Digital Trust: From Brand Damaging to Brand Managing

Someone recently asked me if I thought it wise to take all his money out of the bank and keep it at home. My eyebrows did an upward movement as I contemplated the dimensions of the question:

  • Why did he think I might think that?
  • Who would think that holding cash at home was ever a good idea?
  • Whaaaat?

He explained that a wealthy friend of his had done so because he was concerned about the cyber escalation in the senseless, barbaric and brutal attack Russia is inflicting on Ukraine. Perhaps Russia would take down the entire western banking system? Did I think that was likely? – as he knew I knew “a bit about cybersecurity.”

My mind cartwheeled through the self-evident flaws in storing large amounts of cash at home – and then telling people you have done so.

I am not going to unpack the rest of that conversation here, other than to say that if there is an event large enough to take down all the banks, holding a lot of polymer (or if in the US, cotton and linen) banknotes is not necessarily going to be all that useful. However, this leads to a bigger question about mainstream trust in technology:

Right now, how far do YOU trust anything you can access on the Internet or via a mobile device to 1) be secure, 2) stay that way and 3) for any company to take genuine, customer-centric correctional steps in the event of anything like a breach?

Do you feel uneasy about the reliability and integrity of most things digital? If so – YANA – as demonstrated in my recent conversation – you are not alone.

More and more people are getting first-hand experience of digital downsides. 

Push authorization frauds (where the perpetrator convinced the victim to send or approve the transaction) are now conducted on an industrial scale. Last year, this type of fraud generated more than half a billion pounds of revenue, per official figures from the UK. 

Friends, family and businesses all have tales of how email accounts were hijacked, identities were catfished or data was stolen with little to no compensation or recourse.

But, beyond these personal stories, we also have a near-continuous and escalating stream of horror stories about technology breaches and failures in large organizations:

  • Billions of private, personal details stolen
  • Critical services interrupted
  • Life-critical technologies (for example, at hospitals) held to ransom

… and each time we cannot imagine how there could be a worse breach, along it comes.

For these reasons (and the added global cyber tensions triggered by Russian aggression), digital trust is fast becoming a hot topic at the top table in major organizations.

What is digital trust? My colleagues at the nonprofit ISACA (who develop a lot of useful resources) define digital trust as: 

“… the confidence in the integrity of relations, interactions and transactions among providers and consumers within an associated digital ecosystem.”

In other words – digital trust is about ensuring the people or other consumers of your services can have faith in the reliability, security and integrity of the products or services an organization delivers.

This might sound like a no-brainer, but achieving consumer confidence in the current climate is no simple walk in the park. To deliver digital trust requires an ability to take something potentially brand-damaging (threats to your technology) and pivot it to deliver competitive advantage: Yes, you may be nervous about attacks on technology – but less so on brand X because they demonstrate a more robust and dependable digital landscape than their competition.

What does successful digital trust require? Inclusion, ethics, security, transparency and confidence that if things go wrong, the organization will own and mitigate the problem.

Digital trust is not something that can be fixed by one department. It requires a coordinated, continuous effort across each enterprise to reflect the relevant principles and standards in everything from privacy and cybersecurity to recruitment and customer service.

There are substantial benefits and rewards to getting digital trust right, but it is not easy to achieve in today’s hyper-connected world. 

Here is an example of how things can go wrong.

Imagine – your enterprise thinks you have everything in place. Marketing has spent a great deal of time promoting the integrity of your digital services. Then, a cloud service you did not realize your organization had a critical dependency on has an outage. Who picks up the cost to the customer if it goes wrong and interrupts your services? 

A successful digital trust initiative has to do more than just applaud the steps your enterprise has in place; it has to know what you will do if (or when) things go wrong. How will you protect your consumers? If you were in the position of the consumer, would your response please or infuriate them?

Think about your own experiences. Are there any companies that you now avoid due to past breaches or outages, and moreover, how those organizations handle those situations?

My own answer is yes. There are quite a few companies I no longer use because I feel alienated by how they mismanaged my data and failed to adequately own the aftermath.

On the flip side, there are quite a few companies that I now use because I have a much deeper level of trust in how they manage and own their territory.

For these reasons, the topic of digital trust is now becoming a boardroom imperative – taking the threats to technology from the brand damaging pile and seeking to instead make it part of managing each brand. 

Which side of the digital trust fence do you think your own enterprise sits on?

What’s Hot on Infosecurity Magazine?