A Stockphoto - stock.adobe.com

Guest Post

The enduring importance of digital trust

Digital trust is an increasingly important issue, yet confusion remains about what exactly it is, how to achieve it and how to get started.

Three months into a new professional role, I find myself reflecting on the fact that efficiently acclimating to something new takes intentionality and a desire to progress. Similarly, today's highly connected economy is acclimating to a new paradigm shift: the enduring importance of digital trust.

In its latest "State of Digital Trust" research report, ISACA dug into the trends powering this transformation. Organizations today increasingly rely on an online presence and digital communications to connect and conduct business. Maintaining presence and communication in an effective manner is only possible if they support a trustworthy and transparent digital footprint.

Defining digital trust

Like many emerging trends, the definition of digital trust depends on who you ask. ISACA defines digital trust as "confidence in the integrity of the relationships, interactions and transactions among providers and consumers within an associated digital ecosystem."

Digital trust is vital in building the value, goodwill and security needed to strengthen business relationships, increase revenue and mitigate the effects of cybersecurity incidents.

Survey results and insights

ISACA's third annual "State of Digital Trust" research was conducted in the first quarter of 2024. It includes year-over-year data where available and explores new areas, including familiarity, priority, confidence, maturity, obstacles and responsibility.

The following are key insights from this year's report worth highlighting:

  • Familiarity. Digital trust means different things to different people. Without a clear definition, it's difficult to find a shared understanding as a starting point.
  • Importance and prioritization. There is a contrast between recognizing the importance of digital trust and prioritizing digital trust, an interesting delta when operating under the assumption that actions express priority. Eighty-two percent of respondents said digital trust will grow in importance in the next five years, yet only 20% indicated their organizations are planning to increase their budgets for digital trust.
  • Confidence and maturity. Measurement comes with time, and it seems organizations are, in many cases, not quite sure how to measure digital trust maturity. Only 23% say their organizations currently are doing so.
  • Third-party assessments. Demonstrating commitment to digital trust via an independent third party is beneficial not only for validation, but also as a benchmark for continuous improvement. Seven in 10 survey respondents said it is extremely or very important to be independently graded on digital trust practices with publicly available results.
  • Obstacles. Common obstacles revolve around key themes, including lack of communication, leadership recognition, training, budget and technical resources.
  • Responsibility. Solidifying responsibility for digital trust is still an elusive trend, with few organizations reporting dedicated staff. This likely propagates the diffusion of responsibility.
  • Tools and frameworks. Using a framework saves time and effort, enables benchmarking with other organizations in a cost-efficient way, and provides added credibility and third-party validation in support of budget and staff requests.

5 key takeaways

Now is the time for organizations to lay the groundwork for what will become normal and expected business. It is necessary to prepare for upcoming market demands, legislation and compliance. Continuous action and improvement toward reaching higher levels of digital trust maturity puts organizations in a better position to reap greater value.

Following are five key takeaways from the report to consider:

  1. Trust can lead to increased revenue. Organizations are likely to leave money on the table by not focusing on digital trust initiatives.
  2. Secure adequate budget. Although perceived as important, funding for digital trust does not appear to be keeping up.
  3. Assign clear accountability. Organizations need to assign ultimate accountability for digital trust to one individual to gain the value and progress needed to compete in the rapidly advancing marketplace.
  4. Advocate on all channels. Organizations should advocate for digital trust internally at the same level as externally.
  5. Use independent validation. Independent digital trust reviews are an essential element in ensuring an organization knows its areas of strength and weakness.

More on 'State of Digital Trust' research

Check out ISACA's webpage on digital trust, which dives deeper into the Digital Trust Ecosystem Framework, short courses, related insights and more.

Going beyond requirements

Digital trust is about going beyond meeting mandatory obligations to intentionally striving to progress to a trustworthy state. The benefits of a strategic and unified approach to digital trust, using those key relationships across departments and organizational silos, can lead to effectively proving commitment to building an ecosystem of trustworthy relationships. All of this naturally leads to better business outcomes because of more fair, transparent and user-centric experiences.

Achieving trust in a complicated digital ecosystem is not a quick fix, but with intentionality, a desire to progress and a good-faith effort to simply do the right thing, you and your organization can efficiently acclimate to this new world of digital trust.

Greg Shields currently serves as principal director of data privacy at Envestnet, focusing on positioning data privacy as a strategic business enabler and trust multiplier. Shields has more than 10 years of experience across privacy, cybersecurity, technology risk and IT audit, and he holds multiple certifications, including CISSP, CDPSE, CISA, CRISC, CIPT and CIPM.

Dig Deeper on Security operations and management

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing