A significant digital trust “acknowledgment-action gap” exists in organizations and it’s holding back stronger protections for customers, stakeholders and partners, the latest ISACA State of Digital Trust 2024 report has found.
A total of 87% of respondents said digital trust was currently extremely or very important to their organizations, yet 66% said their organizations prioritize digital trust in accordance with its importance, illustrating the gap between beliefs and action.
While organizations recognize the importance of digital trust, they’re failing to prioritize initiatives to the same degree, according to the third-annual survey, which canvassed responses from almost 6,000 digital trust professionals from around the world. “Organizations struggle to define and measure digital trust due to its subjective nature, leading to inconsistent perceptions and actions,” ISACA principal, privacy professional practices Safia Kazi told CSO.
Does digital trust hold strategic importance?
Many organizations expect digital trust to grow in importance, with 82% of respondents agreeing that, in five years, digital trust would be more or much more important in their organization than it is today. However, only 20% plan to increase budgets for digital trust areas within the next year, according to the survey.
The report suggests that without appropriate executive attention and funding, many organizations will find themselves behind the curve in adopting appropriate measures to bolster their digital trustworthiness. It leaves them potentially vulnerable to reputational damage, privacy breaches, an increase in security incidents and a loss of customers.
“As the implications of not being trustworthy become clearer, such as through issues with AI technologies, organizations will realize it’s as strategically important as compliance for their bottom line and the ability to attract and retain customers through building trust,” Kazi said.
The digital trust measurement gap
Understanding and measuring digital trust can directly link digital trust to top line revenue, market share, and other indicators, ISACA found. But not all organizations are keeping track of digital trust. Of those measuring it, 94% agreed digital trust it’s extremely or very important to their organization, yet only 23% said they measure digital trust maturity.
“While that gap is concerning, I’m hoping over the next few years we start to see some of those gaps narrow as organizations better understand what trust might look like and they can take better steps to measure and fund it,” said Kazi.
One of the causes is a lack of specific definitions and benchmarks for digital trust, within and outside organizations. The survey showed varying degrees of familiarity with the definition of digital trust, with only 33% extremely or very familiar with digital trust, but this jumped to 55% when they were presented with the definition. Adding to the confusion, “organizations can have their own perception of what trustworthiness looks like, but their customers experiences may be entirely different,” Kazi said.
The survey also found a lack of confidence in organizational digital trust, with only 52% of respondents confident in their organization’s digital trustworthiness.
Kazi suggests that without adopting a framework it’s challenging for organizations to demonstrate improvements through measurement, which in turn helps build confidence. “Digital trust can be this huge, complicated idea and there isn’t always a simple starting place, and without a framework, organizations can struggle to define and measure trust due to its subjective nature, leading to inconsistent perceptions and actions.”
Focus on compliance might impact use of digital trust frameworks
The report suggests adopting a framework to guide digital trust initiatives helps by saving time and effort, enabling benchmarking with other organizations in a cost-efficient way, and providing added credibility and third-party validation in support of budget and staff requests.
However, the survey shows a gap exists between the benefits of digital trust frameworks and the number of organizations actively using a framework to guide their efforts. Just 18% of organizations currently use a framework for their digital trust practices, although 55% agreed it is extremely or very important for an organization to have a digital trust framework. “This often comes down to a prioritization issue, as there are other frameworks they need to align with and compliance requirements and so on,” Kazi said.
If organizations want to lift digital trust as a priority they will need to tackle the internal challenges with lack of staff skills and training reported to be the biggest obstacle for 53% of respondents followed by a lack of leadership buy-in (44%), budget constraints (44%) and lack of alignment between digital trust and enterprise goals (43%).
This can lead to confusion about responsibilities, so if digital trust falls to everyone, no one has specific ownership to drive initiatives and track results. “When something is everybody’s responsibility, it’s no one’s. So, if everyone in the organization is thinking about trust, nobody’s thinking about trust,” she said.