Why we must rebuild digital trust for a cyber-inclusive future

"If the lifeblood of the digital economy is data, its heart is digital trust". That's according to PwC's inaugural Digital Trust Insights survey, which was published in 2018. This remains poignant in 2021 at a time when the world is experiencing a global backlash against technology and reduced public support for digitization.

Indeed Edelman’s 2021 Trust Barometer shows just how widely this ‘techlash’ has spread, reporting that between 2012 and 2021 global trust in the tech sector has dropped from 77% to 68%. The public has become increasingly suspicious of tech, with things like misinformation, personal privacy, 5G networks, and AI bias topping the list of worries.

The loss of digital trust suggests many people are worried about the role technology plays in their lives currently. This is especially relevant at a time when millions of people around the world have shifted to online learning, telemedicine, remote work, and e-commerce to counter the restrictions brought about by the COVID-19 pandemic.

PwC's 2021 trust survey acknowledges this shift in digital conscience. Sean Joyce, the company's global leader for cyber, privacy and forensics acknowledges that the pandemic has resulted in drastic changes such that "things we thought of as 'future state' have really been adopted quickly".

Viewed from this perspective, mistrust in technology threatens to prevent the open, global collaboration that makes innovation possible. To counter this threat, public and private partners must rally not only to secure systems and data but also to protect and uphold the technological integrity of new innovations.

Stakeholders from a cross-section of industry must come together to rebuild confidence in the people, processes, and technologies it takes to build a secure digital world. Towards this end, the World Economic Forum’s Digital Trust initiative seeks to establish a global consensus among key stakeholders around what digital trust means and what measurable steps can be taken to improve the trustworthiness of digital technologies through security and responsible technology use.

Through this initiative, the Forum will drive the adoption of more secure and trustworthy technologies to circumvent the ‘distrust trap’ for citizens, businesses and governments. In November 2021, the Forum hosted its Annual Meeting on Cybersecurity during which discussions around trust took centre stage.

At the meeting, we asked global leaders in the cybersecurity field to share their thoughts and expertise on the responsible use of technology and how cyber security can engender a deeper trust in digital spaces. These are the insights from four leaders working on the frontlines of digital safety and security.

What are you doing to build digital trust?

Cloudflare is fundamentally in the trust business. We ask our customers to put an enormous amount of faith and trust in our systems to keep their data secure and make sure that it's reliable and make sure that it's flowing incredibly quickly. For us, the foundational roots of trust start with transparency. You need to be transparent in the things that you do, both internally and externally. And that means that when you make a mistake, you that you own up to it, explain it, talk about it clearly, and commit not to making the same mistake again. It also includes being accountable, which means that the people who make the rules and the laws are subject to the rules and laws themselves.

Matthew Prince, Co-Founder and Chief Executive Officer, Cloudflare, US

What do you do as the chief trust officer within your organization to make trust a priority?

Trust is the bedrock of our company. It’s written in the DNA of our culture, technology, and focus on customer success. My top priority is building and maintaining a trust-first culture, wherein each of Salesforce’s 50,000+ employees is committed to putting security at the center of everything they do.

That means regardless of line of business - from IT and operations to sales and customer service - each of us is committed to protecting our customers. From day one, we train each employee to operate with a high degree of security awareness: choosing strong passwords, enabling multi-factor authentication (MFA), patching corporate systems, and more.

Furthermore, we empower customers to uphold their part of the shared responsibility that is security, providing them with a common set of controls and empowering them with training and industry-best practices, such as mandating all customers adopt MFA to access Salesforce apps and services. In return, we communicate transparently on the state of Salesforce security, performance and availability - communicating in real-time both our successes and our failures.

Jim Alkove, Chief Trust Officer, Salesforce, US

How do you foster and build a security culture in your organization?

We set the tone from the top and provide adequate training for our people depending on their job profiles. When people are trained correctly, they act as multipliers in areas like developing code, setting up new servers or privileged access management systems, for example. But it's different when you include the executive assistant, or when you reach out to the board itself, to train them on cyber systems. We advocate for combined trainings that include our customers because there is value in collaboration.

You also need to take it a step further by empowering people through technology that makes it easy for them to do the right thing and hard for them to do the wrong thing in the course of their work. And then you need to make them the key ‘trust stakeholders’ for their products and customers so that they are not just following orders from a cybersecurity team but rather are following the rules because that’s what their customers expect. So, for us, it’s about having a strong central leadership that can facilitate these trainings so that collaboratively, you build digital trust and a digital culture.

Judith Wunschik, Global Chief Cybersecurity Officer & Global Head of Cybersecurity, Siemens Energy, Germany

How can companies weave cybersecurity and trust into the people and processes in their organizations?

From network security to product development, we believe in the power of over-investing when it comes to our own cybersecurity. To us, it’s a key requirement to have a solid foundation of threat awareness and the requisite security measures in response. For example, at CyberArk we embed security professionals, who are also developers, in every stage of the product development cycle.

Continuous advanced trainings enable those embedded security professionals to augment the developers around them with information about emerging threats and the latest best practices. It becomes a combination of security expertise, which we often call a security guild, meaning that they belong to a special group. New employees understand immediately that we really care about security and that they can hone their skills in a safe and secure environment, which creates a positive culture for all our developers.

Udi Mokady, Chairman and Chief Executive Officer, CyberArk

What can companies do today to promote digital trust?

Building a trusted enterprise means making trust your highest value. Nothing is more important than earning, every day, the trust of your employees, customers, partners, and communities.

Going forward, customers won’t do business with companies they don’t trust. They want more direct, trusted relationships. And while trust can be a much bigger umbrella than security - encompassing ethics, privacy, availability, and transparency - security remains a cornerstone of trust. Without a foundation of security, it can be impossible to achieve any other pillar of trust. That’s why, now more than ever, companies must build security into everything they do.

Jim Alkove, Chief Trust Officer, Salesforce, US

Organizations need to approach digital trust from a cultural perspective, one that trickles down to everyone in the organization. This means every employee needs to know and embrace the organization’s approach to digital trust. Not only should it be ingrained in everything they do, but there should also be a level of accountability. I advise companies to entrench the details of their digital trust policies in a constitution or other official corporate guidance document.

Udi Mokady, Chairman and Chief Executive Officer, CyberArk

I urge CEOs and investors to make the link between digital trust and their corporate constitutions. Digital trust is a cybersecurity business model that needs to be formalised. For tech leaders, know your scope and your assets and monitor who manages them. An organization's security posture and maturity should always be tracked by key performance indicators. But ultimately, trust is a feeling, not a science. It’s based on what you perceive. For cyber companies, privacy, sustainability, legal protections, and physical security all go hand-in-hand with trust, because everything is interconnected.

Judith Wunschik, Global Chief Cybersecurity Officer & Global Head of Cybersecurity, Siemens Energy, Germany

I think the highest return single policy that you can implement is creating a blameless culture. Humans are humans. Humans are going to make mistakes, and it's critical that you learn from those mistakes. And if you can create a culture where people share the mistakes that they've made, that's critical for you to be able to learn from them. Do whatever you can not to punish people for genuine mistakes.

Establish a culture that acknowledges mistakes and is transparent about them. This will encourage accountability. When someone on your team makes a mistake think about how you can fix the problem and decrease the blast radius both technically but also culturally. That’s the real key to building trust internally. And you can't build trust externally unless you have trust internally. So, start with a blameless culture. Start with transparency, consistency and accountability. That's the foundation on which trust is built.

Matthew Prince, Co-Founder and Chief Executive Officer, Cloudflare, US