3. 3
Introduction
For many companies—such as those in financial
services, healthcare and online services—digital trust
is central to the customer relationship. As consumers
rapidly adopt new devices, unprecedented levels of
personal information about consumers and their
habits, preferences, and households, is available
digitally to businesses and their partners. The amount
of information businesses can collect and leverage is
on the verge of exploding. For communications, media,
and technology companies, the expected growth of
the Internet of Things, which wirelessly connects
devices over the Internet, will only magnify the
importance of digital trust across these industries.
In this digital world, every business is a digital
business. Digital trust is the currency of today and
will be central to defining the high performers of
tomorrow. A breach of trust can quickly result in
harmful business consequences such as consumer
alienation, brand erosion and churn. Many leading
communications, media and technology companies
recognize the dual importance of building digital trust
both as a company, and as an enabler of the overall
digital economy, making it critical for all companies in
these industries to act now or be left behind.
4. The Four Keys to Digital Trust
Fundamental to building digital trust is gaining clarity
and consensus on its discrete components. In the
context of information technology and the business
use of consumer data, Accenture defines digital trust
as the confidence placed in an organization to collect,
store, and use the digital information of others in a
manner that benefits and protects those to whom the
information pertains.
From the consumer’s perspective,
Accenture has defined four dimensions
of digital trust, each of which must be
satisfied to establish trust with a specific
brand (Figure 1).
Security
Information about me is being protected
against theft or unauthorized use.
Security must go beyond a password that
is both a burden and often falls short of
providing sufficient protection.
Privacy/Data control
I have control over who gains legal access
to my personal information, when they
get access, and what they can do with it.
This not only includes online behavior, but
also extends to privacy and control over
personal and household data collected
and shared by various devices via the
Internet of Things.
Benefit/Value
My data is not being used for the
exclusive benefit of the business holding
the data. The business is offering me
reciprocal benefits that are directly
relevant to the data the business is
collecting and storing, which means the
information is clearly necessary to the
service being provided.
Accountability
When I grant access to my information,
I know that this access will be used
responsibly and in my best interests. If it
is not, someone will take the responsibility
for the misuse or for the presence of
incorrect information about me and
promptly take corrective action.
4
Consumers, businesses and governments
all have a role in upholding the four keys
to digital trust:
Consumers
Consumers must continuously make a
series of context-dependent decisions
about how and where they share
personal data in order to fully protect
themselves. This goes beyond basic
anti-virus measures and spam filters.
It now includes concerns around social
networking identity theft, location
tracking, mobile commerce, and personal
and behavioral data tracking.
Businesses
Businesses must build and maintain
trust in order to position themselves
to offer and deliver new products and
services. Data is at the core of what many
communications, media and technology
companies provide to the market, and
thus they are at the forefront on the
issues of ensuring digital trust through
security, privacy, value, and accountability.
Government
Government must strive to stimulate
innovation and economic growth while
simultaneously protecting individuals
from harmful uses of personal data.
Meanwhile, governments are also in
the precarious position to reserve the
right to access the data for their own
benefits, while continuing to respect the
privacy of individuals.
Expectations and responsibilities around
digital trust are rapidly evolving for
consumers, businesses, and governments.
What was once a discussion around
IT security is now a much broader
responsibility for all stakeholders to uphold
privacy, deliver benefit in exchange for
the use of personal data, and remain
accountable for the use of data.
5. 5
Figure 1: Accenture Four Keys to Digital Trust
Security
Malware/Virus protection
Proactive data integrity/
Hacking prevention
Data permissions & User identity
Data encryption standards
Data access logs &
Key storage standards
Data connections (VPN, SSL, etc.)
Architecting resiliency
Self-governance
Reactive data integrity/
Legal resource
Global & regional
data standards
Government requisition
Accountability
Privacy/Data
Control
Company data policies
Third-party data sharing
M2M data sharing
Regional cultural
expectations
Government access
(e.g. NSA Prism)
Customer value
Services in-kind
Revenue
Brand value/Loyalty
Customer service
Benefit/Value
The Four
Keys to Digital
Trust
Source: Accenture analysis
6. The Current State: Digital
Trust is (Still) Negotiable
As communications, media and technology companies
work to earn consumers’ digital trust, a first step is
to assess where they stand today. Accenture’s Digital
Consumer Survey addresses the current state of digital
trust among consumers. The survey includes 23,000
respondents across 23 countries and demonstrates that
the majority of consumers are concerned about the
privacy and security of their digital personal data, leaving
considerable work for businesses to raise their trust.
