DIGITAL TRUST SURVEY REPORT 2022

We are quickly transitioning from an in-person world to an always-on, digitally connected world. Digital transformation is driving this. So has the pandemic. But how do we establish trust in this new world? How do we:

• Make sure the people (and devices) we’re connecting with are legitimate?
• Know that the data we consume is safe?
• Ensure we’re not subject to security breaches or denial-of-service attacks?
• Make sure the applications and services we run haven’t been compromised?

It isn’t easy. This new world has vastly expanded threat surfaces, and the costs of lapses in security have exploded. Especially when you consider that beyond legal, regulatory and remediation costs, the biggest cost may well be a loss of customer loyalty and the company’s brand. A Forbes Insights report found that nearly half (46%) of all organizations have experienced reputational and brand damage due to a third-party security breach¹.

This has thrust the issue of digital trust into the foreground. According to Jennifer Glenn, Research Director for IDC, digital trust is the foundation for securing the connected world and necessary for organizations looking to ensure that its customers, employees and partners can be confident that online business processes and interactions are secure.

In essence, digital trust provides the freedom to fully participate in the digital world.

DigiCert, the leading global provider of digital trust, enables individuals and businesses to engage online with the confidence that their footprint in the digital world is secure, has a stake in better understanding how global organizations perceive digital trust and how far along they are in their digital trust efforts.

The DigiCert 2022 State of Digital Trust survey explores where enterprises, employees and consumers around the world have embraced digital trust.

Digital Trust Matters

The need for digital trust has struck a chord with the respondents, as 100% of enterprises say digital trust is important and most (90%) say it is extremely important. So important, in fact, that nearly two-thirds have switched vendors after losing trust in that vendor. And nearly all (99%) enterprises believe it is possible that their customers would switch to a competitor if they lost trust in the enterprise. Nearly half (47%) believe that outcome would be likely.

Enterprise employees are also all-in on digital trust, with 100% saying it is important, and 86% saying digital trust is extremely important. In their roles within the enterprise, 99% would consider switching vendors if they lost trust, with about half (51%) saying switching would be “likely.”

And, finally, two-thirds (68%) of consumers say digital trust is important, with a third (36%) saying it is extremely important. In fact, half (47%) have stopped doing business with a company that lost their trust in the past. Going forward, 84% would consider switching, with 57% saying switching would be likely. Notably, the wealthier consumers are, the more they say digital trust is important (58% of consumers with above-average income say digital trust is important).

Figure A. 

Figure B.

-----------------------------------------------------------------------------------------------------------------------
¹The Reputational Impact of IT Risk – Forbes Insights

The Importance of Digital Trust Varies

Enterprises, employees and consumers agree that digital trust is important, but how important depends on a variety of attributes.

For enterprises and employees, Latin America lags in terms of feeling digital trust is extremely important. For consumers, APJ and EMEA lag. That 26% of EMEA consumers say digital trust is extremely important was surprising, given the strict EU GDPR laws enacted in 2018.

Not surprisingly, financial firms are the most likely to say digital trust is extremely important

For consumers, digital trust is more important for males than females.

Also, digital trust matters far more to consumers with above average income.

Finally, something that liberals and conservatives can agree on! Both are more likely to say digital trust is extremely important.

Interestingly, the two youngest generations (and the only digital natives) are the least and the most likely to say digital trust is extremely important.

What is driving the interest in digital trust?

There is universal interest in digital trust, but why? What is driving this interest? We found a wide range of factors.

Growing Importance of Data. According to respondents, this was the top driver. Why? Because data is growing at a compounded rate of 23%². To put it another way, it took 70 years for the world to amass 97 Zettabytes of data at the end of 2021. By 2025, just four years later, the world will almost double that (174 ZB). That’s more than 20,000 gigabytes for every person on Earth by 2025!

It isn’t just the amount of data, however, but how important this data is. The data contains troves of personally identifiable information, such as what we buy, the sites we visit, our health records, social media, photographs and so much more.

Increasing Threat Surface. The enterprise has transformed its relatively static networks of data centers, offices and remote sites into far more complex hybrid networks. These new networks connect data centers, offices and remote sites, while adding thousands of work-from-home sites, multiple clouds, digital devices, edge networks and IoT devices.

In this new edgeless network, there are orders of magnitude more attack points.

Customer Expectations. As we saw in the last section, 100% of businesses and 68% of consumers rate digital trust as important. Each are likely to switch to a competitor if they lost trust in an enterprise. Digital trust has become an existential asset.

Increase in Bad Actors. The number of bad actors grows each year.
These include:

• Black hat hackers
• Cyber criminals
• Cyberterrorists
• Hacktivists
• Inside actors
• Nation-state actors
• Thrill seekers and trolls

Evidence of the growth of bad actors can be seen by the record number of complaints the IC3 received in 2021: 847,376 reported complaints, which was a 7% increase from 2020³.

-----------------------------------------------------------------------------------------------------------------------
²Big Growth Forecasted for Big Data - IDC
³FBI Internet Crime Complaint Center (IC3)

What is at stake?

What are enterprises protecting? 100% of enterprise respondents cite customer loyalty as important. This makes sense when you consider how likely customers are to switch to a competitor if they lose trust in a company.

Respondents told us the types of attacks they fear most are (in order):

Enterprise employees have a different concern: Their personal information.

