Digital trust is critical in business and society to achieve the benefits of technological advances. However, increasing digital threats like deepfakes, cyber breaches and Artificial Intelligence (AI) model bias erode stakeholder trust and limit an organisation’s ability to pursue its purpose.i In a recent CEO survey, for example, CEOs consider technology and innovation as well as digital privacy and protection among their top two trust concerns following only Diversity, Equity, and Inclusion (DEI) and employee experience.ii
Deloitte Enterprise Trust leaders and SAP’s Chief Trust Officer, Elena Kvochko, highlight the important role that C-suite leaders can take to build and preserve this essential asset.
Digital trust is the “currency” organisations need to maintain and grow stakeholder relationships and influence behaviours such as customer loyalty, supplier collaboration and investor confidence.iii It is critical for strategic digital transformation – let alone innovation, market leadership and financial performance. Risks to digital trust can measurably affect the bottom line as well. Cybercrime, for example, cost businesses and individuals nearly US$7 billion in 2021.iv Emerging technologies will likely drive new risks as they mature, such as the risk to security encryption algorithms with advancements in quantum computing.
As stewards of trust across the enterprise, the C-suite has an important role to play in increasing the organisation’s digital trust with stakeholders including supporting the advancement of trust-enabling technologies in ways that go beyond simply allocating investment dollars. Although there are many forms of digital trust, the focus here is on the role that C-suite leaders can take in protecting digital trust as a critical organisational asset. As the cyber threat landscape continues to evolve, challenging executives to dynamically pivot, there are five actions leaders can take today that enable organisational resilience and ultimately strengthen digital trust.
While there are many ways to bring strategy and technology together, our research and experience found the aforementioned actions are helping leaders build and preserve digital trust. But, as this research also suggests, companies are still only in early stages of adopting them.
At its core, digital trust is the confidence that customers, employees, partners and other stakeholders have in a brand that governs its digital assets with competence and the desired intent. Digital trust is driven by data transparency and accessibility, security and reliability, privacy and control and ethics and responsibility.v
What digital trust means to one organisation and how the organisation engenders that trust will differ depending on the organisation’s sector and the stakeholders it serves. For example, customers signing up for travel rewards with a hotel brand have heightened expectations of how the organisation transparently communicates its data usage practices. On the other hand, employees working for a med-tech organisation will care that the organisation has a zero-tolerance policy to roll-out inferior digital products which directly impact human life. Stakeholder data and privacy expectations are also escalating by the day as consumers grow more cautious about how companies use their data and adhere to increasing privacy regulations.
To strengthen digital trust: Establish a digital trust formula supporting your enterprise’s strategic objectives such as enhancing customer relationships, optimising operational excellence and enabling business functions that are core to your value proposition. Once developed, establish means to measure and improve your digital trust performance over time.
Recognise that digital trust is a business issue, not just a technology issue. Because businesses are increasingly dependent on technology for both back-office operations and high-stakes customer-facing applications, information technology (IT) leaders are increasingly stretched thin with digital trust responsibilities that straddle both business (security and fraud, financial risk, operational risk, compliance risk, reputation risk) and technical risks (legacy, business continuity / disaster recovery, misconfiguration) - with one potentially being prioritised at the expense of the other. Case in point: According to Deloitte’s 2023 Global Future of Cyber survey, about half of overall respondents recognise the importance of building digital trust and about half do not.vi
Manage digital trust across the enterprise - just as you would any other aspect of enterprise performance and risk, such as liquidity risk, compliance risk, and others. Assess the data threats and vulnerabilities that may exist in different business functions such as marketing, employee benefits, finance, procurement, or other operations. Monitor and evaluate the changing global regulatory landscape and evolving customer expectations around privacy and data governance, cybersecurity, and digital identity.
