Of course, businesses need customer trust, but understanding what trust means in a digital world is becoming more important.
Digital trust is users’ confidence that tech, people and processes they engage with are secure and private. Recent research suggests how customers decide where to place their digital trust is changing, so some businesses are changing their approach.
As Minter Dial wrote before in Secure Futures, the 2022 Edelman Trust Barometer report shows eroding trust in institutions while remarkably, our trust in business remains. Now, there’s an opportunity for business to use integrity, empathy, and privacy and ethics around new tech like artificial intelligence (AI) and customer relationships management (CRM,) to lead the way.
Kaspersky’s new podcast, Insight Story, unpacks emerging tech trends with global specialists and businesses successfully using new tech. In Episode 4, I discuss what digital trust means and how organizations can grow it with Müge Fazlioglu (US,) Principal Researcher, International Association of Privacy Professionals (IAPP), Malek Ben Salem (US,) emerging tech security expert and Fabio Assolini, Head of Research in Latin America for Kaspersky’s Global Research and Analysis Team.
Unpacking digital trust
Digital trust covers much ground, Malek Ben Salem says. “It’s about data integrity, technology, people and processes. It’s our confidence that our privacy is protected and secured, the reliability of digital transactions and how sure we are of the identities of those we engage with. It’s also about how much we trust the information we get as users.”
Müge Fazlioglu says trust is notoriously hard to pin down. “Our trust when we may or may not share data depends on many things, like our perception of the party we’re sharing with, our data’s value to them and us. We also weigh the data’s sensitivity – what might happen if it were revealed.”
Trust can make or break a purchase
IAPP’s March 2023 Privacy and Consumer Trust Report shows privacy concerns influence consumer purchasing decisions. Müge says, “Many people take steps to protect their privacy, like deleting an app or withholding some personal information.”
Consumers use privacy alongside quality and price to decide what to buy. They even back out of purchases if they have privacy concerns.
Müge Fazlioglu, Principal Researcher, International Association of Privacy Professionals (IAPP)
So paying more attention to trust could pay dividends. “Organizations gain credibility by taking steps to enhance privacy and data protection. We’re now seeing some big brands featuring privacy-related messaging in their advertising and marketing of web browsers and smart home devices,” recounts Müge.
Trust concerns also make brands hit the headlines for the wrong reasons. Amazon’s recent purchase of robot vacuum cleaner brand iRobot triggered privacy objections from consumer and civil rights groups, then an EU investigation.
How companies help (and harm) trust
Tech research consultancy McKinsey’s 2022 Digital Trust report said while 70 percent of people trust companies to protect their privacy, most companies aren’t living up to the expectation. So what should companies do?
Müge says much best practice is around transparency. “Few consumers have a good grasp of how companies use their information – what they collect, and if they follow good practice. So companies need to ensure they write a simple, clear privacy policy and have an easy-to-use page for people to manage their privacy settings.”
Regulators also think easy-to-adjust privacy settings matter. The US Federal Trade Commission (FTC) recently fined the company that makes the game Fortnite for its hard-to-use privacy settings.
Müge thinks regulators, businesses and consumers can all play a role in improving communication around privacy. “How a company communicates its data practices affects trust – the duty should not be on customers to make daily decisions based on lengthy and complicated legal agreements. Regulators have an important role in raising awareness and providing education. Some, like the FTC and European Union data protection authorities, are starting to do that.”
Müge also recommends being prepared for how you’ll handle a data leak. “Responding slowly means more consumer loyalty lost. Have an incident response plan for the inevitable.”
Data leaks are common but often have a big impact on business. Kaspersky’s 2022 IT Security Economics report found that among 3,230 businesses surveyed, data leaks were the most commonly encountered security issue, with 55 percent considering them the most challenging incidents.
Malek points to one business leading in digital trust. “Apple stands out in how it uses privacy-preserving technology to train artificial intelligence (AI) on mobile phones. Devices keep data locally and use it to train user speech-recognition and auto-complete models. Then the models are used to update a central model that can be applied to many users. So the data is not shared or uploaded, but still used to improve the AI.”
Using cybersecurity to build trust
29 percent of businesses with 500 to 999 employees have experienced a cybersecurity incident, according to Kaspersky’s 2022 Small-to-Medium Business Cyber Resilience report. As your business scales into a larger enterprise, so does the likelihood of a cyberattack or data leak.
Malek thinks investing in cybersecurity is vital to protect customer trust. “To build secure infrastructure and allow for secure transactions, you need a cybersecurity strategy and proper governance, and you must hire the right talent. More importantly, be transparent.”
Tell your customers, investors and shareholders where you stand with security. Demonstrating your commitment to your policies will earn their trust.
Malek Ben Salem, emerging tech security expert
Or, as Müge says, “Shine a bright light on what you’re doing.”
New technologies are evolving cybersecurity’s contribution to digital trust. Malek sees many applications of AI in security tech: “It helps identify who is accessing a system by profiling user behavior. It can detect and respond to security incidents. It can classify unstructured data like business documents, so we don’t need people to read them to know what’s sensitive or confidential.”
A relatively new approach to security, zero trust, is influencing what we’ll see next. “People will own their full identity and use pieces as needed. For instance, if I want to buy something that requires proof of age, I can share just my age without information the seller doesn’t need, like full birth date. Zero-trust principles mean allowing access only to the information needed.”
But Kaspersky’s Fabio Assolini says businesses may not be able to adopt these good practices overnight. “Many networks need adapting for zero-trust principles. It’s a challenge for administrators, but it’s important they understand how it works and prepare corporate networks for it.”
He also highlights the value of transparency, not just between businesses and customers, but between businesses and suppliers. “You must be able to trust your cybersecurity providers, especially as we’re seeing many targeted attacks that abuse cybersecurity software or infrastructure. Security vendors could be more transparent about their technologies. At Kaspersky, we let customers review our code at transparency centers. We’d like to see other companies doing that.”
He adds, “Training is also important. Sometimes cybercriminals send a phishing attack to just one employee, so it matters that each employee is trained in identifying attack attempts.”
Asked for one key recommendation for business in building digital trust, Malek says, consider cybersecurity part of your environmental, social and governance (ESG) framework because “it elevates the discussion.”
Müge says, “Keep in mind all the smart technology you use. It uses many different kinds of information. Use the privacy features and regularly monitor data sharing.”
Listen to the full Insight Story audio series on Podbean or your usual podcast provider.