“Digital trust” is a hot topic at the moment—with McKinsey as the latest to dive into the term. The consultancy’s “Why Digital Trust Matters” report presents global research among business leaders and consumers, exploring consumer perceptions of digital trust, and the behaviours it motivates.
McKinsey defines digital trust as “the confidence in an organisation to protect consumer data, enact effective cybersecurity, offer trustworthy AI-powered products and services, and provide transparency around AI and data usage”.
And the report contains some tempting nuggets, such as the fact that organisations that build digital trust will be most likely to see both top and bottom line growth of at least 10%. Digital trust, it seems, has value.
The thing that particularly stood out from the report for me was the reported recognition and high value that consumers place in digital trust. McKinsey’s data suggests that 85% of consumers think that knowing a company’s data privacy policies is important before making a purchase. “Quantity of personal data required” also ranked equal to “speed of delivery” for importance in buying decisions.
Let’s park for now issues with the sweeping label of “consumers”; a word that purports to encapsulate every member of the buying public, as though they move and think alike. In the current climate, the number of consumers who can afford to make decisions based on trust rather than cost is probably quickly declining.
To me, this 85% who check reputation and credibility before divulging personal data or transacting seems like a strong case of optimistic self reporting. Consumers know this is an ideal way to behave but in reality we know that huge numbers of consumers are engaging with nefarious apps and careless businesses. Frankly, as consumers ourselves we should all recognise that we usually do not read the carefully crafted data protection policy information businesses serve up.
One of the big issues that we run into when trying to make these trust judgements is data and disclosure; information provided is not standardised, well reported or readily available. If we notice privacy statements at all it is because they frustrate our efforts at a smooth and quick transaction.
I would assert that the unrecognised actor in this report is brand. Consumers attribute digital trust to brands, which form a fast categorisation system for trust impressions. Without ever reading Microsoft or Google’s data protection policy, consumers trust them. The same goes for their established banking brand, although there will perhaps be a level of interrogation for newer companies; maybe HSBC rides an established brand trust which extends to the digital domain, while Revolut is still working on theirs and has to go above and beyond to outline data policies.
These branded perceptions of digital trust buy organisations time, but can clearly be revoked. McKinsey’s research shows that 40% of consumers have stopped buying from a company when it violated digital trust. When put alongside the 57% of executives that acknowledge experiencing a material breach in the past three years, this is obviously of critical importance.
Once you acknowledge that the digital trust perception exists within brands, then the discussion about building and retaining that trust becomes more complex. Because it is not just about companies doing the right things, you need to have an awareness that there are plenty of nefarious actors mimicking your brand to do the wrong things.
The most famous examples would be to think about the impact of DHL’s dubious accolade of being one of the most mimicked brands by cyber criminals. Or think of the long term impact on trusted cloud providers when bad actors present phishing pages that look like authentic corporate OneDrive login pages. If we put all our energy into building digital trust in these brands, do we not just make it more likely that consumers shortcut their own safety checks, giving the criminals that mimic them an easy pass?
Ultimately, there are a raft of things organisations can do to increase their digital trust, and I would assert that one of those things should be to encourage consumers not to trust. Promoting a “zero trust” approach to digital interactions