Additionally, avoid operating in silos when managing digital trust so that everyone understands what data and processes should be protected and how different functions will work together to do so. When assessing and managing risks, employ internal teams that bring together back office and front office operations, enterprise risk, control and compliance experience. This means, for example, marketing leaders and cyber leaders working together to agree on what customer data can safely be mined, how it can be secured and how to message to customers accordingly. Recent Deloitte research suggests that an integrated approach to risk management and mitigation can lead to greater business and technology resilience and agility that ultimately drive stakeholder trust.vii
Consider this collective digital trust mindset with a future scenario-driven lens as well, via scenario planning and wargame exercises. Scenario planning exercises conducted within the technology department should be expanded to include additional C-suite executives. When guiding strategy planning sessions that look into the future, consider not only how technology is evolving, but likewise, how the threat landscape will advance. How will Web 3.0 or quantum computing evolve and what does that mean for preserving digital trust? Is there potential for new technology to change the way we do business today and what technologies will help secure data in that environment? How may the regulatory landscape evolve in ways that will shape privacy and compliance requirements for businesses going forward?
While discerning the potential of future scenarios is important, consider conducting wargaming exercises as well. Cyber wargaming is an interactive technique that immerses potential cyber-incident responders in a simulated cyber scenario to help organisations evaluate their cyber incident response preparedness. Wargames lead to deeper, broader lessons learned as compared to traditional cyber assessments and tabletop exercises.
To strengthen digital trust: Adopt a federated model of responsibility for digital trust with shared goals across the C-suite. As an executive, identify the different operating areas (tech, cyber ops, customer service, etc.) that impact digital trust in your enterprise and align the applicable strategy and vision across these areas.
At the end of the day, education and understanding are critically important to preserve digital trust. As the World Economic Forum stated in its recent report, “It is imperative for C-suite executives to stay close to technological developments, understand their implications and skillfully lead and manage innovation and adoption while minimising risks.”viii
The C-suite still needs education and awareness of technology and its risks and rewards.
Recent research from the Massachusetts Institute of Technology (MIT) indicates that among nearly 2,000 large global companies analysed, only 7% of companies have “digitally-savvy” executive teams.ix While information leaders within a company may educate executives about how technologies like AI or blockchain support the organisation’s core purpose and strategy, they may not educate leaders on the potential risks those technologies pose to target outcomes. C-suite executives can help minimise threats to the organisation by requesting more information from subject matter specialists to understand these risks and how emerging technologies can also be used to address the threats, both now and in the future. In addition to understanding how technologies can mitigate risk, leaders should also consider the potential benefits of trust-monitoring solutions that scan operating areas of the company like customer service, product development and governance, to help the enterprise identify early breaches in trust before they become significant issues.
Understand the role of trust-enabling technology within its business context.
Customers, employees, partners and other stakeholders need to trust that your organisation will reliably protect their data and interests. This requires the right people, processes and technology. For example, companies can leverage digital identities to enable privacy and build trust. Digital identity, which became increasingly critical during the shift to virtual work and life during the pandemic, facilitates more trustworthy and efficient engagement with stakeholders allowing businesses to engage with customers, suppliers or others without requiring constant “proof of credentials.”x Technologies such as AI, machine learning and data analytics, can detect unauthorised access to enterprise systems and fraudulent activity to ensure trusted stakeholder interactions.xi
Companies can also leverage blockchain to build trust. For instance, organisations increasingly seek to build sustainability in their supply chain. Blockchain, with its transparent and unalterably traceable ledger, could be the most appropriate technology to demonstrate a food manufacturer’s sustainable supply chain to its consumer base.xii In essence, the blockchain platform affords customers and other stakeholders end-to-end visibility into a product’s timeline of manufacture, as a single source of truth.
While these technologies can support digital trust, they can also impair it. Plans to mitigate nefarious and faulty uses of emerging technologies should be factored into the company’s growth strategies and mission. New innovations, products or other growth offerings can’t succeed if your stakeholders don’t trust your organisation to protect their data and privacy.
To strengthen digital trust: Inculcate trust as an evaluating factor across new technology adoptions. Working closely with the company’s technology leaders, identify the areas where digital trust can be strengthened or eroded. Incorporate trust-forward principles in technology adoption journeys from the start.
Understanding optimal technologies to engender digital trust is not, in itself, sufficient. Leaders should also take an active role in weaving the importance of digital trust into the culture of the organisation through words and actions.
