Published on the 17/05/2023 | Written by Heather Wright

Local organisations are talking the digital trust talk, but a lack of training and leadership buy-in means walking the talk is proving a whole lot harder.

The second annual State of Digital Trust ANZ survey from IT professionals industry association ISACA shows that despite hailing the importance of digital trust, for most organisations locally, it is not a priority.

While 99 percent of local respondents say digital trust is important, with 84 percent saying that importance will increase in the coming five years, just 18 percent say their board of directors has made digital trust a priority and only 29 percent plan to increase budgets in the next year to achieve digital trust.

“A lack of leadership buy-in and skills and training are the key obstacles in achieving digital trust.”

The concept of digital trust can sometimes feel a little ambiguous and, ironically, opaque, something the report calls out, noting that just 33 percent of global respondents were extremely or very familiar with digital trust as a term – rather than a concept – prior to being shown ISACA’s definition.

For the record, ISACA defines digital trust as the confidence in the integrity of the relationship, interactions and transactions among providers and consumers within an associated digital ecosystem. Its key components include security, data integrity, privacy, governance and assurance, and it is a driving factor in consumer decisions and business resilience, ISACA says.

But if digital trust is a little vague, its importance for businesses seems clearer with consumers seeking assurance that the companies they deal with are handling cybersecurity, data privacy, and even technologies like AI, responsibly. That trust can also help organisations to improve their ability to recover from cyberattacks and breaches.

A McKinsey global report late last year into why digital trust truly matters for business noted the value consumers are placing on digital trust. Most respondents to that survey said it was important for companies to provide transparency around digital trust policies. In fact, they want to know a company’s data and AI policies before they buy from it, and 46 percent globally – and 58 percent in Asia Pacific – ‘often or always’ consider another brand if the one they are considering purchasing from is unclear about how it will use their data.

ISACA’s report shows local organisations understand that customer demand, but moving digital trust beyond the nice-to-have high level discussions to reality is proving more challenging.

Jo Stewart-Rattray, ISACA Oceania ambassador, says moves towards independent assessments on a company’s digital trust practices make digital trust ‘an absolute priority’.

“Consumers and stakeholders are increasingly vetting the organisations they partner with based on a company’s ability to protect their data,” Stewart-Rattray says.

“ISACA’s survey indicates 66 percent of A/NZ respondents believe that it is important for organisations to be independently graded on digital trust practices, with the results available publicly.

According to the ISACA State of Digital Trust 2023 survey, which included 276 Australian and New Zealand digital trust professionals, a lack of leadership buy-in and lack of skills and training (both 52 percent) are the key obstacles in achieving digital trust in their organisations.

A lack of alignment of digital trust and enterprise goals (49 percent), lack of budget (47 percent), lack of technological resources (43 percent) and digital trust ‘not seen as a priority’ (41 percent) were also among the big obstacles.

Security, risk, data integrity, privacy, governance, quality and assurance are all components of digital trust, but for most A/NZ organisations (51 percent) there isn’t enough collaboration among the fields.

And while 68 percent say measuring maturity of digital trust practices is extremely or very important, 32 percent admit they don’t measure digital trust at all.

For companies that can attain high levels of digital trust, the benefits are tangible, with top benefits reported this year being positive reputation (74 percent), fewer cybersecurity incidents (64 percent), fewer privacy breaches 63 percent), more reliable data for decision-making 59 percent) and stronger customer loyalty (59 percent). Faster innovation due to confidence in their technology and systems also got a look in, while 27 percent of local companies reported higher revenue.

“Digital trust does not necessarily require a significant budget allocation or the creation of a new C-suite position,” ISACA says.

“In many instances, digital trust can be approached as an umbrella that ensures existing functions are operating in the most optimal manner and that others have trust in the organisation, even during negative situations.”

For some organisations, ISACA says digital trust simply requires a new way of looking at what they are already doing.

ISACA offers up three pointers for the roadmap forward for organisations:

Ask the right questions: What trust factors do customers expect? Do customers know how to identify potential fraud and how to contact? What vulnerabilities are being created?

Establish an enterprise wide digital trust approach: Policies are important, but digital trust should be built into the fabric of the enterprise and all processes, products and services.

Ensure all are involved: Even though accountability resides with leadership, everybody has a role in digital trust. It should be prioritised and measured in all departments.