Globally, only 45 percent of consumers
have confidence in the security of their
personal data. Trust in the security
of personal data varies widely across
the globe with developed markets
expressing less digital trust overall
(Figure 2). Consumers in emerging
markets, consisting mostly of the
growth markets of Latin America and
Asia, are more trusting, with 50 percent
having confidence in the security of
personal data compared to 41 percent of
consumers in developed markets.
80%
70%
60%
50%
40%
30%
20%
10%
Sample base: All respondents N=23,000
6
Digital trust also varies by age and
gender. Only about one in three
consumers aged 45 and older are
confident in the security of personal
information on the Internet. Furthermore,
female consumers are significantly less
confident than males overall in the
security of their personal information.
Figure 2: Confidence in Security of Personal Data
Percentage of Respondents in Each Country Confident in the Security of their Personal Data
72%
55% 54% 54% 53% 51% 51% 49% 49% 47% 47% 45% 45% 45% 44% 43% 43%
38% 36%
33%
29% 27% 26%
0%
India UAE UK Indonesia
Saudi
Arabia
Mexico
Australia
Spain
Brazil
South
Africa
Turkey
Canada
China
US
Russia
Italy
France
Sweden
Czech
Republic
South
Korea
Netherlands
Germany
Japan
Source: 2014 CMT Digital Consumer Survey
7. 7
Figure 3: Willingness to Share Additional Personal Data in Exchange for Additional
Services or Discounts
Percentage of All Respondents
If used by your provider only 67%
If complies with all data 62%
protection laws in country
If shared by your provider 28%
with a third party
0% 10% 20% 30% 40% 50% 60% 70% 80%
Sample base: All respondents N=23,000
Source: 2014 CMT Digital Consumer Survey
What is critically important for fulfilling
the benefit/value dimension of digital
trust is that digital trust is negotiable.
About two-thirds of consumers globally
are willing to share additional personal
data with digital service providers in
exchange for additional services or
discounts (Figure 3). However, only 28
percent are willing to share additional
personal data if that information is then
going to be shared with a third party,
highlighting the importance of the data
control dimension of digital trust.
The Importance of Trust is Magnified
by The Internet of Things
It is also critical to consider that, with
the anticipated surge of big data and the
Internet of Things, security and privacy
risks will increase substantially. IDC
expects the installed base of Internet of
Things units to grow from 9.1 billion in
2013 to more than 28 billion in 2020 at
17.5 percent annually.1 With the rise of
the Internet of Things, digital businesses
are increasingly positioning themselves to
leverage the data these devices produce
to offer a wide range of new services for
their customers. Vast amounts of data
about consumers will be collected, stored,
monitored, analyzed and, if possible,
monetized. Everything from connected
cars that track how fast consumers drive,
where they drive, and when they drive, to
connected TVs tracking what consumers
watch, record, and skip, means that data
will generate exponentially.
However, to rephrase Voltaire, with such
data, comes great responsibility. With
increasing volumes of personal data
being transported across the Internet
and between devices, trust is a greater
cause for concern. Aside from issues of
data ownership and transport, there are
challenges defining who is responsible for
ensuring that data is accessed, delivered
and stored securely.
8. Competing on Digital Trust
The company that can build a reputation for providing
valuable services while using consumers’ personal data
in trustworthy ways could have big advantages over
competitors. Strong digital trust could help brands
attract and retain customers, offer new products and
services and position themselves well within the larger
value chain of goods and services.
Furthermore, once a company captures
trust, it leads to a perpetual trust cycle:
consumers trust the brand and provide
more data; from the data the brand
creates more services, which establishes
more loyalty and leads to more trust,
which leads to more sharing of data.
Today communications, media and
technology businesses employ consumer
data to generate revenue in several ways:
• Advertising sold by companies such
as Google or Facebook can now be
highly targeted, taking advantage of the
information these companies maintain
about users and their interests.
• Amazon and Apple are great examples
of companies using consumer data
to cross-sell and up-sell by directing
customers to the products they are most
likely to be interested in.
