As the Chief Trust Officer role arises, so must its scope of trust

 

The "first world" (an antiquated term, I know, but it's still accurate) is an increasingly digital world in which the concept of trust is more vital than ever. Of course everyone's up in arms about data breaches and leaks, cyber attacks, privacy and identity - but the need for trust is not only about securing data:  it's about the need for fundamental trustworthiness of our digital lives, from the websites we visit to the apps we use, to the streaming upon which we binge, to the devices we rely upon, to the social media engagements to which we're addicted. While I'm deeply passionate about urging companies to demonstrate this trustworthiness, I'm equally concerned about the lack of awareness among everyday people regarding their own digital footprints and personal data exposure.

The Call for Digital Trustworthiness

In my 16 years working in the field of internet security, I've witnessed a significant shift in the roles responsible for managing security, compliance, privacy, and digital operations. The emergence of roles like the Chief Trust Officer reflects the growing recognition that digital trust is not just a checkbox but a core component of any successful digital venture - and a core component of any company with even the smallest of digital presence.

In a world where breaches can cost millions and erode consumer confidence, the role of the Chief Trust Officer has evolved to encompass the responsibility of ensuring trust at every level, from code and devices to user experiences and employee conduct. Companies like my employer DigiCert have become pioneers in this space, setting the standard for a comprehensive approach to defining and establishing digital trust.  

I LOVE the idea of digital trust.  I'm happy to play a role in its understanding and propagation.  

It's said that digital trust is built upon 4 key building blocks:

  1. Industry and Technology Standards: These define what constitutes trust in the digital space.
  2. Compliance and Operations: Governance is crucial for the delivery of trust.
  3. Unified Trust Management Platforms: These ensure the lifecycle management of trust.
  4. Extension of Trust through Ecosystems: Trust should extend to connected devices, software supply chains, and digital content.

Right?  Yes, but...

Notice what's missing in that list.  Or better said, notice who's missing in that list.

The institutional context of that list has a glaring shortcoming, in my opinion.  It over-indexes on "digital" and under-focuses on "trust".  Moreover, the evolving term of "digital trust" also doesn't extend far enough beyond the walls (digital and physical) of companies and organizations.  So as organizations realize the need for digital trust - and therefore the need for Chief Trust Officers - neither should overlook the wider scope of the word they share in common:  trust.  And trust cannot overlook the people who rely on it - and that's not limited to employees.

Consider the Alternatives (and Reasons)

To put the importance of trust into perspective: the average data breach in the United States costs a staggering $9.4 million. Worth repeating: average.  Egad.  Even if you believe somehow that companies are evil hoarders of extra money which belongs to someones-else, that average breach amount would cripple most companies;  even the most coexisence-and-tolerance-for-everyone-except-capitalists-and-capitalism hearts would not wish such a thing on the workers or customers who rely upon a breached company. 

But wait, there's more:  a failed audit can set a company back by $14 million. These statistics highlight the high stakes involved. 

Oh, and:  consumers are quick to switch vendors when trust is lost, and the consequences are significant for businesses.

But that's all from the reactive standpoint.  Instead, consider trust as a proactive catalyst for revenue growth:  

  • Companies which prioritize trust outperform their competitors by a delicious 4x margin. 
  • An impressive 88% of consumers who trust a brand become loyal, repeat customers. 

Now we're getting at the heart of trust - and where the CTrO's heart must also be

Trust rests not only on the shoulders of businesses. As someone deeply concerned about individuals' general lack of awareness of their own digital security, identity and privacy, I believe that there are roles and actions that both individuals and organizations must undertake in order to reach their own trust goals - and those roles and actions overlap.  The role of the Chief Trust Officer (and the scope of digital trust) must extend into those areas of overlap.

Don't rush to the What and How without fully considering the Why and the Who

Individuals must take charge of their digital footprints and the personal data which they own - but is in others' control - because the data that gets breached and lost often is their data (read: a breach likely exposes the very same personal private data which help defines individuals' digital identities - and those identities (and therefore the data) belong to the individuals).  That average $9.4M is the cost to the breached company - not the additional, separate cost to the often average-ordinary-people whose data is now in a cybercriminal's hands - and further further further out of their own control. Yikes. Eek. Ouch.

Most people have no idea how exposed their data and identities are in the digital realm.  Even though it's their data and they own it, it's wildly out of control even when a breach isn't involved. 

