This is part one of a two-part series on advancing digital trust in a security context.
The term “digital trust” has gained traction in the business landscape, but many people hear “digital trust” and equate it to avoiding cybersecurity incidents.
In reality, security leaders hold a significant role in this mission, but building digital trust requires much more than a high-performing security team.
Viewed in this broader sense, digital trust is defined by ISACA as the confidence in the relationship and transactions among providers and consumers within the digital ecosystem, including the ability of people, organizations, processes, information and technology to create and maintain a trustworthy digital world.
Customers expect a reasonable degree of digital trust from every organization with a digital footprint – at least the ones with which they will be willing to do business. Although they might not consciously frame it in these terms, these fundamental elements of digital trust serve as the foundation upon which consumers base their judgments about an enterprise’s trustworthiness:
- Quality: Quality must meet or exceed consumer expectations.
- Availability: Consumers need to be able to access accurate information in a timely manner.
- Security and privacy: Consumers need assurance that their data and information are safe and protected.
- Ethics and integrity: Enterprises should live up to their promised values.
- Transparency and honesty: Consumers should be informed about how their information is being used. If personal information has been compromised, consumers should know how the enterprise is addressing the current situation and preventing it from happening again.
- Resiliency: Enterprises must provide assurances that they are stable and can withstand adverse circumstances while simultaneously evolving to leverage new technologies and advancements.
Although commonly associated with cybersecurity, digital trust extends far beyond that realm. It can be thought of as the invisible thread that establishes a common goal and focus among several distinct organizational roles.
Within the domain of security, one question that often arises is whether zero trust equates to digital trust. The answer is no, however, zero trust can be used as a technique to reach digital trust. It is a building block or a thread that is woven throughout the digital trust ecosystem. Digital trust allows individuals and businesses to engage online with confidence that their data and digital identity are safeguarded.
Implementing zero trust processes contributes to the protection of such information.
In the context of the modern business environment, how well companies manage customers’ data and the extent to which they can securely and responsibly implement emerging technology are key steps toward delivering digital trust.
Trust: The Core of All Interactions
Throughout human history, trust has formed the fundamental basis of nearly every human interaction we experience. This significance is particularly pronounced in our rapidly evolving, digitized world, where multiple parties frequently do not have in-person interactions to exchange the sensitive and confidential information necessary for transactional purposes.
Therefore, every interaction must reinforce that the organization cares about – and has instituted effective practices in – all areas of digital trust.
Trust is not a one-time achievement; it must be consistently earned, effectively communicated and actively reinforced. This creates a fertile environment to conduct business, which in turn fuels innovation, drives economic expansion and, ultimately, generates value for all parties engaged in the interactions. Trust becomes the bedrock upon which successful and mutually beneficial relationships are built.
Edelman, which has studied trust for 20 years, puts it this way: “Trust is the foundation that allows an organization to take responsible risk, and, if it makes mistakes, to rebound from them. For a business, especially, lasting trust is the strongest insurance against competitive disruption, the antidote to consumer indifference, and the best path to continued growth. Without trust, credibility is lost and reputation can be threatened.”
Consider any consumer-driven sector and you’ll likely recognize the significant advantage that major, well-known brands have due to the trust they have painstakingly cultivated with customers. Think about how frequently you have been willing to pay a higher price for a purchase because you trust the provider to deliver on their promises, especially when compared to various competitors with less established reputations.
This trust factor often becomes a compelling driver of consumer choices, reflecting the value of a well-earned reputation for reliability and quality.
A digitally trustworthy organization understands the importance of upholding customer trust. Digital trust must be instilled throughout the organization, and initiatives should be built with digital trust in mind. This trust accrues over time. Establishing digital trust is an ongoing process that involves the continuing efforts not only regarding the creation but the maintenance of the larger ecosystem.
"Digital trust is the logical progression on the digital transformation path"
The Business Benefits of Digital Trust
Digital trust is the logical progression on the digital transformation path – in fact, three quarters of respondents to ISACA’s State of Digital Trust 2023 research indicate that digital trust is very or extremely important to digital transformation.