• Leveraging the financial relationship
they already have with customers,
communications companies are well
positioned to use consumer data to
sell new services as well. For example,
one US operator has started a separate
information business using its geo-location
8
data.
As more and more information
becomes available, the market for
data monetization will be substantial.
Accenture estimates the global market
for monetization of data by telecom
operators in just a handful of applications
(retail audits, location-based advertising,
card fraud, etc.) was $22 billion in 2013
and could reach $37 billion by 2015.2
Brands that establish and maintain digital
trust with their customers will be in the
strongest position to benefit from these
new revenue streams.
The Complexity of Digital Trust
Indeed, digital trust is a sophisticated
problem to solve. It is highly influenced by
brand recognition and brand preference
and is thus difficult to isolate. It is also
not homogenous and therefore requires
targeted effort.
From our research, we highlight consumer
perceptions of a number of large
technology companies in three markets:
The United States, United Kingdom and
India. These countries represent a mix of
developed and emerging markets across
North America, Europe, and Asia; and the
brands analyzed are active in each country
with varying time in the market. Our data
suggests that technology companies have
the opportunity to build greater trust in
aggregate as well as with specific target
segments (Figures 4, 5 & 6).
Consumers trust their banks with their
personal data more than any single
technology brand. Among the technology
companies we queried, Google is the
technology brand trusted by the most
consumers, led by strong trust in India.
Amazon is the technology brand ranking
second in trust among the brands we
investigated, led by both the US and UK,
but lagging in India where it only recently
launched services. Facebook edges out a
cluster of other brands in digital trust.
Similar to the global data, males and
younger consumers in the US, UK and
India are significantly more likely to
trust technology brands with their
personal information. Females and older
consumers are more likely to trust banks,
mobile carriers and broadband carriers
(Figures 5 & 6).
9. 9
Figure 4: Digital Trust: Brands Trusted with Personal Data
Percentage of Respondents in India, U.K. and U.S. Identifying Each Brand (Up to 3 Brands Allowed)
5%
5%
7%
16%
15%
14%
19%
24%
29%
29%
28%
51%
0% 10% 20% 30% 40% 50% 60%
Bank
Broadband Internet provider
Mobile phone network provider
Google
Amazon
Facebook
Apple
Microsoft
Samsung
Sony
Wikipedia
Twitter
Sample base: N=3,000 “Don’t know” and “None of these” not shown
Source: 2014 CMT Digital Consumer Survey
Figure 5: Digital Trust by Gender
Brands Trusted with Personal Data – Indexed by Gender
Mobile network carrier
Bank
Broadband Internet carrier
Amazon
Samsung
Facebook
Apple
Twitter
Google
Wikipedia
Microsoft
Sony
Trusted More by Men Trusted More by Women
Sample base: N=3,000 “Don’t know” and “None of these” not shown
Data for each brand is indexed against that brand’s overall trust in Figure 4. For example,
among consumers who trust their mobile phone network carrier, there is a greater likelihood
that those consumers are women compared to the overall sample.
Source: 2014 CMT Digital Consumer Survey
10. Importantly, as brands gain consumers’
digital trust, that trust appears to carry
over to other affiliated companies. The
brands consumers trust the most are the
central brands they will leverage. For
example, consumers already use their
Facebook or Google account to gain
access to other sites and apps. In this way,
certain brands may become “digital trust
aggregators” – if consumers trust them,
they also will trust these brands’ partners
and what that partner will do with their
200
150
100
50
Sample base: N=3,000 “Don’t know” and “None of these” not shown
Data for each brand is indexed against that brand’s overall trust in Figure 4. For example,
among consumers who trust Twitter, there is a far greater likelihood that those consumers
are 14-24 compared to the overall sample.
10
personal data. These companies will be
positioned to negotiate with individuals
for the right to aggregate personal
information and make it available to other
companies. In communications, media
and technology, where companies play in
fluid ecosystems, those without a trusted
digital brand may struggle to attract the
partners they need. Conversely, a trusted
digital brand may carry greater influence
in the ecosystems that are formed.
