Today we as consumers face countless digital touchpoints with organisations we deal with and are increasingly aware that our data is being collected for analysis and business decision making. This is often understood as a trade-off, with us gaining the benefit of the latest technology, more personally tailored services, or, for example, discounts or rewards in exchange for sharing information.
However informal this arrangement is, we demand a high level of digital trust. We expect organisations to act with honesty, integrity, and transparency in the way they handle our personal information, and that appropriate cyber security controls are applied to mitigate the risk of a breach. Adding to this perspective, politicians and regulators are challenging and shaping corporate behaviours when it comes to digital trust to protect consumers across all sectors. This all means that digital trust is not just an issue for management, but it should be firmly on the boardroom agenda.
To support the board on leading a robust approach to digital trust, it helps to put quantifiable measurements around the organisation’s digital trust programme. This can highlight the real impact of a potential trust breach, help to benchmark the effectiveness of the programme for improvements, and give tangible insights to the board for decision making.
The importance of digital trust
Digital trust is essentially about the confidence stakeholders have in the ability of an organisation to use digital technologies while protecting their interests, and while upholding societal and regulatory expectations and values. A digital trust programme will always be multi-disciplinary, typically including a focus on cyber security, data privacy, ethical and responsible use of data, and accountability and governance of data. This works best when security and privacy are treated as a “golden thread”, woven through the entire business as well as along the value chain of partners. It should underpin processes, governance, and culture, to become much more than a compliance driven exercise.
The top three benefits of increased trust identified in KPMG Cyber Trust Insights 2022 study were improved profitability, better customer retention, and stronger commercial relationships (see figure 1). Digital trust aligns with the fact that consumer awareness of environmental, society and governance (ESG) factors is making them even more conscious of the values sitting behind the organisation's that they choose to spend money with. In a world of choice, a lack of digital trust can mean that consumers and partners will take their business elsewhere.
Elevating digital trust to the board
One challenge is that the majority of organisations (65 percent) in KPMG 2023 Cyber Security Considerations report that information security requirements are shaped by compliance needs rather than long term strategic ambitions. To mitigate this, the best results for a digital trust programme are likely to come when it is on the board agenda, setting the tone for the rest of the business. If the board has digital trust in sight, there is a stronger chance that it will be integral to strategy.
An effective way to make digital trust resonate with the board is to measure it and demonstrate its financial impact on the business. Measuring digital trust also gives benchmarks for performance, so that it is easier to see what is working, what isn’t, and where improvements need to be made to make it more effective. Measurement also supports boards with strategic decision making and investment planning.
Measuring digital trust
In the event of a cyber-attack, there is often an impact on digital trust. Quantifying most likely and worst-case impacts however can improve the organisations understanding of cyber risk exposure and help with planning. There are various metrics you for measuring digital trust and it can be helpful to distinguish upfront which of those can be quantified and have direct impact financially, compared to those that are secondary impacts. A simple way to distinguish the different types of metrics are as follows:
- Quantifiable benefits with a direct impact on the organisation’s finances – typically measured through sales and revenue e.g., customer lifetime value, brand perception on supplier influence.
- Quantifiable benefits that do not have a direct financial impact on the organisation – typically measured through key performance indicators e.g., customer satisfaction or net promoter scores, engagement with digital channels such as website traffic.
What is certain, and possible to quantify, is the impact that trust has on customer experience. As part of one of the largest studies of its kind, KPMG measure customer experience on a global scale via the Customer Experience Excellence Centre. At the heart of this programme are the Six Pillars of customer experience and arguably the most important of these is ‘Integrity’. As interactions continue to from physical to digital channels, trust in those channels is at the heart of how customers perceive integrity. In 2023 in the UK market, ‘Integrity’ was the largest driver of NPS, which is most commonly accepted measure of customer experience and loyalty, accounting for over 20% that score. This means is that a successful cyber-attack can have a long-lasting, potentially irreparable impact on how customers feel about doing business with you. Conversely, demonstrating integrity in your digital channels can significantly boost positive word of mouth, loyalty and therefore market share.
Making measurement simpler
Measuring the robustness of digital trust may sound difficult, but through quantification of monetizable metrics you can identify if programme improvements are making a difference to reducing risk. Transparent metrics on digital trust helps the board understand risk and prioritise mitigation strategies aligned to the overall business strategy. It is also important to consider measuring outcomes that are important to the business from a qualitative perspective. A strategy for measurement should be agreed upfront, as we cannot measure everything, and it doesn’t make sense to invest our efforts into trying to measure everything.