digital trust framework

How Could a New Digital Trust Framework Help Your Business?

Digital trust is the foundation on which modern organisations are built. It could be trust between employee and employer, between one organisation and its partners/suppliers, or trust between a business and its customers. Whatever the dynamic, trust is critical to maintaining and deepening these relationships. Yet when it comes to organisations and their customers, digital trust is hard won but can be easily lost.

At a time of stiff macro-economic headwinds and fierce competition, it’s never been more important to build that trust. McKinsey estimates that those best positioned to build digital trust are more likely than others to see annual growth rates of at least 10% on their top and bottom lines. This is why IT and business leaders should be interested in a new framework from IT governance professional association, ISACA.

Why Digital Trust Matters

Digital trust, in essence, is about being confident in the integrity of relationships and transactions within a specific digital ecosystem. The World Economic Forum (WEF) suggests three core pillars to this:

1. Security and reliability.
2. Accountability and oversight.
3. Inclusive, ethical and responsible use.

According to ISACA, digital trust done right can help to build corporate reputation, deliver more reliable data for decision-making, improve customer loyalty, and ensure fewer privacy breaches and cybersecurity incidents. It’s no surprise that many organisations are hiring Chief Trust Officers to accelerate such initiatives. But why now?

We live in a digital age, where many of us use connected technologies to shop, socialise, work, learn new languages, and manage our finances and health. But because consumers are arguably more detached from these organisations than ever before, they need assurances that they can be trusted. The more choice we have of prospective digital providers, the more important these assurances become.

The WEF believes it is more accurately the result of Web3 – a catchall term referring to the next iteration of the web, and characterised by blockchain and user-generated content.

“When was the last time your organisation redefined the concept of trust? Who’s in charge of reviewing, redefining and reconstructing trust?” it asks. “If you’re looking around and not seeing anyone yet, you should be concerned, but you are not alone.”

At the same time, threat actors are doing their best to undermine our faith in digital services. UK businesses are investing billions in digital transformation each year in a bid to improve customer experience and operational efficiency. But in so doing, they’re also expanding their cyber-attack surface through cloud infrastructure and applications, extended supply chains, use of open-source software components, AI tools, web-based communications and much more. One security vendor blocked over 85 billion cyber-threats in the first half of 2023 alone. Even this is likely just the tip of the iceberg.

Regulators have responded over recent years with a string of new laws and rules designed to enforce minimum security and privacy standards and empower consumers to make better-informed decisions about who to trust. These include the GDPR, NIS2, CCPA, PCI DSS, DORA and more.

What Does DTEF Offer?

Now comes ISACA’s Digital Trust Ecosystem Framework (DTEF) – designed to help organisations understand what they need to do to increase their trustworthiness and reputation. Focused on the core components of digital trust – integrity, security, privacy, resilience, quality, reliability and confidence – it aims to assist businesses in several ways:

  • Secure use of technology
  • Increased collaboration
  • Reduced reaction times to unforeseen events
  • Greater focus on brand management
  • Working towards improved financial performance

 

“The framework has several benefits, such as reducing the risks of financial and non-financial impact from data breaches and regulatory fines, which therefore decreases unexpected business costs. It also allows businesses to leverage emerging technologies more effectively,” DTEF lead developer, Rolf von Roessing, tells ISMS.online.

“The framework also helps businesses to reduce their reaction times to unforeseen events by prompting strong cross-functional collaboration and staying ahead of emerging trends in the digital space, which will drive operational improvements in services, processes and structures. In turn, this deepens customer loyalty by making the business’s products and services more reliable and reducing the likelihood of adverse events – prioritising transparency and clear communication with customers.”

When it comes to emerging technologies, DTEF is designed to help organisations manage the tension between early adoption and implementing tech ethically and responsibly, he adds.

“The DTEF exists to help businesses increase their competitiveness and take advantage of the operational efficiencies of new technologies like AI in a secure and responsible way, being mindful of the cultural and human factors,” von Roessing explains.

“The flexible nature of the framework means organisations can align their business objectives with AI and determine what trust factors and practices they need to prioritise when implementing the technology. The DTEF further supports governance, risk management and compliance in AI, specifically with a view to emerging regulations and legislative initiatives.”

Mapping to Existing Frameworks and Standards

DTEF also maps to several existing standards and frameworks, including ISO 27001, COBIT 2019, ITIL v4, IT4IT, NIST 800-53, NIST CSF 2.0, NIST Privacy, NIST RMF, PCI DSS and the GDPR. Yet given that these already provide organisations with a useful foundation for digital trust, why do they need yet another framework?

Von Roessing’s vision is for DTEF to integrate seamlessly with these efforts, enabling activities to be viewed through a digital trust lens across six core areas: Culture, Emergence, Human Factors, Direct and Monitor, Architecture, Enabling and Support.

“For example, a business may implement ISACA’s COBIT framework to monitor and improve their IT management best practices. The DTEF would act as a layer on top of this which ensures those IT management practices have digital trust practices embedded into them,” he explains.

In time, a growing number of organisations may look to embrace “digital trust by design” in a similar way to their adoption of “secure-by-design” approaches today. It could mean the difference between business success and failure.

 

Explore ISMS.online's platform with a self-guided tour - Start Now