By Kevon Swift – Head of Public Safety Affairs at LACNIC
While seemingly evident, many of us may be tempted to hazard a guess about the meaning of Digital Trust and what this could mean for activities mediated through the Internet. Digital Trust, as a succinct issue area, is fairly novel but is gaining a lot of attention in light of the exponential increase in cyber incidents that have occurred over the past four years alongside varying levels of strategic and/or tactical digital transformation initiatives. As topical as it seems, companies’ investments into digital trust are becoming more commonplace, as the underlying issues that cause mistrust do not seem to be disappearing any time soon. Even as some countries effect frequent regulatory manoeuvres to target said issues, if systems to deliver new regulations are inefficient the state of mistrust persists. So what exactly is this all about? This article aims to shed light on what digital trust is, and why it is critical in today’s digital environment.
What does Digital Trust mean?
In the rapidly evolving landscape of the digital era, the concept of digital trust has transcended being a mere commodity to emerge as a strategic profit centre crucial for organisational success. As we navigate increasingly interconnected marketplaces facilitated by digital technologies, the vulnerability to growing risks becomes apparent. In today’s environment, building and maintaining digital trust have become pivotal, addressing a widening trust gap between individuals, governments, and businesses involved in the creation and deployment of digital technologies.[1] In the simplest of terms, digital trust can be considered as individuals’ expectation that digital technologies and services – and the organisations providing them – will protect all stakeholders’ interests and uphold societal expectations and values.[2] It is a topic that goes beyond compliance, as it involves strategic decisions and alignments in security, risk, privacy, quality, communications, information technology, marketing, and operations – all of which affects an organisation’s brand, reputation and trustworthiness.[3]
Security Challenges Ahead
In the realm of immediate technological risks contributing to this sense of ‘distrust’, we encounter the perils of misinformation, disinformation, and cyber insecurity, all featuring prominently among the top ten risks societies are predicted to grapple with in the immediate future.[4] The insecurity in the digital domain mirrors a growing disconnection between the current resilience of digital technologies and networks and the rising influence of organised crime networks. Novel tools and capabilities in the digital expanse not only unlocks fresh opportunities for said networks but also reshapes cybercrime into a financially viable yet low-risk venture for organised crime.[5] Generative AI becomes part of this equation, because of its use in phishing attacks and capability of accurate translations into minority languages, therefore extending the reach of cyber threats.[6] Cybercrime is already prevalent in Latin America and is anticipated to spread to other regions, including parts of Asia and West and Southern Africa.[7] Organisations must prioritise and invest in digital trust as a critical defence against the evolving cyber threat landscape, as the fight against cybercrime is no longer an optional frontline battle but rather a mandatory survival skill for businesses and individuals.
Data Governance at Risk
(Free access, no subscription required)
With interconnectedness we have also come to realise that numerous devices are inadequately designed, particularly as it relates to data privacy. The recent surge in global cyber attacks intensifies the spotlight on compromised assets, with a specific focus on the alarming compromise of personal data. This escalating threat landscape sets the starting premise for individuals, be they consumers, customers, or constituents, on a foundation of mistrust – a sentiment fuelled by the rampant prevalence of online fraud and phishing attacks.[8] Already fatigued by never-ending changes to end-user licence agreements (EULAs) and other digital phenomena that they cannot understand, the barrage of targeted advertisements along with social engineering attacks has contributed to this seering animosity.[9] While technical solutions strive to address security vulnerabilities, the critical oversight of cultivating relationships that instil trust opens the floodgates to profound and detrimental challenges. Among these lurk confidentiality breaches, disgruntled shareholders, the spectre of financial ruin, and the ominous shadow of reputational fallout.
According to IBM’s 2023 Cost of a Data Breach Report, the average cost of a data breach in 2023 in Latin America stood at USD 3.69 million, representing a 1.32% increase from the 2022 cost of USD 2.8 million.[10] Globally, phishing and stolen or compromised credentials were the two most common initial attack vectors attributed to the breaches, which breaches based on stolen or compromised credentials, or malicious insiders, taking the longest to be resolved.[11] What’s more, 82% of breaches involved a cloud environment, i.e. either public or private cloud or across multiple environments.[12] Factors such as the amount of security skills, security system complexity, and non-compliance with regulations determined the degree to which costs were amplified among affected organisations.[13]
There is an old adage that says that you cannot achieve privacy without security but you can achieve security without privacy. Digital trust supersedes this thought process, as it zeroes in on the expected responsibility and accountability that an organisation should have from the perspective of the least powerful party in its business relationships.