And, finally, consumers have a wide range of concerns:

We wondered whether enterprises were on the same page as consumers in terms of helping protect what matters most to consumers (passwords, personal identifiable information (PII), etc.). Virtually all attacks that compromise consumer data start with email attacks⁴. Yet, with all that enterprises do to protect consumers, they rated protecting against phishing attacks as second from the bottom in terms of how they are doing. Furthermore, they rated phishing as the attack they are most concerned about.

So, while enterprises are focused on what matters most to consumers, they have a long ways to go to achieve the level of security consumers would like to see.

How are enterprises optimizing digital trust?

Enterprises are engaged with digital trust. The typical organization began working on digital trust two to three years ago and has completed 75% (or more) of the journey so far. The typical organization will complete its digital trust journey in the next one to two years.

There are many facets to digital trust. We dove down further to see where enterprises were further along.

Digital Trust Goals: Enterprises clearly stated that their top goal for digital trust is customer loyalty. 100% rated this goal as important, making it the enterprises’ top goal. But there were other goals as well.

Digital Trust Challenges: Enterprises are well along in their digital trust journey, but it hasn’t been easy. The number one challenge IT cited was managing digital certificates, rated as important by 100% of enterprises. Regulatory compliance and handling the massive scope of what they are protecting was a close second, at 99%. Rounding out the challenges are complexity — securing a complex dynamic, multi-vendor network — and a lack of staff expertise.

Digital Trust Practices: A wide range of initiatives can affect an enterprise’s digital trust. Most enterprises are at least somewhat involved in these initiatives, but it is helpful to see which initiatives enterprises have already fully implemented.

At the top is device identity and operations security, now fully implemented now by 74% of enterprises. Zero trust policies are next in line but they are only fully implemented by 58% of enterprises. The only other initiative implemented by more than half of enterprises (55%) is certificate lifecycle manager. Rounding out the list were:

HOW ARE ENTERPRISES DOING WITH DIGITAL TRUST METRICS?

Enterprises are doing quite well across a broad set of digital trust goal metrics. Take their top goal (customer trust) for example. 98% are doing well with this goal (with 61% doing extremely well). They are also doing well with preventing breaches (95%, with 51% doing extremely well) and identity-based attacks (94%, with 50% doing extremely well).

In fact, in eight of ten of the metrics we studied, at least seven of eight enterprises said they were doing well. It was only preventing phishing or other email-based attacks and eCommerce website performance and availability that fell behind (76% and 60% respectively).

-----------------------------------------------------------------------------------------------------------------------
⁴Why Your Business Needs Better Email Security - Guardian Digital

LESSONS FROM THE DIGITAL TRUST COGNOSCENTI

As seen in the last section, enterprises seem to be doing quite well in their digital trust efforts. We wanted to see if this was universally true, or if there were groups of enterprises that did significantly better or worse than average.

To explore this, we scored their answers to the metric questions:

Scoring Guide

• Extremely poorly               -2
• Somewhat poorly             -1
• Neither poorly nor well     0
• Somewhat well                +1
• Extremely well                  +2

We then added three individual scores to create a total score for each respondent. We divided the respondents into three tiers:

Enterprise Digital Trust Tiers

• Top tier (scores were in the top third of all respondents)
• Middle tier (middle third)
• Bottom tier (lowest third)

This tiering exposed some dramatic differences between the very best enterprises (the top tier) and the very worst (the bottom tier).

How Much Better?

It is axiomatic that the top tier is doing better with the digital trust metrics, since that is how we divided the respondents into tiers in the first place. But what’s interesting is just how much better the top tier is doing than the bottom tier. For example, three times as many top-tier enterprises report doing well with eCommerce website performance and availability, and 2.9 times as many say they’re doing well at preventing phishing or other email-based attacks. The top tier ranges from 10% better to 300% better in every metric:

Why is the Top Tier Doing So Much Better?

There are a variety of striking differences between the top tier and bottom tier that are driving these big differences in digital trust outcomes:

• Attitudes: The top tier is four and a half times as likely to believe a loss of customer trust will lead to a loss of that customer. They are also more likely to believe that digital trust affects their brand, sales and margin. In addition, they are also 5.6 times as likely to say they would switch partners if they lost trust in that partner.
• Earlier Start: The top tier is further along in their digital trust journey and will complete that journey much earlier than the bottom tier.
• More Concerned about Cyber Threats: The top tier takes cyber threats much more seriously. The top tier is 1.5 to 2.3 times as likely to be concerned about cyber threats.

More Engaged with Common Cyber Safeguards: The top tier is up to three times as likely to be engaged with important cyber-security safeguards.

DigiCert's Take

DigiCert, the leading global provider of digital trust, which enables individuals and businesses to engage online with the confidence that their footprint in the digital world is secure has been involved in digital trust from the earliest days. Our advice for companies wishing to emulate the success demonstrated by the top-tier “Digital Trust Cognoscenti” is to consider doing the following five things:

This falls in line with a notable study by Bain & Company⁵ which found that increasing customer retention rates by 5% increases profits by 25% to 95%. Given how likely customers are to leave a company if they lose trust in them, maximizing digital trust should be a mandatory activity.

-----------------------------------------------------------------------------------------------------------------------
⁵Prescription for Cutting Costs – Bain & Company