Andrey Popov - stock.adobe.com

Organisations value digital trust, but aren’t working at it

Three quarters of organisations believe digital trust is relevant to their businesses, yet clear gaps in strategies still seem to persist

Just over three-quarters of technology leaders value digital trust as an important priority in the pursuit of digital transformation, but seem to be unwilling to put in the hours to work on it, according to research from security association ISACA, which is calling on compliance, security and IT to fill in some of the gaps in their strategies.

ISACA’s State of digital trust 2024 study revealed 77% thought digital trust was crucial to digital transformation, and 82% of respondents said it would become more important between now and 2029, but 71% reported that they weren’t doing any staff training on the issue, and only 21% had any plans to increase their available funding for such initiatives.

The study also found that 75% were either unsure or not entirely aware of what it takes to improve digital trust in practice, and 77% did not currently measure the maturity of their digital trust practices – or were unsure if they were doing that or not.

Respondents said the biggest obstacles to improving digital trust were staff skills and training, lack of leadership buy-in, and insufficient processes and governance practices.

ISACA chief global strategy officer Chris Dimitriadis said: “Businesses continue to recognise the importance of digital trust, not just for business sustainability, security and profitability, but for building long-term consumer trust. Yet more needs to be done to truly achieve high levels of digital trust, which starts with measuring current levels to establish a benchmark and create a maturity plan.

“It is not down to business leaders alone to lead the charge – digital trust practices should be implemented and aligned across all departments to truly succeed,” he said. “Our survey has found that many businesses are unsure on what improving digital trust requires in practice, but working with a trusted partner who can provide a step-by-step framework and assist in digital trust training can set the business on the right path to success and security.”

ISACA, which defines digital trust as “confidence in the integrity of the relationships and transactions between providers and consumers within a digital ecosystem”, said digital trust was a key public indicator of an organisation’s other cyber security credentials – their ability to withstand a ransomware attack resulting in a data breach, for example – and so needed to be taken much more seriously. In this regard, respondents acknowledged those that did not pay attention to digital trust were more likely to suffer reputational damage, security incidents, privacy breaches and customer churn.

Establishing a trust framework

ISACA said that, according to the study, only 15% of respondents were currently using a framework to enhance their digital trust practices, although 46% recognised such frameworks were important.

Benefits of implementing such a framework can include savings in time and effort, enabling cost-effective benchmarking against industry peers, and providing more credibility and third-party validation supporting budget and staff requests.

As such, it’s guiding members towards its recently launched Digital Trust Ecosystem Framework (DTEF) resource, which includes a number of indicators and controls that users can customise according to their business needs as they work towards attaining a level of digital trust that better matches their models, strategies and wider goals.

The DTEF roadmap and implementation guides provide a clear understanding of how organisations can attain the level of digital trust that fits their business models, strategies and goals.

Read more about digital trust

Read more on Privacy and data protection