The first installment of this article focused on the fundamental elements of digital trust and their business benefits. As with most organizational culture shifts, security leaders are likely to encounter hurdles as they strive for digital trust. One of the foremost challenges involves overcoming the mindset of strictly adhering to predefined roles and responsibilities, often referred to as the “stay in your lane” mentality.
It is a common tendency for individuals to feel more comfortable working in silos than on cross-functional teams. From a security perspective, this inclination is understandable. Under-resourced teams frequently confront a daunting volume of threats, and many practitioners are heavily focused on relatively narrow areas of deep expertise. This focus on specialization is often driven by the necessity of maintaining a high level of proficiency in rapidly evolving areas of cybersecurity.
While the inclination toward a siloed mindset is understandable, it is essential to transcend this approach. Overcoming silos and fostering cross-functional collaboration is imperative in today's interconnected and rapidly evolving digital landscape. Digital trust will not be achieved by working in silos – by definition, and by its very nature, it necessitates a cross-functional approach.
In order to harness the opportunities that digital trust offers, enterprises must take steps to prioritize, plan and collaborate. Only around half of ISACA State of Digital Trust survey respondents agree that there is sufficient collaboration among digital trust fields in their organization – an area in obvious need of attention.
Digital trust involves a broad spectrum of areas within the enterprise, including IT strategy/governance, risk management, assurance, compliance and resilience. There are also several roles and functions that may not be centered on IT but are critical players in establishing digital trust, such as developers, legal teams, and marketing and customer experience departments.
While each of these areas are critical individually, they also must operate in a comprehensive trust environment aligned with the organization’s digital strategy – perhaps aided by a digital trust framework. This comprehensive approach ensures that digital trust is consistently upheld across all aspects of the enterprise. Collaboration and coordination among diverse functions are essential to building and maintaining digital trust effectively.
In practice, achieving this holistic approach has proven to be more challenging than it sounds. As far as we have come in recent years in raising the profile of disciplines such as security, privacy and risk, organizations often find it tempting to concentrate primarily on the conventional IT areas responsible for maintaining and operating systems. It is essential, however, to recognize that processes beyond these technical systems are impacting the overall posture and resilience of the organization.
Therefore, the establishment of a cross-functional digital trust team is a critical part of the equation. This team plays a pivotal role in fostering continuous communications among diverse groups to identify gaps and find connection points that strengthen digital trust. These teams can be especially valuable in increasing the chances of success for complex, technology-intensive projects that are pervasive in today’s enterprise landscape.
A natural question, then, is who should lead the cross-functional team? The common-sense answer points to an individual with robust cross-functional leadership skills, a trait of greater significance than their specific position within the organization. It’s possible that someone from the security team, driven by a passion for digital trust, could excel in this role.
If you simply assign leadership, however, to somebody who is not motivated about cross-functional work or digital trust, you are likely dooming the initiative to fail. Additionally, the chosen person should be comfortable “selling” internally to organizational leadership to advocate for the necessary budget and resources to enable the team’s successful impact.
This underscores the critical significance of gaining organizational support, beginning with the CEO. A C-suite that champions a cross-functional digital trust team fosters the conditions for the team’s success.
This advocacy often translates into allocating the necessary time and resources for the team to achieve tangible progress. Especially in larger organizations, participation on this team should connect to the person’s review process, so that everyone involved has a substantial stake in the outcomes and, ideally, digital trust will be a full-time focus for at least one or two people on the task force.
Growing Your Leadership Skills
The cross-functionality aspect of digital trust creates an opportunity for professionals to step up, share their expertise and exhibit leadership within a digital trust strategy.
That starts with setting the team in motion. Rarely is a cross-functional team created due to a CEO’s idea. Most of the time, someone in the organization says, “I think we need a team to do X.” Often, the person who raises the issue becomes the leader. A great way to move up in your career is to lead a cross-functional team – it can offer a genuine challenge.
In this role, team leaders must develop the skills of active listening and persuasion as you cannot rely on traditional hierarchical methods to achieve tasks. Instead, success centers on your ability to garner consensus and buy-in from peers. You must embrace a team mindset, rather than approaching the task as a disjointed group of individuals pursuing their own agendas.
"Team leaders must develop the skills of active listening and persuasion as you cannot rely on traditional hierarchical methods to achieve tasks"
Security leaders should actively promote and support their team members in taking on leadership roles and sharpening their presentation skills. Advancing in your career often hinges on the ability to effectively communicate and present ideas.
Being proficient at presenting, speaking confidently in front of others, and mastering the art of influence and persuasion is not only a clear path to future leadership roles, but it is also an invaluable skill when leading a cross-functional digital trust team. These skills enable leaders to articulate their vision, gain buy-in, and drive collaborative efforts effectively.
With such a wide range of stakeholders on a digital trust team, it becomes paramount to understand your audience. The way you present to the board of directors is significantly different than presenting to developers. It is essential to know the priorities and concerns of your audience and approach the conversation with flexibility.
