to the iconic and media-friendly May attack on Colonial Pipeline.
  • “How many companies haven’t had a breach?”: the use of a negative grammatical turn of phrase reinforces that companies that have not suffered cyberattacks are the exception.
  • The mention of quasi-fictional elements, worthy of an American series: the intervention of the FBI, the White House management, the competitors who suddenly start to offer their help and support them in their crisis management…
  • The media coverage of the event which seems to reinforce its unprecedented scale: “An incredible scrutiny from the press”; “suddenly, ransomware and cybercrime have become the topic of the day”.
  • Facts, facts, always facts: in terms of customer impacts, “the very small number of people who have been reached” would represent “only 50 customers impacted out of the 37,000 that Kaseya has”; As for the technical impacts, a sentence: “We kept this breach to one modual of our 27 moduals”, without forgetting the clarification that thanks to their modular architecture, no propagation has occurred.
  • The alternation between hyperbole describing incident response such as “our Awesome partners”, “we’re doing this with the best people in the world” and an assumed trivialization of the attack “it could have been much worse; the impact of this very sophisticated attack is very minimal”.

Not only are the acknowledgment of one’s wrongs and the posture of humility more important for the French than the Americans, but we are certainly less accustomed on a daily basis to the use of hyperbole, to which Fred Voccola resorts here without limit: no wonder this speech has provoked mixed reactions!

Fred Voccola’s account values Kaseya’s reaction so much that one would forget that before the reaction and crisis management phase, comes the preparation: How could this flaw happen? Why was the detection done at the time of the observation of malfunctions, and not via a preventive observation that would have blocked any intrusion or fraudulent action? So many questions that the CEO does not answer and above all that he does not deign to address. If to err is human, the fact of wanting to hide it is sometimes badly perceived.

Observation 3: A call for solidarity and empathy: “Together in adversity!”

The minimization of Kaseya’s impact and responsibility in the occurrence of this cyberattack goes hand in hand with a discourse that is intended to be unifying. Fred Voccola describes a “Kaseya Community” that he mentions many times and that we don’t know exactly who it is referring to. In the end, it doesn’t matter: we, the spectators, are invited to join this community as a relay of opinion and to face the adversary, referred to as “criminals”.

This idea of community is illustrated in different ways:

  • In the speech, by the numbers: the mention that of the 1,600 employees of Kaseya, several hundred are mobilized;
  • The point that many customers being OSPs (Outsourced Service Providers), the MSP (Managed Service Provider) ultimately indirectly manages the IT equipment of a million companies!
  • By evoking the different actors mobilized: the White House, the FBI, competitors… leading us to visualize, like the epinal image of a perfectly fluid private and institutional collaboration, that everyone stands together to face the aggressor and that the market stakes no longer exist.
  • By the dress codes and the work of presentation. We are faced with a CEO in a striped T-shirt, with an unshaven beard who is here a reflection of his IT teams, whom he mentions several times as “not having slept more than four hours in recent days”.

In conclusion, perhaps we should talk about the last minutes of his speech, dedicated… to take into account its customers! Taking into account the feelings of its customers has the merit of existing: “I hope this does not sound like we’re disminishing”… but remains very clumsy! Counterbalanced by new words diminishing Kaseya’s responsibility, the thought for its customers comes at the end and very quickly turns towards a commercial speech: “we want to remain your trusted partner!”

Words turned towards the future and the first steps towards the end of the crisis. The title of the video published on Kaseya’s YouTube channel is eloquent: “Kaseya CEO Fred Voccola addresses cyberattack and next steps for VSA customers”. While for many companies, the resumption of activity is difficult to officially launch, it is affirmed here: not only is activity resuming, but everyone is encouraged to contribute to its dynamism by becoming a customer.

Information systems security (PACS) support and consulting provider qualified by the ANSSI.

Dive into our case studies

See the case studies

Contact us

Want to know more? To be contacted again? Click here!

See the training

Our news

Alcyconie in the press

View All

Read the article

Resilience in the era of AI: the delicate art of balance - Maddyness
Press

Resilience in the era of AI: the delicate art of balance - Maddyness

4 December 2025

Read the article

When cognitive psychology sheds light on cyber crisis management
Blog

When cognitive psychology sheds light on cyber crisis management

6 November 2025

Read the article

Ransomware, Confusion, and Critical Decisions: A Cyber Crisis Simulation Autopsy - Alliancy
Press

Ransomware, Confusion, and Critical Decisions: A Cyber Crisis Simulation Autopsy - Alliancy

1 September 2025

Suspicion of crisis? Alert our teams!