diff --git a/controllers/configurationpolicy_controller.go b/controllers/configurationpolicy_controller.go
index ea0ed19c..202b5877 100644
--- a/controllers/configurationpolicy_controller.go
+++ b/controllers/configurationpolicy_controller.go
@@ -2792,8 +2792,9 @@ func handleDiff(
 	case policyv1.RecordDiffInStatus:
 		return computedDiff
 	case policyv1.RecordDiffCensored:
-		return `# This diff may contain sensitive data. The "recordDiff" field must be set to "InStatus" ` +
-			`to record a diff.`
+		return `# This diff might contain sensitive data. The spec["object-templates"][]["recordDiff"] field must be ` +
+			`set to "InStatus" for the differences to be recorded in the policy status. Consider existing access to ` +
+			`the ConfigurationPolicy objects and the etcd encryption configuration before you proceed.`
 	}
 
 	return ""
diff --git a/test/e2e/case39_diff_generation_test.go b/test/e2e/case39_diff_generation_test.go
index 461bee8e..edbae15a 100644
--- a/test/e2e/case39_diff_generation_test.go
+++ b/test/e2e/case39_diff_generation_test.go
@@ -148,8 +148,9 @@ var _ = Describe("Diff generation with sensitive input", Ordered, func() {
 
 		diff, _, _ := unstructured.NestedString(relatedObjects[0].(map[string]interface{}), "properties", "diff")
 		Expect(diff).To(Equal(
-			`# This diff may contain sensitive data. The "recordDiff" field must be set to "InStatus" ` +
-				`to record a diff.`,
+			`# This diff might contain sensitive data. The spec["object-templates"][]["recordDiff"] field must be ` +
+				`set to "InStatus" for the differences to be recorded in the policy status. Consider existing access ` +
+				`to the ConfigurationPolicy objects and the etcd encryption configuration before you proceed.`,
 		))
 	})
 
@@ -179,8 +180,9 @@ var _ = Describe("Diff generation with sensitive input", Ordered, func() {
 
 		diff, _, _ := unstructured.NestedString(relatedObjects[0].(map[string]interface{}), "properties", "diff")
 		Expect(diff).To(Equal(
-			`# This diff may contain sensitive data. The "recordDiff" field must be set to "InStatus" ` +
-				`to record a diff.`,
+			`# This diff might contain sensitive data. The spec["object-templates"][]["recordDiff"] field must be ` +
+				`set to "InStatus" for the differences to be recorded in the policy status. Consider existing access ` +
+				`to the ConfigurationPolicy objects and the etcd encryption configuration before you proceed.`,
 		))
 	})
 
@@ -210,8 +212,9 @@ var _ = Describe("Diff generation with sensitive input", Ordered, func() {
 
 		diff, _, _ := unstructured.NestedString(relatedObjects[0].(map[string]interface{}), "properties", "diff")
 		Expect(diff).To(Equal(
-			`# This diff may contain sensitive data. The "recordDiff" field must be set to "InStatus" ` +
-				`to record a diff.`,
+			`# This diff might contain sensitive data. The spec["object-templates"][]["recordDiff"] field must be ` +
+				`set to "InStatus" for the differences to be recorded in the policy status. Consider existing access ` +
+				`to the ConfigurationPolicy objects and the etcd encryption configuration before you proceed.`,
 		))
 
 		By("Enforcing the policy removes the diff message")