The most valuable asset for actors in cyberspace is trust. It is an important ingredient in successful business operations as well as in good governance. Trust and security are closely intertwined. One cannot exist without the other. Thus it is concerning that people at an increasing rate hesitate to trust the digital world. They are not sure whether operating in it is safe, online privacy exists, or digital infrastructure can be protected. Yet these hesitations can be allayed by improving cybersecurity.
The world is ever more digitized and networked, which are two aspects of globalization. Cyberspace is everywhere and brings people from all over the world in contact with one another. Digital infrastructure has become the backbone of contemporary society and enables us to connect to global flows of information, finance, people, and goods. Many basic functions of society pass through cyberspace or form an important part of these functions. The security of digital infrastructure is a crucial element for today’s decision makers in both public and private sectors.
Traditionally, providing security has been primarily a task of the state, but who should be responsible for safeguarding cyberspace? Who will build trust in it? Most of digital infrastructure is owned and operated by the private sector. Moreover, the majority of actors operating in the field of cybersecurity are private. The state has unique capabilities to provide security and maintain trust among people, for example, by mobilizing its unique resources and by passing and enforcing laws. Nonetheless, due to the vast size of digital infrastructure and its distributed ownership, the state cannot safeguard cyberspace on its own.
The relationship between trust and security is multidimensional. When there is certainty, people feel safe and know how to orient themselves. Trust is not needed. The question of trust becomes crucial only when ambivalence prevails and people need to make decisions based on probabilities. Without guarantees about the future, they need to be able to trust that things will happen as expected.
Trust is an important ingredient of security. Doubt leads to insecurity, whereas trust builds security. When there is no certainty, people seek additional security measures. In cyberspace, these measures usually refer to technical solutions to particular problems. In other words, security is produced through technology. However, addressing the question of trust this way is only part of the solution. Regulation—standards, laws, treaties, and good practices—that establishes rules of the game for cyberspace is also important. Yet the biggest challenge remains in people’s unawareness and lack of familiarity with digital technology. Thus the question of trust in technology has to be addressed too.
Enhancing trust in the digital world through improving cybersecurity can be done only in cooperation among different actors owning parts of and operating in cyberspace. Even if the state remains a central security actor in the establishment of online trust, it needs partners and collaborators. It also needs new kinds of security thinking in which it adopts the role of a coordinator, not merely that of a producer. Cooperation is not possible without mutual trust that can also be perceived from afar. Projecting mutual trust and the capability to cooperate have a reassuring impact on society.
It is the shared responsibility of all online actors to reinforce trust in the digital world. Thus it lies on everyone’s shoulders to strengthen cybersecurity. The state does its part by establishing national and international regulation and administrative structures needed for cooperation. It strengthens public-private partnerships and allocates powers both upward and downward to different actors. It strives to normalize people’s relationship to cyberspace and educates them to become smart e-citizens, shares information, provides services online, and counteracts threats in the digital world. It also uses market mechanisms, for example, purchasing power and the creation of incentives for companies, other organizations, and individuals to invest in cybersecurity.
Companies and organizations reinforce trust by participating in cooperative structures and information sharing, taking care of their own equipment, networks, and procedures, as well as influencing those of their partners. They train their personnel and participate in market self-regulation and standardization. By participating in trust-building, an organization can maximize its growth potential and manage risks that are included in attempts to take advantage of digital opportunities. It can build its brand and improve its reputation as a cybersecure actor. Good reputation and trust mean that customers buy products online and are confident that the organization keeps their data safe. Suppliers know that cooperative systems do not fail them. Individuals can increase their trust in cyberspace by getting interested in and informed about cybersecurity.
Finally, trust cannot be maintained by hiding information on security breaches or other information technology–related problems. An unwillingness to acknowledge and address problems does not produce security—only an illusion of it. Real digital security, and enhanced trust, can be gained through honesty, disclosure of problems, and rapidly addressing them.