As businesses undergo digital transformation, customer expectations are evolving accordingly. While IT plays a pivotal role in this transformation, the shift toward prioritizing digital trust is largely being driven by businesses to benefit businesses.
Given its paramount importance to consumers and overall brand reputation, digital trust should be a central consideration across all facets of an enterprise. According to the State of Digital Trust research, the top benefits of digital trust include a positive reputation, fewer privacy breaches, fewer cybersecurity incidents, more reliable data, stronger customer loyalty, faster innovation and higher revenues.
With a list of benefits this impactful, digital trust should command the attention of boardrooms across all industries and geographies.
Digital trust involves all of us as stakeholders – including security leaders responsible for preventing data breaches that undermine trust, IT professionals who support information and systems integrity, marketing professionals who champion and promote an organization’s brand, and third-party providers upon whom the organization is reliant.
Digital trust serves as a significant catalyst for consumers’ decisions which will ultimately manifest – for better or worse – in a company’s financial performance.
Leadership’s Responsibility in the Trust Ecosystem
Leadership plays a crucial role in establishing digital trust through a concerted, organization-wide push. As with most elements that dictate a company’s success, leadership matters.
Everyone in the organization has a role in building and maintaining digital trust, but the responsibility for setting the direction and governance needs to start with senior executives.
Organizational leaders set and communicate the culture, priorities and expectations of digital trust through policies and structures, which are disseminated throughout the organization. From a governance perspective, either the full board of directors or a board committee needs to be given responsibility for governance and oversight of digital trust.
It is critically important that a focal point is created for the management team to provide updates on the advancement of digital trust to the board, similar to the practices of cybersecurity or IT audit teams. In doing so, a connection point is established for the management team to report in on digital trust progress at the board level, much like how cybersecurity or IT audit teams operate.
A Digital Trust Executive Council is a valid option to ensure proper direction and control over digital trust efforts. This would serve as a management council that should report into the executive management team and then ultimately to the board or designated committee that oversees digital trust.
The purpose of the digital trust council is to address the needs of an organization’s digital product and service consumers through the appropriate evaluation, prioritization and direction of digital trust activities, funding and programs that ultimately contribute to a trusted relationship. Consider this council the expert review panel and point of contact on digital trust decisions, measurements, guidance and alignment with the organization’s goals and objectives.
This governance connection is critically important. If organizations merely give superficial acknowledgment to the pursuit of digital trust without a governance structure and framework that is accountable to the board, then they are deceiving themselves into believing that they are making any meaningful efforts toward establishing genuine digital trust.
This is reminiscent of the old days when many companies were convinced that they were doing a great job on security without anything in the organization having a true security focus or investment – it was really just IT personnel running the show. We have learned and evolved a great deal since then, and digital trust will have to go through a similar transformation.
The role of security leadership is also crucial in establishing digital trust as a business imperative. To be effective, today’s CISOs must demonstrate their capability to wield influence and make a meaningful impact across the business.
“I think that’s the most important trait right now, because there are many security jobs that are technical analysis or coding, but to be a CISO, you have to be business-focused and be an executive leader because you’re going to be interfacing with the board, CEOs and other executives,” wrote 2021 CISO of the Year, Brennan P. Baybeck, VP & CISO for Customer Services, Oracle.
“You can’t just be talking about compliance and security all the time. You have to be helping to drive the business and directly aligning the security strategy activities to the business strategy, with a focus on enabling business,” he added.
Digital trust serves as a significant avenue for security leaders, especially CISOs, to break away from the perception that they are solely engrossed in cybersecurity with limited perspective. CISOs can effectively achieve this by championing a cross-functional digital trust team (more on this below) and ensuring that the team is resourced and supported appropriately.
In part two of this article, we will further explore the importance of breaking down silos, leadership and incident response in driving digital trust forward.