Is the chief trust officer position title inflation, or a C-suite role that matters? Jeff Pollard, VP, principal analyst at research and advisory company Forrester had his doubts, but once he started researching the role it became clear that the CTrO position is the natural, and important, next step in the CISO’s career path.
During a keynote speech at the Forrester Security & Risk Forum 2022, Pollard talked about how trust is becoming essential to cybersecurity and by extension all business functions. Technology trust equals brand trust,” he said.
While security teams may still need to fight to get their piece of the budget, it is clear that cybersecurity is crucial. “Whenever something touches as much revenue as cybersecurity does now, it is a core competency,” Pollard explained.
He pointed to major companies that put trust at the forefront of their communications around cybersecurity. When customer engagement platform Twilio suffered a breach this year, it released a statement on the incident that emphasized the importance of trust. “Trust is paramount at Twilio, and we know the security of our systems is an important part of earning and keeping your trust.” On retail giant Walmart’s cybersecurity careers page, some of the first words you see are “Trust is essential at Walmart.” Major companies are taking trust seriously.
Pollard has invested his time in speaking with CTrOs to learn about their responsibilities and how they got that title. “Every single chief trust officer that we found was a former chief information security officer,” he said.
Many CISOs are already unofficially doing the work that comes with the CTrO role, according to Pollard. They are doing customer-facing work, navigating third-party risk management, and focusing on enterprise resilience.
“CISOs that spend more time on customer-facing activity, they are at companies that grow faster,” Pollard asserted. “Cybersecurity touches revenue, and security leaders that are able to carve out the time to focus on customer activity help drive hyper growth.”
CISOs who are driving growth for their companies are playing an important part on the leadership team, and if they’ve been in the role for a long enough time, it could be time to ask the question “What comes next?” CISOs who have been in their position for 48 months are due for a title-level promotion, according to Pollard. And CTrO is that next step.
Importance of Trust
Through his research, Pollard is seeing the CTrO role filled at a number of organizations. Cisco has a chief trust officer. So does SAP. “We're not talking about small, innovative startups. We're talking about goliath businesses that recognize the importance of trust in what they do,” Pollard said.
Pollard advocated for CISOs at B2B and B2C organizations to take a look at their responsibilities and consider pushing for the CTrO title. Trust is becoming more mainstream, and CISOs can take the lead as CTrOs. “You don't have to trade off privacy and security with convenience the way that you used to,” said Pollard.
With trust inextricably linked to the way companies are viewed, it is vital that organizations have the leadership to in place to prioritize that trust between customers and partners. When interviewing CTrOs, Pollard found that they shared a similar outlook on their jobs. “These chief trust officers wanted to make sure that inside their company there was never a choice between what was best for the company and what was best for the customer,” he explained.
Pollard painted a picture of opportunity for CISOs to capitalize on the value and growing role of trust in the future of all companies. “Use the chief trust officer role to become an engine of growth for your organization,” Pollard urged.
What to Read Next:
How Security Teams Can Successfully Navigate Geopolitical Risks
Imagining a Different Future for Security Awareness and Training