Spread the news. Leaders should communicate to the broader organisation and stakeholders that the organisation is committed to maintaining digital trust and investing in capabilities to drive it. This approach includes communicating how digital trust manifests in their industry, how digital trust can be won or lost with different stakeholders and how the organisation maintains trust with regulators. They should acknowledge the risk to digital trust from different technologies and provide related risk awareness training to all employees, a hallmark of a highly “cyber-mature” organisation according to Deloitte’s 2023 Global Future of Cyber survey.xiii Regular digital trust briefings to the board should also be conducted.xiv
Leadership can also evangelise how technology preserves trust and drives enterprise value. In so doing, they can focus on the trust-enabling qualities that characterise specific technologies, such as the transparency that blockchain may offer stakeholders in a supply chain as noted above or the reassurance that AI can offer owners of intellectual property in assessing public websites for potential copyright infringement.
Actions speak louder than words. Communicate commitment in tangible ways. Implement strategies, procedures and processes to preserve digital trust and drive adoption of trust-enabling technologies. And, as these strategies are put into place, consider implementing security guardrails including network segmentation and zero-trust protocols, secure landing zones and DevSecOps principles .xv Different privacy expectations of diverse stakeholders must also be emphasised when developing these strategies. Resilient digital operations, trusted customer experiences and governance optimisation demonstrate an organisation’s efforts to establish digital trust.
Inspire the entire organisation to commit to preserving digital trust. While the focus of this paper is on the role of executive leadership engendering digital trust, employees across an organisation also need to assume ownership of digital trust in their day-to-day work. This can happen when organisations provide resources and tools that empower all employees to understand the role of data security within the context of their work and have security conversations with their stakeholders so that digital trust remains a top-of-mind objective. Organisations should also allow employees to ask difficult questions with respect to digital trust to hold leaders accountable to preserving trust and ensure greater organisational transparency. More than 80% of cyber breaches involve human fault.xvi Among the biggest opportunities therefore for organisations to fortify digital trust is to foster a workplace culture where everyone is taking ownership and doing their part to drive digital trust.
To strengthen digital trust: Commit to programmes that reinforce individual and leader accountability for building and preserving digital trust. Align incentives to encourage trustworthy behaviours. Take steps to paint the organisation’s trust-enabling story with your stakeholders, establishing your commitment in the marketplace.
Use metrics contextually. Just as the meaning of “digital trust” is context-specific, so too are the metrics used to measure digital trust and the value of trust-enabling technologies. Given that commonly used metrics fail to predictably measure ROI in digital security investments, one forecast suggests nearly half of CEOs will “demand” more tailored metrics to better gauge investments in their security programmes by 2025.xvii
The metrics employed should also reflect how the technologies affect different stakeholders—be they employees, customers, suppliers, the board, and others. Move away from over-reliance on cost-centric measures only and move more towards measures that reflect and drive cost optimisation, value preservation or protection and value creation through stronger customer loyalty, greater organisational resilience and investor confidence.xviii For example, customer loyalty is driven in part by a brand’s technical sophistication. Recent Deloitte analysis indicates technology customers are 6% more likely than average to recommend a brand that regularly deploys new innovations and 32% less likely to do so if the brand does not.xix
To strengthen digital trust: Implement solutions to diagnose stakeholder trust levels over time. From simple surveys to complex trust measurement platforms, solutions exist to help make trust measurement practical and repeatable. Also, when allocating budget for trust-enabling technologies, incorporate benefits including customer loyalty and organisational resilience into digital trust formulae.
Too often executives place the ownership of digital trust within the IT department, but we see a future where digital trust moves to the business just like any other category of trust. If every company is now a digital company and data is the currency that enables business success, then securing digital trust is an imperative for all leaders. Indeed, this imperative of collective responsibility is especially timely given the enduringly remote and volatile nature of the post-pandemic workplace—an environment that, according to research, has promoted fatigue in the C-suite.xx
Earning digital trust is not a passive activity. Investing in and adopting trust-enabling technologies is not a “set and forget” undertaking. Leaders should be vigilantly proactive and steadfast in pursuing digital solutions that engender trust because leaders have the broad perspective and perch to sense the steady state of risks to stakeholder trust that the organisation faces on a daily basis. And because these risks evolve in insidious fashion, without cessation, leaders should respond just as stalwartly and always in collaboration. If past is prologue, and it often is, this imperative will become even more compelling in the future.
Digital trust is simply too important to be incidental to the core mission of the organisation. Leadership will likely either understand this basic reality and act accordingly, or learn from those who do.