Seven Key Steps to Build Digital Trust

Mark Thomas
Author: ISACA Now
Date Published: 4 November 2022

Building digital trust requires a multifaceted approach, beginning with making it an overarching enterprise priority. Digital trust extends well beyond the security function and requires much more than having sophisticated tools and technology in place.
While creating digital trust is no easy task, it is much more achievable with a solid roadmap in place. Below are seven key steps that can help organizations on their path to strengthening digital trust:

Veronica N. Rose

1. Prioritize trust. This might seem like an obvious starting point, but the business landscape is incredibly competitive and every minute matters when trying to gain competitive advantage. Some organizations become so focused on getting a new product or service to market, they don’t give proper time and attention to building relationships and instilling trust.

The key step to building and prioritizing digital trust is adding value,” said Veronica N. Rose, CISA, CDPSE, ISACA Board Director and Senior Information Systems Auditor at KPMG East Africa. “Not just investing in tools or adopting the latest frameworks or hiring the best personnel, but prioritizing value that helps the business improve efficiency and resilience. Building a future in which digital trust is an undeniably prioritized part of your business model requires dedication to ensuring value creation.”

Greg Witte 

2. Understand constituents and their expectations. Different transactions call for different levels of expectations. For example, paying cash for a stamp at the post office only requires a low level of digital trust when the customer expects that the letter will go through digital processing and be delivered to the intended location. When a person uses a credit card for the transaction, the expectations for digital trust increase, as the customer and the post office expect the digital credit card transaction to be processed accurately. Sometimes there can be a genuine misunderstanding of expectations, but other times there is apathy, or a lack of attention.

“There are many ways that organizations can improve,” said Greg Witte, a member of ISACA’s digital trust task force. “For example, I just came back from a business trip where I stayed with three different hotel chains. Each of them sent me a survey about the accommodations, but there was nothing about digital trust factors. In addition to asking if I enjoyed their washcloths and soap, they should be asking if I was comfortable using their WiFi, tapping my credit card at their front desk and with how they protected my private information. They didn’t ask for this input, but they should. It is a clear opportunity for improvement, and a good way for them to improve their digital trust while better understanding their guests and expectations.”

3. Do more than just check the boxes. Assessing the factors that support or detract from digital trust goes beyond ticking the right boxes on a checklist. An enterprise needs to have the foundation and the tools to do the right thing in the right way to end up with the right result. This may start with a digital trust self-assessment, guided self-assessment, or third-party self-assessment, and may include a gap analysis and action plan. The goal is to determine what each enterprise needs and how it is going to get there. Another useful tool is COBIT, which helps organizations focus on the processes related to digital trust.

Have you ever checked all the right boxes only to find out that you still missed something significant?,” said Mark Thomas, president of Escoute Consulting. “With digital trust, it’s not about checking boxes, it’s about enhancing the most appropriate and influential factors to enable trust between you and those with whom you digitally interact.”

Mea Clift

4. Keep people informed. One of the most significant impediments to trust arises when a customer or user is unable to identify a legitimate, secure method of interacting with an enterprise. The bad actors are sophisticated in how they attempt to confuse or harm users, so it is more important than ever for enterprises to be clear in how their customers can safely and efficiently interact with them.

Whether our clients are external or internal, communication is key for digital trust to be successful,” said Mea Clift, cybersecurity program manager at Woodard & Curran. “Transparency and open communication enhance the security of the organization. By allowing customers to interact freely and ask questions about security or around specific concerns, customers know you’re aware of situations, can speak plainly to them, and are going to keep them informed should changes or concerns arise.”

Bob Findlay

5. Monitor social media—and be ready to act quickly. The world is connected and bad news travels fast. Enterprises need to be alert to what is being said about them and be prepared to act quickly. A single bad story spreading on social media could impair an organization’s ability to conduct business.

“Don’t assume monitoring social media means just your pages or the platforms you use,” said Bob Findlay, global head of IT audit at Glanbia. “Your coverage needs to expand to other platforms, countries and imposter sites. Social media is global and you need to think globally, too.”

Ookeditse Kamau

6. Show care and responsiveness. Show care and responsiveness. Even with the best planning and intentions, negative incidents happen. Whether or not the core cause of an incident related to digital trust is discovered, companies need to show that they are monitoring and governing their own processes. This should be an integral part of the culture for any organization.

The value of digital trust to our customers is reflected by the way we structure, process and manage trust relationships both within our infrastructure and with the people in our organizations. This affords a transparent customer experience built on continuous engagement around both the organization’s successful efforts and failures in protecting customer data,” said Ookeditse Kamau, accredited IT trainer.

Josh Hamit

7. Exceed expectations. Earning someone’s trust in business goes beyond just fulfilling a contractual obligation. The company needs to ensure it establishes a rapport that increases consumer confidence. Not only should a company provide the expected deliverables in the stated timeframe, but it needs to do so in a way that meets or exceeds expectations. This creates a foundation of loyalty and trust.

“Organizations routinely aspire to deliver an amazing digital experience to their customers, but too often the experience is designed around assumptions about what the customer wants instead of listening and understanding how to achieve the ‘wow factor’ that exceeds their expectations,” said Josh Hamit, senior vice president and chief information officer at Altra Federal Credit Union. “For example, an online loan application might be advertised and promoted as ‘easy’ or ‘get approved fast’ but fails to deliver on that promise as a result of injecting too much friction. Building digital trust requires a cultural commitment to deliver an authentic digital experience that walks-the-talk and promotes brand loyalty.”

Editor’s note: For a more extensive look at these steps to creating digital trust, download “Seven Steps to Stronger Digital Trust.”