Once a cornerstone of the digital promise, trust has been undermined by corporate misuse, data breaches, disinformation, and the growing realization that what we see online might not even be real. The effects are far-reaching, touching not only our interactions with technology, but also our relationships with each other and the world around us. Business leaders need to recognize the trend and take steps to respond.
Digital trust—the confidence we place in online platforms, services, and technologies—is declining. Data from the Pew Research Center in 2023 showed 72% of Americans have little to no understanding about the laws and regulations that are currently in place to protect their data privacy, an increase of nine percentage points since 2019. Among those surveyed with a college degree, 70% were skeptical that anything they do to manage their online privacy will make a difference.
The Crumbling Foundations of Digital Trust
The digital world was built on the assumption that the platforms we use would act responsibly. Yet, recent history reveals a series of breaches—both of data and of trust. High-profile scandals like Cambridge Analytica’s misuse of Facebook data demonstrated how personal information could be weaponized for profit or political gain.
A study by PwC identified a trust gap between companies and their customers: while 90% of business executives believe customers highly trust their company, only 30% actually do. The delta has grown from 57 percentage points in 2023. Social media companies in particular are struggling to gain consumer trust as users feel their personal information has become a commodity, traded and exploited by algorithms and corporations that rarely prioritize their interests.
When we’re given the rare opportunity to exercise choice about the trust users put in online businesses—such as cookie consent forms mandated on European websites—many users choose skepticism. They opt out of tracking and data sharing, a subtle rebellion against platforms that typically demand trust in exchange for their services. However, one recent study found 65% of websites tested continued to use tracking cookies even after the user had explicitly opted out.
This reality prompted the World Economic Forum to call the Chief Trust Officer (CTrO) role “The next C-Suite role that every company needs” and posed a simple question to business leaders: “Who’s in charge of reviewing, redefining and reconstructing trust?” Many companies, even two and a half years after the article was written, would be unable to provide an answer, and relatively few organizations have heeded the advice to create a CTrO position.
From Implicit Trust to Zero Trust
Perhaps the quickest way for a company to lose the trust it has earned is in the aftermath of a data breach. But despite ‘breach fatigue’, where users are no longer shocked by breaches, only disappointed, 66% of U.S. consumers said they would no longer trust a company that had a data breach.
One of the biggest trust challenges companies face relates to cybersecurity. For years, access to accounts, applications, databases and information has relied on the implicit trust in a username and password combination. Provide the right access credentials, and you essentially have the keys to the kingdom. Hackers have exploited this weakness ruthlessly for decades. A breach can be devastating and recovery often takes years.
It should therefore come as no surprise that the cybersecurity strategy being widely adopted by large companies around the world is called ‘Zero Trust’. Zero Trust assumes that no user or application can be trusted by default, requiring constant verification. While effective at protecting networks, it’s also a telling reflection of our times: trust is no longer given; it must be continuously earned. Every interaction requires verification, every connection demands scrutiny.
A Zero Trust architecture makes it significantly harder for cyber attackers to steal data, but it also builds trust with third parties in a vendor ecosystem. If suppliers implement Zero Trust in their environment, the likelihood of a breach that disrupts customers is significantly lower.
A Crisis That Demands Action
Rebuilding digital trust will be a long road, but C-suite leaders can take immediate steps to make a difference for their customers.
Communicating clearly about data collection and usage is key. X, formerly Twitter, recently revamped its privacy policy to highlight six common areas of concern, including the data collected, how it is used, and how users can update their privacy settings. This allows users to get the highlights even without reading the full policy.
Next, taking steps to minimize the likelihood of a breach by deploying a Zero Trust architecture, and prioritizing relationships with third-party suppliers that do the same, pays dividends. The approach simplifies networks by removing firewalls and VPNs, which are often the source of breaches, and reduces the risk of financial, operational, and reputational damage of an attack that can affect consumer confidence for years.
Last, leaders must prioritize digital literacy among employees. Security awareness teaches us how to avoid phishing and other common threats, but now equip employees with the skills to navigate a complex digital landscape, including how to critically assess sources, spot deepfakes and disinformation. Fake news, manipulated videos, and AI-generated deepfakes each pose real risks to businesses.
Of course, for meaningful change, a concerted effort from government, industry and individuals is required, and that seems unlikely in the short term. But, as highlighted in the Harvard Business Review in 2015, companies that give customers control of their personal data and offer fair value in return for it, will not only be trusted, but will earn ongoing and expanded access. In a world where customer data is a source of competitive advantage, gaining consumers’ confidence will be key.