September 25, 2023 By Sue Poremba 4 min read

As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm.

However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement digital trust. This crucial shortfall can create gaps in security across a number of strategic areas.

What is digital trust?

Companies have relied on trust to build business for centuries. Who hasn’t experienced an agreement based on nothing more than a handshake, trusting that someone’s word was enough? And as more business and personal transactions now happen digitally, those in-person handshakes have moved online. Now consumers depend on more than a company’s word or reputation: They expect a company’s networks and systems will keep personal data safe and secure. That expectation is the basis of digital trust.

But when that digital trust is broken, the consequences are dire. Because data breaches and ransomware attacks have a wide-reaching impact, all stakeholders need to know that their digital relationships with a business are reliable.

“The tolerance for any breach of digital trust is near zero,” Greg Witte, Senior Security Engineer at Huntington Ingalls Industries, wrote in the ebook, Your Top Digital Trust Questions Answered.

This lack of tolerance for the breakdown of digital trust is why 76% of respondents said digital trust is important to digital transformation, according to the ISACA survey. When digital trust is high, the benefits range from a good reputation and stronger customer loyalty to practices that lead to fewer breaches and faster innovation due to confidence in the technology.

However, even though organizations realize that digital trust has such a positive impact on their business practices and will make the digital transformation process smoother, they often do little to ensure the mechanisms promoting high levels of digital confidence are in place. Fewer than one in five companies have made digital trust a priority and nearly one-third of companies have no processes in place to measure digital trust.

How to build digital trust

There are several principles used to build digital trust. They are:

  • Transparency
  • Reliability
  • User experience
  • Security
  • Integrity.

Incorporating these pillars as part of the digital transformation journey does more than provide a foundation for building corporate confidence with stakeholders. It can also go a long way in improving overall cybersecurity maturity and helping the organization meet compliance regulations.


Customers deserve to know details surrounding the collection, storage and use of their personal data. Being transparent about the organization’s practices around data collection and usage is essential to building consumer loyalty. In addition, transparency around customer data is often a requirement of data privacy regulations.


Is your organization able to follow through on the promises it makes with its digital offerings? The customer should feel confident that they can visit the organization’s website or mobile app and know that the transactions are trustworthy because the organization has demonstrated itself to be a good caretaker of PII. E-commerce sites that rely on credit card transactions or healthcare sites sharing medical data must stay current with standards and privacy compliance.

User experience

This builds on reliability. Customers have an expectation when they come to your company via a device. Even with in-person visits, customers want a flawless process, whether it is a checkout without glitches or a database that offers real-time data about items on store shelves. Downtime is a deterrent to good user experience, which means organizations need to have good backup and data loss protection procedures in place.


Consumers are more savvy than ever about the risks to their personal information. Everyone has been directly or indirectly victimized by a data breach or ransomware attack. Building digital trust for better security means not only requiring a solid cybersecurity program inside the company but also requiring third-party vendors and contractors to have robust security systems, as well.


Most consumers understand that cyber incidents will happen even to the most security-mature company. How the company responds will determine customer trust. Having policies in place and reliable messaging will demonstrate the organization’s integrity around digital trustworthiness.

Barriers to achieving digital trust

As mentioned earlier, organizations know the importance of digital trust to overall business practices and ROI. Unfortunately, they are still slow to implement procedures around trust, especially as they add new digital assets.

According to the ISACA survey, the top obstacles to attaining digital trust include:

  • Lack of skills and training
  • Insufficient leadership buy-in on the importance of digital trust
  • Poor alignment between digital trust and business goals
  • Budget shortfalls
  • Lack of technical resources.

All of these barriers can be overcome by implementing the best security practices used in other areas of the organization. Digital trust and cybersecurity aren’t separate, and they shouldn’t be siloed. Just as each new asset within the digital transformation will require its cybersecurity protocols, digital trust should be naturally included.

“As organizations move to a digital-first business model, trust is the essential component that must be earned before, during and after every interaction,” Tracey Dedrick, interim CEO of ISACA, said in a formal statement. “Digital trust is an umbrella that ensures existing functions are operating in sync and in the most optimal manner to ensure others have trust in the organization.”

More from Risk Management

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

The evolution of ransomware: Lessons for the future

5 min read - Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to the past and recent trends to predict the future. 2005 to 2020: A rapidly changing landscape While the first ransomware incident was observed in 1989,…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today