Figure 6: Digital Trust by Age
Brands Trusted with Personal Data – Indexed by Age
0
Samsung
14-24 25-34 35-44 45+
Bank Mobile phone Broadband
Broadband carrier
Google Facebook Microsoft Apple Samsung
Amazon
Amazon
Twitter
Twitter
Sony Wikipedia
Source: 2014 CMT Digital Consumer Survey
11. 11
Agents of Action
Digital trust is no longer a question for the Chief
Security Officer, the CIO or the CTO. The stakes are
too high. Digital trust needs to be - and will be - a
CEO, Board and management priority in the emerging
digital world. While it is unlikely that Boards will
discuss Phishing3, Dancing Pigs4, or Honey Pots5, our
short digital history has shown that companies must
“walk the talk” when it comes to digital trust. Simply
consider the recent data breach at Target that resulted
in the resignation of the CEO and CIO.6
While some business functions may be
more closely involved in building digital
trust, the entire organization is impacted
(Figure 7). Communications, media and
technology companies must understand
the larger impacts of digital trust
across all customers and products and
undertake a cross-organization effort to
establish the appropriate measures to
ensure security, privacy and data control,
value, and accountability.
Security
Security has long been the domain of IT,
but the business is increasingly driving
digital interactions with consumers
and partners. In initially developing
security around digital data, most
businesses focused on IT security,
specifically network and PC security.
With the rise of the Internet and mobile
devices, they have expanded into Cyber
security to protect data and systems
held and transferred in networks that are
connected to the Internet.
Despite an increasing focus on securing
the digital business, IT departments
struggle to keep pace with recent
advances in security technology. Most
personal data resides in silos separated by
different technology standards and legal
contracts. A lack of an effective system of
permissions prevents data from moving
in a trusted and secure way to create
value. Businesses must have the tools
and technologies to secure the systems,
applications and data that are exposed to
a variety of forms of attack, ranging from
data theft and espionage to corruption of
data and “denial of service” attacks.
To address security issues in this new
digital world where systems are expected
to be “always on,” IT must adopt a new
mindset to ensure that systems are
dynamic, accessible, and continuous—not
just designed to spec but designed for
resilience under failure and attack.
The security of payment information, in
general, is the most potentially damaging
factor that can impact a business’
digital trust, making the management
and protection of financial data of
paramount importance to revenue growth.
Management and Finance, therefore, are
also keenly impacted and involved in how
the organization builds digital trust.
12. Figure 7: Digital Trust Impacts the Entire Business
Agents of Action Security Privacy/Data Control Benefit/Value Accountability
Management &
Finance
Sales &
Marketing
Product Development &
Support
Legal &
Regulatory
12
Primary responsibility
Some level of responsibility
IT
Source: Accenture analysis
Data is actively protected Data control and privacy policies
established company-wide
Personal data as currency for
consumers and businesses
Data operations follow and
anticipate regulations globally
Privacy/Data Control
An important reason for collecting and
controlling detailed data is that it offers
Product Development the opportunity
to analyze data to help identify, develop
and deliver new products and services
– for themselves as well as third party
partners. At the same time, it will
be critical for Legal and Regulatory
functions to help their organizations
communicate privacy and data control
policies clearly in a manner that is easily
understood by consumers and enables
them to have input regarding how their
data will be used.
The struggle to create a company-wide
privacy policy can be extremely difficult
with the need to constantly review, revise
and enhance the policy as new laws and
customer expectations evolve. The privacy
dialogue should be an ongoing component
of the interactions with consumers and
empower consumers by giving them
appropriate choices for how their data
will be used. Even though it is important
to allow consumers to have “full” control
of their data, truly full control can be
daunting and too overwhelming to most
consumers. Businesses need to find the
ideal balance for consumers between
controllable and manageable.
In addition to setting policy, a key
component of digital trust is successfully
managing scenarios that arise in terms of
negative situations that may compromise
trust, often the domain of Marketing
with support from Management. Trust
is built and trust is loss – effective
communications can help with both.
13. 13
Benefit/Value
Treating consumers’ personal data
as a currency, and its exchange as a
transaction, enables businesses to move
past the perceived conflict between
privacy and offering tailored services
designed to fit each consumer’s needs.
Sales and marketing must be designed
to leverage vast amounts of data and be
able to offer personalized products and
services, without violating the line of
personal privacy.
Led by their Sales and Marketing
departments, some businesses excel at
creating brand trust, which is critical
in helping to develop digital trust.
