Trust isn’t a new concept to enterprise organizations; from highly publicized data breaches to inappropriate uses of customer information, enterprise organizations know the cost that losing your customers’ trust can exact.
Trust is elevating to board room topic as the language of trust changes. According to IDC’s 2019 CEO Survey, digital trust programs are the most important agenda item in the next 5 years. Improving their own trust program and reputation isn’t the only trust element that business leaders are interested in; they are increasingly aware of the importance of their technology suppliers’ reputation as well. 90% of CEOs consider trust between their organization and their technology suppliers as either “extremely important” or “very important.”
Business leaders and technology suppliers need to evolve their understanding of trust and how to achieve it to succeed in the digital economy.
The Future of Trust Defined
Trust, in its basic form, is a condition that (1) enables decisions to be made (2) between two or more entities (3) with a level of confidence in quantifiable risk and subjective reputation for an exchange of mutual benefit to occur. Traditionally, trust as is applied to business centered on a conversation around security.
The future of trust means that trust is now an up leveling of the security conversation to include attributes such as risk, compliance, privacy and even business ethics. These elements transform the conversation from what “must” a company do to prevent negative outcomes to what “should” a company do. Thus, traditional approaches to security, risk, compliance and privacy are facing challenges both in scope and scale.
The Five Elements of Trust
There are five elements of trust to consider when addressing the changing requirements of trust. Each of these elements build upon each other to create a hierarchy of trust needs. Addressing all five of these elements empowers organizations to achieve trust outcomes that advance the entire organization. From the ground up, here are the five elements of trust:
Risk is the foundational layer of trust. Risk is a function of visibility and the likelihood and impact of some outcome occurring. Any outcome, positive or negative, could impact confidentiality, integrity, availability, productivity or revenue.
Defining an appropriate set of “unwanted outcomes” is a crucial step for organizations to take, as it drives the entire risk assessment and abatement process.
The risk formula is a blueprint for identifying the less desirable things that might happen, and a simple way to think about how enterprises can address risk and ultimately elevate trust.
However, in the future of trust, organizations need to go beyond the classic definition of risk. They need to think about visibility and transparency: the need to assess the internal and external environment to assess even potentially hidden or unknown dangers to trust. For instance, a loss of market share because of a failure to address the social responsibility requirements of customers doesn’t include a classically defined security threat actor. A formula that includes transparency recognizes the importance of assessing every possible factor or action that could reduce or improve internal or external trust.
Once enterprises have built their trust foundation on a continuous assessment of risk, they can begin to tackle the compulsory or “must-do” items of trust. One of these compulsory items is the second element of trust: security. Protection of IT assets, regardless of whether they be data, application, network or device is a fundamental requirement, one that is usually made compulsory by an enterprise’s technology or legal department. Failure to protect these assets can result in disastrous, highly publicized breaches that can cause customers, partners, and stakeholders to lose trust in your organization – and for your organization to lose competitive advantage and profits.
Regulatory and policy compliance are described as other “must dos,” as they are requirements to do business. As described above, protecting IT assets is critically important to trust, and Protection of IT assets, regardless of whether they be data, application, network or device is a fundamental requirement, one that is usually made compulsory by an enterprise’s technology or legal department. For example, organizations accepting payment cards must comply with the Payment Card Industry Data Security Standard (PCI DSS) or lose the ability to receive payments through credit or debit cards. Complying with that standard, including creating procedures and undergoing regular assessments, is a requirement of doing business. Regardless of where the demand comes from, compliance will continue to be a part of the future of trust.
What enterprises must understand is that these compulsory requirements (security and compliance) will only grow as the threats to Trust expand. Regulations, standards and oversight requirements are not going to shrink and failure to comply with them is a twofold risk: compliance often offers some protections against threats and bad actors, and failure to comply incurs costs and penalties (including loss of brand trust if that failure becomes public).
4. Ethics and Social Responsibility
With a strong foundation and close attention paid to compulsory elements, organizations can now focus on the strategic elements of the future of trust that create true competitive advantage. Focusing on ethics and social responsibility is a shift in perspective; while the earlier elements enable organizations to identify, anticipate, and avoid negative outcomes, ethics and social responsibility offer an opportunity to create positive outcomes.
Consumers are actually willing pay a premium to gain insights and information about the products they consume. By being transparent about business decisions such as supply chain, your organization can gain competitive advantage. French retailer Carrefour discovered this when they created a blockchain network to show how their poultry products move from farm to store. Consumers are increasing their purchases of Carrefour poultry as they can track its movement and see that it is being ethically sourced and produced.
Like ethics and social responsibility, focusing on customer/stakeholder privacy is an opportunity to leverage trust elements to create positive organizational outcomes. Demonstrating that protecting your audience’s data and rights is a priority engenders goodwill with consumers, who are more likely to stay loyal to brands that demonstrate high trustworthiness.
Creating Trust Outcomes through the Elements of Trust
Since the future trust environment introduces new elements that go beyond the traditional ideas of security, risk, and compliance, IDC proposes three new outcomes: Trusted Enabled Commerce, Trusted Ecosystem, Trusted Governance. Trust is about maximizing return, creating a differentiated impact on revenue, expenses and shareholder value.
IDC will explore in greater detail what these new trust outcomes deliver to the organization, and how to achieve competitive advantage through them. Look for our latest research out later this spring.
Ready to Pursue the Future of Trust?
The future of trust offers opportunity for both technology suppliers and business leaders to compete in the digital economy. Technology suppliers need to remember that these three elements should not be approached individually; they are arranged in a hierarchy that builds to sustainable business value.
At IDC, we believe the future of trust is a critical component for the CEO’s new agenda and a differentiator in the digital economy. That’s why it is one of the nine new research practices we are launching this year. Learn more about the future of trust and the value it can create in our latest research “Future of Trust: Defining Trust”: