The Most Valuable Asset in Security

The most valuable asset for actors in cyberspace is trust. It is an important ingredient in successful business operations as well as in good governance. Trust and security are closely intertwined. There cannot be one without the other. Therefore, it is concerning that people at an increasing rate hesitate to trust the digital world. They are not sure whether operating in it is safe, online privacy exists or digital infrastructure can be protected. These hesitations can be addressed by improving cyber security.

The world is ever more digitalised and networked, which is one aspect of globalization. Cyberspace is everywhere and brings people from all over the world in contact with one another. Digital infrastructure has become the backbone of contemporary society which enables it to connect to global flows of information, finance, people and goods. The basic functions of society are steered through cyberspace or it is an important part of these functions themselves. Therefore, the security of digital infrastructure is a crucial question for today’s decision makers both in public and private sectors.

Traditionally, the production of security has been the main task of the state, but who should be responsible for safeguarding cyberspace? Who is to build trust in it?  Most of digital infrastructure is owned and operated by the private sector. Moreover, majority of actors operating in the field of cyber security are private. The state has unique capabilities for security provision and maintaining trust amongst people, for example, by mobilizing nonpareil resources and both passing law and enforcing it. Nonetheless, due to the vast size of digital infrastructure and its ownership ‒ or those of infrastructure critical to the functioning of the society in general ‒ the state cannot safeguard it on its own.

The relationship between trust and security is multidimensional. When there is certainty people feel safe and know how to orientate themselves. Trust is not needed. The question of trust becomes activated only when ambivalence prevails and people need to make decisions based on probabilities. Without guarantees about the future, they need to be able to trust that things will happen as expected. Security under uncertainty hence means that the consequences of events remain within an acceptable range of variation in regard to what was expected and that possible problems are addressed quickly and professionally. It is a question of resilience.

Trust is an important ingredient of security. Doubting everything does not induce security but insecurity, whereas being able to trust builds security. When there is no certainty people turn towards additional security measures. In cyberspace, these measures usually refer to technical solutions to particular problems.  In other words, security is produced through technology. However, addressing the question of trust this way is only part of the solution. Regulation standards, laws, treaties and good practices which establishes rules of the game for cyberspace is also important. Yet the biggest challenge remains in people’s unawareness and lack of familiarity with digital technology. Thus the question of trust in technology has to be addressed too.

Enhancing trust in the digital world through improving cyber security can only be done in cooperation between different actors owning parts of and operating in cyberspace. Even if the state remains a central security actor in the establishment online trust, it needs partners and collaborators. It also needs new kind of security thinking in which it itself adapts the role of a coordinator, not merely that of a producer. Cooperation is not possible without mutual trust that can also be perceived from afar. Being able to project mutual trust and the capability to cooperate have reassuring impact on the society.

It is the shared responsibility of all online actors to reinforce trust in the digital world. Thus it lies on everyone’s shoulders to strengthen cyber security. The state does its part by establishing national and international regulation and administrative structures needed for cooperation. It strengthens public-private partnerships and allocates powers both up- and down-wards to different actors. It strives for normalising people’s relationship to cyberspace and educates them to become smart e-citizens, shares information, provides services online and counteracts threats existing in the digital world. It also uses market mechanisms, for example, purchasing power and creation of incentives for companies, other organisations and individuals to invest in cyber security.

Companies and organisations on their behalf reinforce trust by participating in cooperative structures and information sharing, taking care of their own equipment, networks and procedures as well as influencing those of their partners. They train their personnel and participate in market self-regulation and standardisation. By participating in trust-building an organisation can maximise its growth potential and manage risks that are included in attempts to take advantage of digital opportunities. It can build its brand and improve its reputation as a cyber-secure actor. Good reputation and trust mean that customers buy products online and are confident that the organisation keeps their data safe. Suppliers know that cooperative systems do not fail them. Individuals, again, are able to increase their trust and trustworthiness in cyberspace much already by getting interested in and informed about cyber security.

Finally, it needs to be noted that trust cannot be maintained by hiding information on security breaches or other information technology related problems. Unwillingness to acknowledge and address the problems does not produce security ‒ only an illusion of it. Real digital security, and enhanced trust, can be gained through honesty, disclosure of detected problems and addressing them in quickly in a correct manner.

- Jarno

Find Jarno on LinkedIn

Start a conversation with Jarno on Twitter

Read previous content from Jarno