With interconnectedness we have also come to realise that numerous devices are inadequately designed, particularly as it relates to data privacy. The recent surge in global cyber attacks intensifies the spotlight on compromised assets, with a specific focus on the alarming compromise of personal data. This escalating threat landscape sets the starting premise for individuals, be they consumers, customers, or constituents, on a foundation of mistrust – a sentiment fuelled by the rampant prevalence of online fraud and phishing attacks.[8] Already fatigued by never-ending changes to end-user licence agreements (EULAs) and other digital phenomena that they cannot understand, the barrage of targeted advertisements along with social engineering attacks has contributed to this seering animosity.[9] While technical solutions strive to address security vulnerabilities, the critical oversight of cultivating relationships that instil trust opens the floodgates to profound and detrimental challenges. Among these lurk confidentiality breaches, disgruntled shareholders, the spectre of financial ruin, and the ominous shadow of reputational fallout.
According to IBM’s 2023 Cost of a Data Breach Report, the average cost of a data breach in 2023 in Latin America stood at USD 3.69 million, representing a 1.32% increase from the 2022 cost of USD 2.8 million.[10] Globally, phishing and stolen or compromised credentials were the two most common initial attack vectors attributed to the breaches, which breaches based on stolen or compromised credentials, or malicious insiders, taking the longest to be resolved.[11] What’s more, 82% of breaches involved a cloud environment, i.e. either public or private cloud or across multiple environments.[12] Factors such as the amount of security skills, security system complexity, and non-compliance with regulations determined the degree to which costs were amplified among affected organisations.[13]
There is an old adage that says that you cannot achieve privacy without security but you can achieve security without privacy. Digital trust supersedes this thought process, as it zeroes in on the expected responsibility and accountability that an organisation should have from the perspective of the least powerful party in its business relationships.
The Cost of Inaction
Organisations cannot afford to remain unprepared for the risks at hand. It is critical that they understand their abilities and responsibilities in fostering relationships both with customers and competent authorities, leading the charge in resilience, and innovating towards achieving excellence in products or services. Some business people have posited that the consequences of not ensuring high levels of digital trust in organisations include reputation decline, more cybersecurity incidents, more privacy breaches, and a loss of customers.[14]
Also, business leaders must demonstrate a clear commitment to earning trust, and carry out decisive actions towards building digital trust as these factors serve as essential anchors to mitigate the fallout when breaches and incidents occur. The World Economic Forum’s Digital Trust initiative, initiated in 2022, calls upon the digital trust community to prioritise cybersecurity and responsible technology use.[15] Inherent in these strategic imperatives are goals like working towards cyber resilience, security-by-design, privacy protection, ethical and values-driven innovation, transparency, and accountability.[16]
The initiative has introduced a framework to offer leaders guidance on building digital trust, delving into the intricacies of trust issues and their interconnected nature. Moreover, this framework establishes the foundation for much-needed public-private cooperation, emphasising the understanding of shared responsibility in this crucial endeavour essential for the survival of today’s organisations.
Conclusion
While ensuring cybersecurity and cyber resilience involves specific technologies and skills, trust is centred on the decisions that leaders make and whether they meet the expectations and sustain the values of the individuals with whom leaders engage.[17] Prioritising digital trust as a cornerstone of strategic initiatives has become non-negotiable. This means that robust cybersecurity measures, addressing data privacy concerns among others, must be implemented, and trust-building relationships must be actively cultivated. While it is highly difficult to determine when cyberattacks will happen, demonstrating a reasonably acceptable level of due diligence and remaining accountable, available, and transparent in the aftermath of incidents are indispensable qualities.
Organisations must recognise that the cost of inaction goes beyond financial implications, encompassing reputational damage and diminished stakeholder confidence. By taking proactive steps to fortify digital trust, organisations not only safeguard their success but also contribute to building a resilient and trustworthy digital ecosystem for all. Presently, businesses and governments have much more at stake when conducting any operation that has undergone some degree of digital transformation. Trust, in today’s climate, is the ultimate currency.
[1] World Economic Forum [WEF], in collaboration with Accenture, KPMG and PwC. 2022. Earning Digital Trust: Decision-Making for Trustworthy Technologies. Insight Report. Introduction. Geneva: World Economic Forum. Noviembre de 2022 Consultado el 17 de enero de 2024
[2] Ibid. Executive Summary
[3] Information Systems Audit and Control Association [ISACA], State of Digital Trust 2023: An ISACA Global Research Report. Abstract. Schaumburg, IL, USA: ISACA. Mayo de 2023
[4] World Economic Forum [WEF], in partnership with Marsh & McLennan Companies and Zurich Insurance Group. 2024. The Global Risks Report 2024: 19th Edition. Insight Report. Chapter 1 Global Risks 2024: At a turning point. Geneva: World Economic Forum. Enero de 2024
[5] Ibid
[6] Ibid
[7] Ibid
[8] ISACA (n 3) 4
[9] Ibid
[10] International Business Machines [IBM] Security, Cost of a Data Breach Report 2023. Chapter 2: Complete Findings. Chicago, IL, USA: IBM. Consultado el 17 de enero de 2024
[11] Ibid
[12] Ibid
[13] Ibid
[14] ISACA (n 3) State of Digital Trust 2023 Survey
[15] WEF (n 1)
[16] Ibid
[17] Ibid
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.