Accenture’s data shows that the majority
of consumers are willing to share personal
data with digital service providers in
exchange for services or discounts that
they value and believe to be relevant
to the data provided. Thus Product
Development, Sales and Marketing must
work together to ensure that any new
offerings provide a value proposition that
consumers believe warrants the sharing of
personal information (typically a tailored
benefit in exchange for personal data).
Accountability
An era of accountability is coming, in
which companies comply with traditional
regulation and proactively practice self-regulation,
using the best collaborative
technologies to compare practices with
others and to gather inputs directly from
consumers. Legal will become increasingly
involved to ensure that digital trust exists
in a manner that aligns with local laws.
The carry-over of consumer trust to
partners makes accountability even more
complex. Digital businesses are responsible
not only for the data controlled by them,
but the data they share with other
partners. Not only do companies have
to have airtight policies and security in
place, but they have to constantly audit
themselves and their partners. How
management reacts when trust is broken
can sometimes be more defining than not
breaking the trust in the first place.
14. Digital Trust’s Emerging
Leaders
Digital trust is no longer a question for the Chief
Security Officer, the CIO or the CTO and it is no
longer enough to relegate digital trust to a security
and data privacy issue. Communications, media and
technology companies must understand the larger
impacts of digital trust across all customers and
products and undertake a cross-organization effort to
establish the appropriate measures to ensure security,
privacy and data control, value, and accountability.
While some business functions may be more closely
involved in building digital trust than others, the
entire organization is impacted. All stakeholders now
have a much broader responsibility to uphold privacy,
deliver benefit in exchange for the use of personal
data, and remain accountable for the use of data. This
can be challenging but the stakes are high. Are you
ready to help secure your company’s future growth by
becoming a digital trust leader?
14
15. 15
Getting to Table Stakes:
Accenture Digital Diagnostics
The Accenture Digital Diagnostics (ADD) tool has been
purpose-built for analyzing and optimizing websites
and web environments. ADD can be used to evaluate
compliance with privacy policies by evaluating the
security of forms collecting personally identifiable
information (PII), addressing the use of cookies and
beacons, and analyzing data spills.
Accenture used this tool to evaluate the
nine brands studied in the research and
found few differences between these
leading brands that have adopted best
practices. These findings indicate that
these nine brands are typically well ahead
of other industries across many of the
metrics evaluated, making the technology
practices they employ “table stakes” for
participation in the consumer digital
trust relationship that all brands need
to match. The findings also highlight
that although there is opportunity for
improvement for some of the leading
brands evaluated, consumer perception
of digital trust in a company is influenced
by many factors beyond its technological
solution (Figure 8).
Accenture Digital Diagnostics Analysed Websites for 9 CMT Brands: Amazon, Apple, Facebook, Google, Microsoft, Samsung, Sony, Twitter, Wikipedia
Yes
No
Yes 15%
Encryption Level Encryption Level Log In Method Used Cookie Types
Forms Used to Collect PII is
Secure evaluates security
when consumer submits form.
Yes
Forms Used to Serve Page
is Secure evaluates whether
the pages that set the forms
use the https protocol.
Number of trackers on Home Page evaluates
the number of trackers that transmit visitor
data to the site that owns the tracker.
Examples of trackers are ad networks,
survey tools, web analytics vendors, and
social media buttons.
Persistent & Session 77%
Presence of 3rd Party evaluates whether a
cookie originates from a domain that is
outside the primary brand domain
Cookie Types evaluates the type of cookies
utilized. Session cookies expire at the end
of the session. Persistent cookies expire at
some predefined time and date in the future.
Brands with multiple Websites evaluated
may utilize multiple types of cookies.
Log In Method: Get method is considered less
secure because it sends parameters across the
Internet, which may contain sensitive
information and be read while in transit.
100%
0%
100%
No
0%
Post (More secure) 92%
8%
15%
Persistent
Session
No 85%
Forms Used to
Collect PII is Secure
Forms Used to Serve
Page is Secure
Presence of 3rd
Party Cookies
Avg. Number of
Trackers on Home Page
Trackers
4.4
92% of sites have cookies set on the same
page on which the log in form resides
128-bit
256-bit 15%
85% 128-bit
256-bit
85%
15%
Sample base: Multiple Websites Evaluated for Some Brands
Get (Less secure) 8%
Figure 8: Accenture Digital Diagnostics Findings