According to ISACA, a large majority of IT and security leaders are convinced that achieving digital trust should be a top-tier strategic goal for organizations.
In the cybersecurity association’s latest report, State of Digital Trust 2023, published on May 9, 2023, 84% of respondents said they felt digital trust was extremely or very important to organizations today, and 82% said it will be even more important in five years.
Digital trust is a term coined in 2022 by ISACA when trying to develop a new framework combining knowledge from different disciplines and professions in IT management, governance and security.
ISACA defines digital trust as the confidence in the integrity of the relationship, interactions and transactions among providers, partners and consumers within an associated digital ecosystem. This includes the ability of people, organizations, processes, information and technology to create and maintain a trustworthy digital world.
According to Rolf von Roessing, ISACA evangelist, “You can see digital trust as an umbrella framework that helps show that you have measurable evidence that you can use to provide trust to your customers, business partners and other members of the supply chain,” he said during a digital launching event on May 3, 2023.
Tangible Business Benefits
On the one hand, results from ISACA’s 2023 survey show that security leaders recognize that digital trust is not just integral to innovation, with 79% of respondents saying that it was extremely or very important to digital transformation, but that it “can make or break organizations.”
Respondents reported that high levels of digital trust could lead to tangible business benefits, including a positive reputation (67%), more reliable data for decision-making (57%), fewer privacy breaches and cybersecurity incidents (both 56%) and stronger customer loyalty (55%).
“Cyber-attacks are on the rise and customers increasingly recognize their sophisticated nature. They’ll therefore expect businesses to take the necessary steps to protect and secure their personal data. Those who adopt a company-wide strategy to build digital trust will establish themselves as a credible authority among customer bases and sustainably reap the long-term rewards,” von Roessing said in a public statement.
On the other hand, the report also shows discrepancies between what is recognized in theory and what is actioned in practice.
“Businesses recognize the importance of digital trust, but most are struggling to achieve it,” Chris Dimitriadis, chief global strategy officer at ISACA, said during the launching event.
Many Obstacles
The lack of skills and training comes as the top obstacle, with 52% of respondents mentioning it, followed by the lack of leadership buy-in and alignment with enterprise goals (both 42%), the lack of budget (41%) and the lack of technological resources (38%).
“However, digital trust does not necessarily require a significant budget allocation or the creation of a new C-suite position,” von Roessing argued.
Interestingly, only 64% of respondents believe that their organization prioritizes digital trust corresponding to its level of importance and 38% mention “digital trust is not a priority in my organization” as one of the main obstacles in achieving it.
“All these results are pretty much aligned with what we found last year, which was our first survey on digital trust,” Dimitriadis said.
“The only two exceptions show some improvement in training and collaboration. In 2023, 32% of respondents said that their organization offered digital trust training to staff, compared with only 29% in 2022. More significantly, this year’s report showed that over 40% of surveyed IT and security professionals believed that collaboration was efficient, while under 10% of them thought the same in 2022.”
Findings from the State of Digital Trust 2023 report come from an anonymized, multiple-choice online survey sent by ISACA in January 2023 to approximately 131,000 individuals – members of ISACA and holders of one of ISACA’s certifications or credentials. A total of 8,185 respondents completed the survey, with a margin of error of +/- 1 point.
Towards a Digital Trust Score
Now that the digital trust concept is being more widely recognized, one of ISACA’s next steps is to work towards a digital trust scoring system.
According to Mark Thomas, president of Escoute Consulting, “an independent, publicly available digital trust score […] can serve as a valuable tool to hold organizations accountable for their actions, but it needs to have globally consistent review standards and scope, as well as an automated measurement mechanism.”
“For example, a highly rated organization may have a serious negative incident that requires its score to drop several points in a matter of minutes. Assessment and review parameters have to be active in real time,” he added.