A person's digital footprint is more than just a trail; its components are the keys to their identity, and that needs safeguarding.  I suggest that it's not just individuals whose job it must be to safeguard their own data, privacy, and identity - it's the Chief Trust Officer's job.  Well, those who equally prioritize the "trust" alongside the "digital".

Trust Empowerment

My lecture here isn't a call to action items with next steps to undertake.  Instead, it's a concept that you must fully grok if digital trust is to reach its full meaning.  Only through your understanding can you determine your "so what" and "what's next".

Long ago, I introduced and coined the term "The Transitive Property of Trust" wherein the more someone trusts something, the more profitable it is for the provider of that "something".  When a company has trustworthy websites/code/devices/apps/people/etc. - and discusses and demonstrates that trustworthiness - consumers and customers tend to trust them and prefer them, and that ends up being profitable for such a company.  But digital trust doesn't exist because of all those trustworthy things that the company provides, nor because it discusses or demonstrates them - it exists when someone relies on them - average, ordinary someones.  THAT is full-scope digital trust, and it is the full scope of the Chief Trust Officer.

While individuals must be proactive in taking ownership of the data which organizations control, trustworthy companies and their Chief Trust Officers must play a vital role in full-scope digital trust which considers and protects those individuals.  It's not enough for businesses to protect your data; they must keep in mind who pays the bills ultimately - and therefore digital trust cannot only include the code/websites/things/etc. they provide.

The rise of the Chief Trust Officer role is a testament to the growing importance of digital trust. Companies like DigiCert are leading the charge, but trust is a two-way street. It's time for all of us to be more aware of our digital footprints and to demand trust in the digital world by expecting digital trust to extend to us as ordinary people, too.  A smart Chief Trust Officer will respect and serve that downstream human element along with their within-organizational standards, compliance, controls and deployments of trust. After all, in this digital age, trust is the currency of the future, and it's up to all of us to protect it - and one another.

Comments

Post a Comment

Popular posts from this blog

Balancing Trust Projection and Digital Footprints

Let's bash the champagne bottle against the bow of this ship! The maiden voyage of any blog (and for any blogger) is both exciting and purposeful – in that it's a fresh platform to shine the spotlight upon driving passions. And this is it for me – focusing upon two key passions of mine: advocating for the proactive projections of organizations' digital trustworthiness, and elevating everyone's awareness of their digital footprints and online identities. This blog will capture my thoughts of the moment on either topic (or both as they conflict or peacefully coexist), and sometimes those thoughts will be simply be as I've shared on social media like LinkedIn and X fka Twitter.  We'll see. The Projection of Fundamental Trust For yearrrrrrrs as a Trust Strategist at organizations like Symantec and DigiCert, I've spoken about this topic at trade events, on podcast and webinars, on live and syndicated news segments, and to my employer's customers, prospects an
Read more

Navigating the Transformative Potential of Using Generative AI for/by Business

There's obviously (although not fully obvious, yet) transformative potential of generative AI in business, but all of us in the corporate world must be cautious about legal, security, and privacy uncertainties (as if there isn't enough caution in those 3 areas!) due to #genai's rapid evolution.  This article gets into the risks regarding copyright, data privacy (switching standpoints here to the user POV:  YOUR data, YOUR identity, YOUR digital footprint), and associated liability.  If organizations don't address those areas of #generativeai risk, then their ability to earn & keep customers' trust is also at risk - as would also be their ability to credibly *project* their own trustworthiness. View the target article here:   https://redcloveradvisors.com/2023/08/22/privacy-risks-of-using-ai-for-your-business/ Engage with my LinkedIn post here:  https://www.linkedin.com/posts/jeffbarto_privacy-risks-of-using-ai-for-your-business-activity-7102801624871428096-8o
Read more

Generational Privacy Habits and Surprising Trends

Generational habits and preferences for actively managing one's own online footprint / digital identity / privacy are fascinating (I say this as a straddler between Baby Boomers and Generation X myself - I've heard of my sub-generation called Baby Busters). This study shares some surprises: as digital natives, Generation Z is more willing than #GenX to allow tracking in order to receive relevant ads (and less likely to clear browser cookies & use an ad blocker) but paradoxically #GenZ is more likely to use a VPN. See the study to which I refer:   https://www.marketingdive.com/news/allow-tracking-younger-consumers-more-likely-okay-with-target/691452/ Interact with this post on LinkedIn:   https://www.linkedin.com/posts/jeffbarto_gen-z-is-more-likely-to-be-ok-with-targeted-activity-7101964425196179456-bbX3?utm_source=share&utm_medium=member_desktop
Read more