Trust lacking in the security world

Trust is a commodity much valued in the channel, taking time to earn but sadly seconds to lose, and nowhere is it more important than in the security space.

Trying to quantify the importance of trust is a task that Brother looked into last week and which has now been covered in the Cybersecurity trust reality 2026 report from Sophos.

The headline findings are that only 5% of customers fully trusted their cyber security vendors, leaving the industry and channel partners with the challenge of changing the attitudes of the other 95%.

The report indicated that one of the issues for customers was the difficulty in assessing the trustworthiness of potential and existing partners. As a result, 51% of respondents said they fear being victims of a cyber attack due to a lack of trust between user and supplier.

Without trust, customers reported increased oversight requirements and reduced peace of mind, with less than half indicating that they would be prepared to switch vendors – despite that being expensive and disruptive – to improve the situation.

Customers were looking for “verifiable artefacts” to gather evidence to establish a vendor’s trustworthiness and wanted to access detailed information to establish those facts. Complaints from those surveyed indicated that the data made available was often too vague.

The lack of information made it difficult to both compare products, validate the claims made by vendors and their partners, or to get a sense of if the chosen supplier could really protect the users’ business.

“Trust is not an abstract concept in cyber security, it’s a measurable risk factor,” said Ross McKerchar, CISO at Sophos. “When organisations can’t independently verify a vendor’s security maturity, transparency and incident handling practices, that uncertainty flows directly into boardrooms and security strategies.”

The need for trust is increasing, with the accelerated deployment of artificial intelligence (AI) increasing risks and the determination by bad actors to gain access to data showing no signs of diminishing. It is against this background that the Sophos report has highlighted a significant challenge of the industry and channel partners to be more transparent to foster the development of customer trust.

“CISOs are being asked to prove trust, not assume it,” added McKerchar. “Cyber security providers must do the same. Respondents to the survey cited a lack of accessible and sufficiently detailed information as the primary barrier to making confident trust assessments. Trust must be earned continuously through transparency, accountability and independent validation.”

As well as being a positive virtue, the need for trust is a key part of the compliance process, with users needing to know they can rely on suppliers when it comes to meeting regulatory requirements.

“With regulatory pressure increasing globally, organisations must be able to demonstrate due diligence in vendor selection – especially where AI is involved,” said Phil Harris, research director of governance, risk and compliance solutions at IDC. “Trust is shifting from a marketing message to a defensible compliance requirement.”