PCR catches up with Ben King, CSO EMEA at Okta to find out more about its Digital Trust Index.
Okta, an identity and access management company recently published the Digital Trust Index. The survey captured the sentiments of more than 13,000 office workers, including over 2,000 in the UK, to explore how trust is maintained, built and broken in a digital world, what external factors change our trust in digital channels, and how brands, businesses and governments can successfully build trust.
How would you define digital trust?
Trust will always be intangible and requires belief in three key aspects: reliability, truth and ability. Belief that someone or something will deliver on promises made, can be relied on to be truthful, and is capable in what they set out to achieve. Over the past year, the issue of digital trust has come to the fore as we have spent more time working, shopping and connecting with friends and family online.
Organisations must be aware of which employees, partners and customers they can trust to access their data and systems. Vice versa, these employees, partners and customers must trust that an organisation can protect any personal data they share.
Effective security tools and policies, especially those focused on seamlessly managing the identities of users, help to drive stakeholder trust. And an organisation with stringent security in place can trust that each stakeholder only has as much access to business systems as required. This symbiotic online relationship between organisation and stakeholder is digital trust.
How have organisations responded to the challenge of maintaining digital trust during a pandemic?
Across all sectors, CIOs and CSOs have had to divide their time between supporting industry-specific needs and reacting to security threats, often two very different tasks. Many have turned to technology to ensure their organisation is better protected as cybersecurity issues have continued to rise during the pandemic. When asked what their company has implemented in this regard, new security applications and technologies like multi-factor authentication (MFA) were the most popular measure, cited by 29% of office workers.
For industries that are not digitally native, secure home working has in most cases been more of a challenge than for those that offered remote working pre-Covid. Employees in non-digitally native companies often find themselves working from a lower technical baseline, meaning they may not notice or adhere to the protocols added to combat online risks when working remotely.
Those sectors that have traditionally faced higher levels of cyber threats, such as banking and technology, would have likely had a proportionally larger security budget than other industries surveyed. This meant that those without the latest security and collaboration tools were now investing in them, addressing some of the difficulties associated with home working, and creating a stronger foundational level of security across sectors.
What does digital trust mean between an organisation and its employees?
Business and IT leaders must be transparent about the cybersecurity measures and policies they are implementing to foster trust and staff buy-in.
We have seen an increase in the number of cyberattacks during the lockdown period as malicious actors attempt to take advantage of the increased threat vectors. F5’s 2020 Phishing and Fraud Report saw a 220% increase in phishing attacks during the pandemic compared to the yearly average.
The Digital Trust Index found that 10% of office workers globally have been the victim of a data breach or cyberattack during the pandemic. But despite this, 34% admit to not knowing if their employer has done anything to protect them from cyberthreats, indicating that businesses need to do more to communicate and educate employees.
What does this mean for consumer brands?
Over the past year, office workers had no choice but to become digitally savvy consumers, spending more time and money online as the pandemic took hold. In the UK alone, consumers have spurred a 73% increase in online retail sales in January 2021, compared to the same month last year.
This growth in online activity presents the challenge for brands to build new trust and loyalty models. Consumers increasingly demand more tailored services and offers, expecting greater personalisation, particularly from those brands they interact with regularly. If organisations can deliver this customer-centric approach, consumers become more likely to share personal data that further improves their user experience, while differentiating the business and providing valuable insights that help maintain customers and build revenue.
In this, the symbiotic digital trust relationship is crucial. Any mishandling of the consumer’s personal information could lead to trust being lost for good, with 39% of respondents admitting to having lost trust in a company due to a data breach or misuse of data they have heard about. Following this, 47% permanently stopped using the brand’s services and 36% deleted their account altogether, highlighting grave consequences for organisations that do not implement stringent security measures.
What happens when trust is lost in a digital brand?
It’s clear that trust is vital for digital brands to succeed in today’s highly competitive business landscape. The study revealed that 88% of UK respondents would be unlikely to purchase from a company that they did not trust.
For brands, this trust is hard won but easily lost. Any word of a breach or data loss is likely to see consumers lose faith. At best, this will manifest itself in changed passwords or negative posts on social media, at worst, consumers will stop using the brand entirely.
For established brands, the impact of digital trust is clear, but what does this mean for new digital brands?
As people increasingly become digital cynics, they are less likely to trust brands they do not know. 64% of respondents admitted that they would have serious reservations about shopping on a website they had never heard of before.
Additionally, issues such as fake online reviews are further eroding digital trust. This creates challenges for any online brand, as the barrier to building trust is raised. When buying a product, consumers often trust reviews as an accurate measure of its pros and cons. But if these reviews are falsified, as media coverage has reported recently, the ramifications fall on the brands involved as consumer scepticism grows.
In this new digital-first environment, entrants into an established digital market will struggle to gain market share without significant investment in building a reputation as a trustworthy online brand. Building this trust will require quality and reliability, but it’s also important to cultivate this over time.
Are there any generational differences in approach to digital trust?
There is a common misconception that people who have grown up with the internet are more likely to share personal details online, freely handing over their data as a cost of living in a digital-first world. In fact, the study revealed that younger age groups have a lower tolerance toward poor security and privacy ethics. Some 63% of 18–24-year-olds said they had permanently stopped using a firm’s services following a breach, compared to 42% of 35–44-year-olds.
This is not entirely surprising. Young people have grown up online and consequently have a good understanding of the value of data and the impact of data loss. So, they are far less tolerant of organisations that mishandle personal data. Given that younger generations will become the growth engine of tomorrow’s economy, brands must ensure their business priorities are aligned with these heightened expectations of cybersecurity.
How can organisations ensure they are cultivating digital trust through their security policies?
The cyberthreat landscape is constantly evolving, with new tricks and methods tried out frequently. Since the shift to mass remote work, many office workers have become more aware of phishing, data breaches and new risks such as deepfake fraud. Businesses must ensure they are staying ahead of the game as much as they can to combat these new threats with new approaches.
In the enterprise, it begins with a Zero Trust approach focused on validating identity before trusting anyone in the digital realm. The ultimate strategy maintains identity at the heart of digital security, and invokes risk-based access policies, continuous and adaptive authentication and frictionless access.
Read the latest edition of PCR’s monthly magazine below: