March 12, 2019

Is trust working for you or against you?

Duncan Brown

Trust is highly specific. You can trust me to help you select a single malt Scotch whisky, but you should definitely not trust me to select the wine for this evening’s dinner. So the key question around trust is, what am I trusting you to do?

When businesses report that trust has declined what does this actually mean? Because trust is individualised and precise, this type of generalised statement seems to be an oxymoron. In fact, it probably means that the instances in which trust has been betrayed are increasing, either because of some direct consequence – an individual or company has suffered a breach of trust – or because of a well-publicised breach of trust in a specific sector of business that then worries all similar companies in that industry.

Our study in partnership with Harvard Business Review Analytic Services would certainly suggest that these instances are indeed increasing, as it reports that nearly two-thirds (63%) of senior executives at large global enterprises state that trust among people, businesses and institutions has declined over the last two years.

There are a couple of key issues that I would like to explore with regards to trust. The first is the idea of Trust Events. These are the points in time where trust is tested: an organisation has suffered a data breach, or some other event has shown the spotlight. Facebook’s questionable ethics is an example of this. The main point here is that the mere fact of a trust event does not automatically erode trust. Rather, it is the reaction of the company to that trust event that determines whether trust is maintained or is lost. So, what is it that companies can and should do to maintain trust even in the event of a trust event? (Clearly, it is preferable that they avoid such an event but such a thing is increasingly difficult in the modern threat landscape.)

The second and related area to explore is, whether trust really matters. Many companies have had trust events, Experian, TalkTalk, Marriott, and so on. How do companies fare after a major trust event? A null hypothesis would say that, in fact, nothing much happens in the long term. TalkTalk lost 100,000 customers, but it had four million customers at the time. This means that only 2.5% of customers defected. Facebook has just posted record profits and usage numbers despite 2018 being a hugely challenging year for the company with regard to its ethical stance on data collection and usage. So there is an argument to suggest that while trust events are difficult to deal with in the short term, they have no lasting impact on business if a long view is taken.

If losing trust does indeed have negligible effects on business success, conversely, does maintaining trust make a difference? Our study with Harvard Business Review Analytic Services would suggest so. The report uncovered the concept of Trust Leaders, a group of companies who both demonstrated a C-Level commitment to trust, as well as being able to accurately measure the value of trust for their businesses. On deeper analysis, it is this group of trust leaders who have gained a competitive edge for their businesses – improving their ability to partner, increasing employee productivity and enabling innovation to occur.

Trust is a risk mitigation strategy, and questioning and addressing the relationship between trust and risk is fundamental. If I trust you, then I am more willing to transact with you because the risk is perceived as low. If you do something that breaks my trust, such as fail to deliver the goods that I have purchased, then my perceived risk increases (rapidly). In an employer-employee relationship, the employee trusts that the employer will pay them on time and treat them respectfully: the employer trusts that employees turn up on time and don’t harm the organisation, accidentally or otherwise. Companies deploy behavioural analytics because the risk of employees endangering themselves or the company has been measured as high or increasing. What kinds of things can result in this reassessment of employee risk? The increased value of data may be a contributor, especially if exacerbated by a compliance regime such as GDPR.

Behavioural analytics should have a positive impact on trust. Behavioural risk scores for the vast majority of employees should tend towards being low over time, and thus employees have a verifiable measure of the trust that their company should afford them.


Duncan Brown

Duncan Brown is Forcepoint’s Chief Security Strategist in EMEA, and leads the firm’s C-level engagement in the region. He advises customers on business strategy, and how this can be enabled and accelerated through the appropriate application of technology. He acts as adviser and coach to CISOs,...
Read more articles by Duncan Brown

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.