The last decade has seen an unprecedented surge in the need to amass vast amounts of client data and most interestingly, a sharp increase in the value of consumer data to the business, as digital enterprises rely more and more on data collections for profitability and growth.
As organizations grow and data pools expand, so does the associated cybersecurity risk (and so too does the need for improved risk management approaches). Risks to the security of consumer data range from deliberate actions of cyber criminals to inadvertent disclosure or loss through employee actions. Whether in a B2B or a B2C scenario, data security should always take priority.
What is digital trust?
Digital trust is the established relationship built on confidence that an organization is able to safeguard its collection of consumer data, information assets and technology resources. Many authorities have different views on how trust is achieved. We have come across assertions like ‘trust is granted’ or ‘trust is earned’, but for me, the great American scholarRalph Waldo Emerson summarizes it all: “Trust men and they will be true to you; treat them greatly and they will show themselves great.”
He was right, trust is reciprocal. It is classic quid pro quo (‘something for something’ – or ‘you scratch my back and I’ll scratch yours’). In simpler terms, all consumers need guarantees that their data is safe before they can comfortably share it.
47% of UK respondents say data mishandling or selling would cause them to lose trust in a brand.
Demonstrating trustworthiness
Research done in the past has shown that consumers are overly concerned with data security and privacy. For example, The State of Digital Trust Data Report from February 2021 by Okta states that 42% of Americans and 47% of UK respondents say data mishandling or selling would cause them to lose trust in a brand.
The report concluded that “when it comes to building trust, consumers care most about the core competencies: service reliability, strong security, and good data handling practices. Survey respondents also made it clear that trust in our digital world directly impacts purchase decisions, and many cut ties with untrusted brands altogether.”
While trust is reciprocal, it is the data collector who must strike first. In a B2C scenario, this would be the business and in a B2B scenario it would be the service provider. Bolstering digital trust entails using cybersecurity as a key enabler.
The primary focus should not only safeguard privacy, confidentiality, integrity and safety aspects but extend to ethical aspects as well. It is all about taking actions that boost confidence and subsequently encourages sharing of data, like demonstrating security and transparency. As an example, to demonstrate transparency to customers,Microsoft releases biannual digital trust reports. These reports consist of the Law Enforcement Requests Report, US National Security Orders Report, Content Removal Requests Report and Digital Safety Content Report. The reports detail what information has been shared, with whom, and how many requests have been accepted or denied, among other things. This demonstrates a continuous effort to provide customers with visibility and control over their data, whilst at the same time enabling the organization to make informed choices and strive towards building and maintaining trust in technology.
Clear ways to build greater trust
Demonstrate transparency: Transparency is critical for building trust and loyalty. This includes the disclosure and provision of an end-to-end view of what consumer data is used, and how it is used, processed, transitioned and retained.
Constantly engage consumers: Beyond consumer transparency, the engagement with consumers enables us to build good working relationships, for example to establish how best to improve services, in terms of securing their data and accommodating their needs. Periodic surveys are an effective way for gathering consumer views.
Act honorably and with integrity. Use data for the sole purposes that it was collected for. An organization’s integrity and reputation are essential to maintaining trust.
Act ethically: Act honorably and with integrity. Use data for the sole purposes that it was collected for. An organization’s integrity and reputation are essential to maintaining trust. This extends to using technology responsibly, for example when using artificial intelligence to draw insights from data sets, ensure that the analysis is carried out within the defined scope and avoid drawing insights that the consumers may not be comfortable sharing.
Comply with the law and regulations: Abide by the governing legal requirements applicable in the jurisdictions that the organization operates in. Regulations such as GDPR / Data Protection Act of 2018 need to be satisfied, and assurances for continued compliance shared with the consumers and data owners.
Continuously improve cybersecurity: Providing comprehensive cybersecurity protection is vital to bolstering digital trust. Getting accreditation and third party assurance is a good way to demonstrate best practice. Here are some key cybersecurity security principles for maintaining secure data protection environments:
- Drive cybersecurity through strategy: Creation and implementation of clear, business-aligned and fit-for-purpose cybersecurity strategies is key. Technology is not always the answer; some issues just need a governance procedure or strategic steer. Strategy ensures selection of right technology solutions to solve business specific cybersecurity problems.
Implementation of clear, business-aligned and fit-for-purpose cybersecurity strategies is key. Technology is not always the answer; some issues just need a governance procedure or strategic steer.
- Practice cybersecurity hygiene: Reduce the organizational vulnerabilities by identifying risks and deploying mechanisms to reduce or resolve risks identified, for example adopting a good practice aligned malware protection strategy.
- Encrypt your data: Encryption is an effective way of maintaining data integrity and confidentiality. All data such as mission-critical data and personally identifiable information (PII) should be encrypted at rest, in transit and where technically feasible, in use.
- Automate where possible: automation of data processing lowers risks of exposure and human error.
- Standardize and benchmark your security controls: Adopt tried and tested good practice frameworks such as ISO27001, NIST Cybersecurity Framework,Center for Information Security (CIS) and Information Security Forum (ISF), to name just a few. This allows auditable security controls that organizations can use as attestations of the adequacy of their cybersecurity arrangements.
As technological development increases in our digital age, cyber risk and security threats increase in tandem. But by increasing digital trust through robust cybersecurity, organizations are able to not just protect themselves and their own futures, but the safety and loyalty of their customers.