Above all, keep your presentation’s objective in mind throughout the conversation. Security leaders can include participation in a cross-functional digital trust team as a goal for members of their team. By nurturing these skills, team members can become effective communicators who tailor their messages to different audiences, ensuring that critical information is conveyed in a clear and impactful manner.
In the early stages of the cross-functional team’s collaboration, it is essential to bring the key challenges to the forefront. This transparency allows participants to gain a better understanding of the issues. Some individuals will be eager to jump to a solution before fully understanding the complexities of the situation.
To set the right tone, emphasize that this is an exploratory meeting with the primary goal of working through a collaborative process as a team. Honesty is essential when discussing goals, expectations and next steps that the team is collectively working to achieve. This fosters a sense of shared purpose and helps establish a solid foundation for the team’s future efforts.
Finally, the value of well-crafted presentation slides should not be underestimated. People understand visual elements, and they are a powerful aid to presentations. However, do not simply dump information onto a slide – instead, tell the story and illustrate it through easy-to-understand examples. The goal is to become so comfortable presenting that you do not need to rely on your slides and speaking points to lead a conversation.
While you are presenting, the conversation will circle back to information that needs more clarity, and some material will be debated or disagreed with. Foster a productive discussion, and do not be afraid of engaging the audience and asking questions – you want to have a discussion, and you do not need to have all the answers ready. You can collaboratively explore and address questions and concerns as a team. This dynamic, interactive approach often leads to richer and more meaningful outcomes.
Incident Response: A Difference-Maker in Driving Trust
Another critical aspect of digital trust where many enterprises miss the mark, and where security leadership can play a pivotal role, is incident response. How organizations manage the aftermath of cybersecurity incidents, when poorly handled, can undermine digital trust. Mishandling these incidents can erode trust to an extent that recovery becomes exceptionally challenging.
From a trust perspective, it is essential to transcend the mere notion of compliance with regulations – for example, the US Securities and Exchange Commission (SEC) approved new requirements for publicly traded companies to disclose cybersecurity incidents within four business days after they discover a material incident.
Compliance alone does not engender trust. Instead, think of a cybersecurity incident as an opportunity to demonstrate transparency and humility. Unfortunately, many enterprise leaders may not share this perspective, especially if they represent a public company that could be in legal peril due to regulatory oversights that might have been preventable.
Again, a cross-functional approach will be important when it comes to incident response. Given the recent cybersecurity rules introduced by the SEC, there are reporting obligations that the legal team should weigh in on. It is important that all of these areas connect on incident response as cross-functional digital trust is being built. While an incident might be labeled as a “security incident,” it impacts the entire organization, and it should be addressed appropriately throughout the entire organization.
It is advisable to have the legal team provide input on the extent of information disclosed and the timing of such disclosures. It is equally important not to solely rely on lawyers for incident response. Lawyers typically focus on legal matters rather than cultivating trust, which should be a primary concern for the broader organization. Therefore, trust-building should remain a collective effort led by those who prioritize trust as a fundamental objective.
Companies must not delay reporting on incidents, especially considering regulatory requirements for timely reports. It is crucial, however, to avoid another common pitfall: the slow and piecemeal release of information. Companies often initially minimize the impact by gradually revealing details, only to retract misleading statements later.
This approach has proven to be quite counterproductive. Be transparent and focus on actionable steps that can genuinely assist affected customers, moving beyond generic solutions like identity monitoring services. This combination of transparency and concrete actions is the key to a successful approach that will mitigate damage and help rebuild trust.
Incident response is comparable to providing exceptional customer support when a product issue arises. Successful companies view it as an opportunity to cultivate customer loyalty by delivering outstanding service.
Similarly, incident response is an opportunity to reveal a company’s genuine character. It is important to remember that digital trust is not only about day-to-day, routine operations; it is more about how companies react when faced with adversity. It is during these critical moments that a company’s commitment to digital trust and integrity truly shines.
Do Not Wait for Permission
Ultimately, ambitious security professionals need to ask themselves this question: where do you want to be when it comes to digital trust – leading the way, actively participating, or merely observing from the sidelines?
Within the collaborative efforts of various stakeholders across the organization, the security team holds a pivotal role in advancing digital trust. You have the potential to be the trailblazer, the digital trust leader at your organization. Do not wait for permission – step into the leadership role.
If you are genuinely passionate about this business imperative and you have the essential leadership skills, you can and should spearhead this initiative. It can be a win-win: strengthening trust in your organization while propelling your own career growth by showcasing your leadership prowess.
Keep in mind that this is a marathon, not a sprint – there will be peaks and valleys as you head down this path, as tackling intricate and complex issues constitutes an ongoing continuous journey. The reward is worth the effort – envision a digital landscape with fewer attacks, fostering sustainable growth and instilling confidence throughout the digital ecosystem. These aspirations make the continuous pursuit of digital trust an endeavor well worth undertaking.