Cyber security: Can businesses put a value on trust?

Who can you trust in a digital world? The most dispiriting part of the technology revolution is the growing lack of trust felt by individuals and businesses as a result of cyber security threats.

For example, I learned this week that HP is being asked by some large customers to provide legal assurances that its products do not have backdoors – the IT giant even received such a request from a Nato country.

When one global financial services firm held an executive meeting in a Middle East country, its security chiefs were so concerned about industrial espionage, they transported an entire office communications setup from the US – but even then found they were not allowed to bring their Cisco routers into the country and had to source them locally.

While anybody with knowledge of the information security world will see such concerns as understandable, surely we should ask ourselves why we have allowed trust to deteriorate to such an extent.

Awareness of state-backed hacking and the Edward Snowden revelations about internet surveillance are important stories, but have helped to create a culture of distrust that will be increasingly difficult to reverse.

We seem to have accepted that, to do business in the digital world, you have to assume you trust nobody. But at what cost?

Companies are recognising the need to spend money on cyber security, but it is seen as a cost. How, instead, might they put a value on trust? How much more business might you be able to do by using technology as a way to gain the trust of your customers? What is the economic value to governments of making their country an internationally respected place for trusted digital business?

UK Cabinet Office minister Francis Maude said this week that the government’s cyber security strategy aims to “make the UK one of the safest places in the world to do business and ensure that our economy and society continues to benefit from the ongoing digital transformation.”

That is absolutely the right justification for the government plan – but how much is it undermined by Snowden’s revelations about GCHQ snooping?

Royal Bank of Scotland learned the cost of losing trust with a £56m fine for technology failures that prevented customers accessing their money. How much value would the state-owned bank gain from becoming a digitally trusted institution?

Building trusted technology will still cost, and will still need to use the same security systems and risk management methods – but it could represent an important change in mindset and corporate culture. Could the business benefit of trust be the key to putting extra cash into information security budgets to better address those risks?

The IT industry has become used to responding to fear of cyber threats. How much better would it be for everyone if it focused instead on helping its users in building trust.