There is little debate about the importance of digital trust in our modern economy. Regardless of somebody’s professional field or whether they’re four weeks or four decades into their career, there is widespread recognition that the ability to trust in technology is a big deal for companies and customers alike.
Where things become much murkier for companies is figuring out how to make digital trust a reality. Who is responsible for digital trust within the enterprise? How can digital trust be measured? And what kind of additional budget investment, if any, is needed to enable the company to deliver a high level of digital trust? ISACA’s State of Digital Trust 2023 research addresses these and many other top-of-mind questions that are shaping the digital trust dialogue for companies across the globe.
It's important to start with the recognition that companies already had a lot on their plate before this important digital trust conversation came into focus. The cyberthreat landscape continues to grow in complexity without enough capable security professionals to protect against attacks. Data privacy has become a major enterprise challenge, particularly from a regulatory landscape. Figuring out how to effectively and responsibly implement emerging technologies such as artificial intelligence is increasingly tricky. You get the picture – enterprise leaders already have felt overburdened by all that is on their plates.
There also is a sense of being overwhelmed with the amount of technology-focused chiefs needed in today’s enterprise. On top of the longstanding CIO role, these days there are chiefs that oversee technology, security, privacy, risk – it can feel like there is a chief for everything, bringing to mind the “too many cooks in the kitchen” idiom. This begs the question: from this collection of chiefs, who is chiefly responsible for digital trust?
Among respondents to ISACA’s State of Digital Trust survey, only 13 percent say that their organization has a dedicated staff role for digital trust; that number rises to 46 percent for respondents whose board of directors prioritizes digital trust. Still, that leaves us with the majority of organizations without a chief trust officer, or some other similar role. So, what are the implications when it comes to overseeing trust?
Today, many organizations may view digital trust as “everyone’s job.” However, if something is “everyone’s job,” then nobody is focusing on it. If there’s no specific role identified to help plan, implement, or manage digital trust efforts, what can an organization do to ensure digital trust-related practices and activities are being considered? Assuming there is not a central authority, such as a Chief Trust Officer or the equivalent, consider chartering a governing body to direct and monitor the organization’s digital trust efforts. If this is not feasible, ensure that digital trust is embedded into the appropriate bodies throughout the organization and those groups communicate and coordinate digital trust efforts. Additionally, encourage everyone in the organization to analyze how their product or service uses digital technologies to interact with customers and consumers, and integrate the factors, practices and activities into appropriate committee charters, goals and job descriptions.
Digital trust measurement is another big challenge for many organizations. While the majority of respondents say it is important to have a framework for digital trust practices, only 20 percent currently use one. Existing popular forms of measuring digital trust include customer satisfaction surveys, customer retention rates and tracking problems that surface to customer relations teams. While useful, these are not sufficient approaches to measuring digital trust. There is no universally accepted approach to measuring digital trust. A key point to ensuring digital trust is integrated into the governance system is to establish metrics that will be collected, reported and acted upon by the organization. These metrics can be KPIs, KRIs or any other measurement deemed appropriate for management to make informed decisions regarding digital trust. Note that ISACA’s Digital Trust Ecosystem Framework (DTEF) contains applicable KPIs and KRIs for each activity within the framework.
In addition to questions about who is ultimately responsible for digital trust and how it can be measured, there is the matter of budget. How does digital trust change the equation – and the bottom line – regarding existing budget that is being allocated toward areas such as security, privacy and risk management? Organizations typically view these as compliance requirements, but under a digital trust umbrella, it’s not just about compliance – it’s about adding value to the enterprise’s brand reputation.
Funding for digital trust can be tricky. With all the focus on compliance to security and privacy, it might be difficult to determine a funding source for digital trust efforts. I had a recent experience with an organization that decided not to allocate resources to support digital trust. Two weeks later, they experienced a massive customer exodus because of an unforeseen ransomware attack. The result? You guessed it: fund digital trust.
You can have strong security, you can have a solid privacy posture, but if your customers don’t trust you, they will cut their losses and move on. Therefore, it is important to consider how your organization funds efforts in support of digital trust. Do you reallocate security and privacy funding to digital trust, or do you create a new portfolio for this? My suggestion is to determine the digital trust goals for your organization and allocate funding based on your business needs.
Unfortunately, it is easier to lose trust than to gain it. The proliferation of cybersecurity, privacy and myriad other compliance concerns is vexing companies with overwhelming requirements. So, think of digital trust as 1) an extension of your cybersecurity and privacy programs, 2) a holistic approach to protecting your brand and your consumers, and 3) a means to strengthening your reputation while supporting digital transformation and customer loyalty.
By determining who is ultimately responsible for digital trust in your organization, establishing actionable metrics and budgeting to support digital trust in a way that aligns with the most critical business needs, organizations can turn digital trust into a branding strong suit and competitive advantage.
Editor’s note: Learn more about the implications of ISACA’s State of Digital Trust 2023 research in an upcoming webinar on 24 May.