Cybersecurity deserves the attention it has come to command, yet it’s not the be-all, end-all, when it comes to what ultimately matters most for companies: building and preserving trust with existing and prospective customers. Still, security practitioners have a major part to play in this overarching priority of advancing digital trust at their organizations.
Let’s take a step back: digital trust, as defined by ISACA, is “the confidence in the integrity of the relationships, interactions and transactions among suppliers/providers and customers/consumers within an associated digital ecosystem.” In our modern business landscape, digital trust has become essential for enterprises to survive. It is what often guides consumers’ choices to buy from certain, well-known companies that they trust over various alternatives, even if the purchase costs a little more or might not be as convenient. If customers don’t trust you, they’ll find somebody else to provide what they’re looking for.
Digital trust is not easy to attain in this era of sophisticated cyber threats, fast-evolving emerging technology, a widening regulatory landscape, and business models around the globe disrupted by the pandemic and new ways of working. Security is unquestionably a key component of digital trust, but there are other needed ingredients: quality, availability, privacy, ethics and integrity, transparency and honesty, and stability and resilience. This multilayered understanding of digital trust shows that, no matter how competent or well-resourced, security teams cannot deliver digital trust alone.
The concept of digital trust is starting to resonate in more and more boardrooms and C-suite offices, but it can be difficult for organizations to shed the siloed mindsets that often take root in various business functions — including security. Security practitioners have a great opportunity to challenge this way of doing business and start constructive dialogues in their organizations about the importance of cross-functional teams. Better yet, volunteer to spearhead one of those teams: partner with your colleagues in risk, audit, privacy, legal — even often-overlooked areas such as marketing and HR — and lead a team that will drive toward collaborative approaches in pursuit of digital trust. Not only will a cross-functional team benefit your organization, but leading it will likely pay off in your individual career development.
In addition to adopting a cross-functional mindset, another important way in which security teams can impact digital trust is through effective incident response. Avoiding major security incidents is naturally Plan A, but in this perilous threat landscape, bad things sometimes happen despite our best efforts. While a major data breach can damage a company’s reputation and undermine customer trust, security teams still have the opportunity to strengthen digital trust in the long-run, depending on how they handle the aftermath.
Take SolarWinds as an example. In 2020, the software company faced the fallout of a major software supply chain hack, but ended up turning the incident into an opportunity to shore up its security and incident response protocols. Just as importantly, it made a concerted decision to become more transparent with customers and other stakeholders. “At first, we would share information with customers but were reluctant to share all of the details. Now we will share as much as they want and much more,” said SolarWinds CISO Tim Brown. “That has changed how vendors are evaluated by all of our customers. They are now asking for more detail because we set that precedent. In setting that precedent, we showed our customers that they could trust us. More transparency throughout the supply chain is critical.”
Of course, organizations don’t have to — and should not — wait for a crisis to communicate about what they are doing to earn their customers’ trust. Considering what a major competitive advantage digital trust can be, organizations should be loud and proud in publicly telling the story of their sound digital trust practices. They can point to robust company policies covering high-impact topics such as generative AI, data governance and vendor management, as well as showcase relevant security ratings, in prominent places on the company website and in other external-facing materials. That commitment to digital trust should also be highlighted in conversations with prospective B2B partners and other important stakeholders.
Increasingly, digital trust will become a necessity, not a luxury, for companies. Before any customer makes a purchase decision, before any contract is signed between business partners, a trusting relationship needs to have been formed. Having a strong security operation is a necessary element of building this trust, but today’s complex business and technology landscapes require security to work in concert across the organization to build the sturdy foundation enterprises need to succeed. Enterprise leaders are always looking for differentiators that can set them apart in the marketplace. Strong digital trust can be that differentiator for modern enterprises, boosted by security functions that recognize how their work supports the broader digital ecosystem businesses need to prosper.
Editor’s Note: We’re excited to welcome Pam Nigro, Vice President of Security and Security Officer at Medecision and the Board Chair of ISACA, as our new Cyber Tactics columnist. Learn more about Nigro’s impressive cybersecurity career here, and keep an eye out for her monthly column in our eMagazine.