Photo: For the data streams to keep on flowing and be put to best use, many actors need to take responsibility for (re)building trust. (Photo: Unsplash)
The vast majority of technologies, processes and assumptions underlying the innovations that will lead to a more prosperous future rely on the use and flow of data. More and more information must be exchanged between the various actors in ever-growing ecosystems for the economy to continue to function. At the same time, however, the threats caused by cyberattacks or the misuse of data are increasing — and pose a threat to entire ecosystems. Even more important than the huge economic damage is the erosion of trust: the most valuable asset of modern societies and economies for their digital transformation.
Trust facilitates the processes that keep the ecosystem and its various relationships running. For these data streams to keep on flowing and be put to best use, many actors need to take responsibility for (re)building trust. To do so, they need to focus on one of the most important pillars of trust: cybersecurity. By developing a clear strategy for cybersecurity and data use, it will be possible to continuously build and renew the trustworthiness of ecosystems as a whole.
The erosion of trust versus the potential of data
Building trust has always been a fundamental imperative for any organization. This need, as well as the associated responsibility for fostering the mechanisms that promote trust, will grow more challenging as the scope of digital transformation extends. Edelman’s 2019 Trust Barometer — a survey of more than 33,000 respondents from around the world — showed that trust, especially as it relates to new technology, continues to erode significantly.
This widespread erosion of trust is as alarming as the potential of data to improve business and benefit society is enormous. Procter and Gamble, for example, is using real-time production and logistics data to make for more efficient production lines and a lower carbon footprint. Siemens gas turbines generate, on average, 30 gigabytes of operating data daily; smart evaluation of this data can determine when turbines require servicing, resulting in less downtime for customers. In public transport, massive data sets from sensors are used to support predictive analytics that will, in the future, ensure close to 100% reliable rail transport. These promising applications can improve many aspects of our lives and yield the benefits expected if we can trust the system enough (and the people responsible for building and running it) to share the data that systems thrive on.
Defenders of trust must then go beyond collaboration and beyond technical expertise in distrust to understand the relationship between security, transparency, responsibility and trust.
This is why every organization and its stakeholders (innovators, business leaders and users) must understand how to achieve and maintain a high level of trustworthiness. Effective trust-building requires clear ownership from those at the highest level, who must define a trust strategy and set overall priorities. A team of IT and cybersecurity professionals should define a comprehensive set of measures to continuously work on the organization’s trustworthiness. From external ratings to standards and shared practices, such measures will define what trust means in practice and what it is to be trusted. To this end, such teams will need to probe the depths of distrust to pre-empt harmful activity and become defenders of trust by understanding the risks to trustworthiness, such as lack of privacy or irresponsible data-sharing.
Such expertise, while important, must be balanced with the potential opportunities that arise through data exchange. An important risk to innovation, for example, could be data hoarding — because hidden data cannot be used for data-based business models or applications of any kind. One solution to this risk could be to clearly understand how to classify different levels of information, facilitated by regular training. Technical solutions would then include secured communication channels and a central logging and reporting service to gather and deliver operational and security data across the organization.
Collaborating across industries
This applies not only within individual organizations but across entire industries, where distrust threatens much-needed data-sharing between companies. Again, effective and transparent cybersecurity measures as well as collaboration play an important role. To assure others of their organizational security, thereby demonstrating trustworthiness, businesses need to assume greater responsibility for their own cybersecurity. Collaborative new ways of meeting this challenge across industries and geographies would mitigate this risk.
Collaboration can be achieved on various levels and by various means. One credible way is by actively participating in — not merely passively using — information-sharing and analysis centers (ISACs). ISACs and the closely related information-sharing and analysis organizations (ISAO) gather and share information on cyber threats, but they need commitment from companies to function optimally. Business leaders must recognize the importance of building trust and create a culture in which information-sharing is accepted and encouraged. Other options for collaboration include the World Economic Forum’s Platform for Shaping the Future of Cybersecurity and Digital Trust or initiatives like the Global Cybersecurity Alliance or Charter of Trust.
Defenders of trust must then go beyond collaboration and beyond technical expertise in distrust to understand the relationship between security, transparency, responsibility and trust. Good security is the foundational element of trust, but to build a viable system of trustful relationships, other aspects of trust need to be incorporated, including transparency and accountability. These values have to underpin any system aiming to foster the long-term, sustainable trust that supports the life-improving and transformative aspects of data-based business models.
Director of Information Security, Procter & Gamble at World Economic Forum
Bill Fryberger is a global information security leader with over 22 years in information security operations leadership, consulting and solutions design. Experience includes building cost-effective teams to deliver global information security operations, compliance, technology programs and systems aligned with critical business requirements and external industry regulations in large, multi-national organizations.
Global Coordinator for the Charter of Trust for Siemens at World Economic Forum
Kai Hermsen is the global coordinator for the Charter of Trust for Siemens. Previously, he headed the Siemens cybersecurity strategy and worked as project manager in Siemens Management Consulting in Germany and India. He has a background in business administration.
Head of Governance and Policy at World Economic Forum
Daniel Dobrygowski is the head of governance and policy for the World Economic Forum Centre for Cybersecurity, where he advises on strategy, law, and policy around cybersecurity issues. His research areas include privacy, election security, intellectual property, competition law, digital trust, and governance of new and emerging technologies.
The original article can be read at Brink website HERE.