What do you know about digital trust?

Benefits of high digital trust

So what are some of the benefits of having high digital trust? According to the survey results, 66 per cent of respondents feel those organisations get a better reputation and 58 per cent indicate that such companies suffer fewer privacy breaches. Both go hand-in-hand – having strong security and privacy controls will reduce privacy/data breaches and generate a better reputation for the company and trust in how they handle data.

High confidence from consumers and customers drives better market response; organisations investing in creating a robust digital trust environment have better chances of increasing market sustainability through their strong reputation, and generating higher revenue.

 

Looking to the future

As important as digital trust already is for organisations, 82 per cent of respondents to the ISACA survey say that digital trust will be more important to their organisation five years from now. This is not a surprise considering the increased focus on the core components of digital trust such as security, data integrity and privacy.

 

We are seeing an unstoppable evolution of industry regulations requiring stringent controls around data processing. In the privacy space alone, there are many laws in development across all regions; these laws have a particular interest in the level of trust users can have in providers processing their data collected through digital transactions.

 

Likewise, the security industry has increased its focus on cloud security due to the amount of confidential or sensitive information processed by the never-ending number of cloud providers. The confidentiality, integrity and availability (CIA) triad is a deciding factor in many commercial agreements to the point of being subject to a comprehensive layer of scrutiny before contracts can be signed.

Measuring digital trust

Not many organisations have formally hired employees to design, implement and monitor digital trust frameworks. In the ISACA survey, only 12 per cent of respondents said their organisations have dedicated digital trust staff, and only 20 per cent stated their board of directors has made digital trust a priority.

 

So, what about measuring it? Well, it is difficult to measure something you don’t know or fully understand, and this is the case for digital trust. Although 55 per cent in the survey agreed that having frameworks to measure digital trust is critical, only 19 per cent said their companies currently use a type of framework to measure it.

 

Some of the responders who said their companies use a framework to measure digital trust stated they use COBIT as a tool to measure it, others referred to internally developed frameworks, and a few more said they use the SAFE Identity Trust Framework. There is a clear need to raise awareness about digital trust and the need to measure the effectiveness of the controls implemented to support it. There are many resources available on the ISACA website to learn more about COBIT, and ISACA is also developing a Digital Trust Ecosystem Framework that will be released later this year.

 

Not having formal metrics on digital trust makes it complicated to use as an avenue for organisations to develop a positive external outcome, better reputation and higher profit. Undoubtedly this is a missed opportunity as there are many organisations with solid digital trust controls already embedded in their culture. Here are some actions they can take to improve this:

1. Raise awareness: knowing what digital trust is and how it can positively impact organisations is crucial; in many cases, senior leadership must be educated first, and then formal and detailed training for the entire organisation may follow. 

2. Evaluate the current state: as mentioned before, digital trust is a combination of diverse elements, many of which are part of regular industry-standard security and privacy controls. Evaluating them from a digital trust angle will bring a new perspective to the organisation. 

3. Formalise a framework: being aware and evaluating the current state of digital trust are good first steps. However, ongoing target monitoring based on a formal framework is key to enhancing it and using it to drive better reputation and trust from consumers and customers. 

As with most things related to security, risk and privacy, top leadership commitment and support are key to driving better results, engagement and direction. All these disciplines support a digital trust environment through processes, infrastructure, technical controls and ongoing monitoring. However, in many cases, the teams running these functions may have conflicting agendas, objectives and priorities, so executive leadership direction and alignment toward digital trust are crucial to enhancing the collaboration between these disciplines and avoiding silos.

 

It will be intriguing to observe the future of digital trust and how our role as technology, security, risk and privacy professionals will support it. But, working collaboratively, it will be a great future.

 

---

 

By Gary Carrera, Manager, Meta’s Global Data Protection Program

 

About the author: Gary Carrera is a manager at Meta. He has 15 years of experience supporting large tech companies in information security and privacy programs, most recently at Meta and Apple. He holds an MS in business administration and project management and CDPSE, CISM, CISA, CCSP, HITRUST CCSFP and ISO27001, among other certifications. The postings on this site are the author’s own and don’t necessarily reflect his employer’s positions or opinions on the subject.