The Importance of Digital Trust for your Business

By Andrew Woodhouse, CIO of RealVNC

According to a recent McKinsey Digital survey, organizations building digital trust are more likely to see growth rates of at least 10% on their top and bottom lines and yet — as evidenced by the announcements of data breaches that seem to happen daily — there is clearly a gap between customer expectation and is actually being delivered.

McKinsey defines digital trust as “confidence in an organization to protect consumer data, enact effective cybersecurity, offer trustworthy AI-powered products and services, and provide transparency around AI and data usage.” In a field where data security is paramount, such as the banking industry, customers should be completely sure that their data, and ultimately their money, don’t fall into the wrong hands. This means well-defined processes and proven security, with a transparent approach need to be in place.

Results from the survey show digital trust is clearly of great importance to customers, but are organizations doing enough to earn – and retain – their trust?

How important is digital trust to companies?

According to the 2023 Edelman Trust Barometer, a survey consisting of more than 32,000 respondents, a lack of faith in societal institutions has brought us to the point where businesses are the only institutions seen as competent and ethical. Consumers depend on businesses to advocate for the truth and be sources of reliable information, promote civil discourse, and hold false information sources accountable.

For these reasons, digital trust is of great importance for businesses and will continue to have a direct impact on financial gains. The main problem we see today is a disconnect between what organizations say about their stance on security and their performance results.

Most organizations believe they are doing well when it comes to respecting their customer data. From the McKinsey research, nearly 90% of companies describe themselves as “at least somewhat effective at mitigating digital risks” and a similar number report that they are being proactive regarding risk management. Yet, 57% of executives reported that their organizations suffered a data breach in the past three years.

It’s clear there is a disconnect between what an organization believes it’s doing and the effectiveness of the policies designed to protect customer data. It seems that everyone thinks about security and knows it’s important, but companies don’t always practise what they preach. That’s what bad actors take advantage of, leading to security incidents. But it doesn’t need to be that way, provided you implement a number of security strategies across your organization.

Things digital trust leaders do

To gain and retain customer trust, there are several important strategies that should be implemented across an organization:

• Have a clear, easily accessible and easily understandable privacy policy.
• Ensure everyone in the organization is aware of security and data protection policies. Everyone should accept that security is vital and not just a bullet-point on a product page.
• If you are developing software, use secure development practices. Ensure developers and delivery teams have the time and resources to understand secure development.
• Adopt an information security framework such as the NIST CyberSecurity Framework or ISO/IEC27001 to help your organization better understand and manage digital risk
• Measure the effectiveness of your security and data protection policies through a regular internal audit process.
• Ensure your contractors and third-party data processors respect your customer data to the same extent you do, and that they comply with your security and data protection policies. Put in place contractual agreements that ensure this. In particular, if you are processing data for European citizens a Data Processing Agreement is required by the GDPR. Other data protection regulations, such as the California Consumer Privacy Act, may also require this.
• Develop a culture which values and rewards the detection and mitigation of vulnerabilities across the organization.
• Prove to your customers that you’re secure. Commission regular penetration tests – and white-box security audits – by trusted independent providers. Act on the results and challenge your competition to do the same. That’s the only way in which things will truly improve in the future.

Conclusion

When it comes to establishing and maintaining digital trust, especially in the software industry, secure development practices, like a shift-left security approach, can make a huge difference.

Security has both internal and external fronts. Internal security focuses on having clear policies and practices and making sure that these are followed in a consistent fashion. This also includes making sure that your company culture rewards finding issues and vulnerabilities. External security refers to constantly commissioning white-box security audits by independent providers and implementing fixes for all issues found.

The most important thing to remember is to make sure that the results are public. That will prompt customers to challenge the whole industry to follow suit.