A new global study by Thales reveals that friction, opacity, and a widening AI trust gap are quietly draining digital revenue and creating measurable security debt across industries.
Every time a user taps a login button, an organization either earns or erodes trust. A new study from Thales — the 2026 Digital Trust Index — conducted across 13 countries with 14,300 consumers, 1,300 partner users, and 200 IT and security leaders, maps where that trust breaks, why it breaks, and what the commercial consequences are. The picture that emerges is one of systemic misalignment: organizations believe they are delivering secure, functional digital experiences; their users frequently disagree.
The report is structured around three pillars of digital trust — user experience, security, and privacy — and three audiences: consumers, business partner users, and the IT and security leaders who design the environments both groups navigate.
Banking Alone Holds Majority Trust
At the sector level, the data is stark. Banking is the only industry where a majority of consumers — 57 percent, up from 44 percent in 2025 — are comfortable sharing personal information online. Government (40 percent) and healthcare (35 percent) rank second and third, but neither commands majority confidence. Beyond those three, trust collapses into single digits for entertainment, social media, automotive, and news media. The regulated sectors, where visible security controls are mandated and compliance expectations are high, hold an advantage that the broader market has not replicated.
For most organizations, this means starting from a deficit. Trust cannot be inherited from reputation; it must be constructed through the quality of each digital interaction, beginning with the first one.
The Access Layer as Revenue Gatekeeper
Consumer trust, according to the research, is formed and tested at sign-up, login, and account settings — the core touchpoints of Customer Identity and Access Management (CIAM). When those touchpoints fail, the consequences are measurable. Sixty-eight percent of consumers have encountered website or app problems in the previous twelve months, including slow speeds, downtime, or extended sign-up processes, that led them to abandon the site or switch to a competitor.
When confronted with complicated onboarding, 33 percent of users will either switch to a competing service or abandon the interaction entirely. A further 36 percent delay or attempt an alternative channel — an outcome that defers revenue rather than destroying it immediately, but still represents a conversion failure. Combined, nearly seven in ten users are lost or delayed at the access layer.
The data also challenges the assumption that users want speed above security. Forty-five percent of consumers prefer stronger security checks even if onboarding takes longer; only 22 percent prioritize speed over thoroughness. Users will accept friction — but only when it feels protective rather than arbitrary. When sign-up feels opaque or excessive, tolerance disappears quickly.
Familiarity Earns Trust; Novelty Triggers Suspicion
The research identifies a clear hierarchy of trust-building mechanisms. Multi-factor authentication (MFA) increases trust for 69 percent of consumers, and passkeys produce the same effect for 68 percent. Clear, transparent data policies also move 69 percent toward greater confidence. These are familiar signals — visible, legible, and intuitively associated with protection.
AI generates the opposite response. Thirty-eight percent of consumers say they would trust an organization less if it used generative AI to handle their data; only 25 percent say their trust would increase. Seventy-seven percent report concern about AI agents acting on their behalf online. This is not a rejection of modernization per se, but it is a signal that communication has not kept pace with deployment. Adoption, the data implies, is as much a design and explanation challenge as a technology one.
The exception is in the B2B channel. Among partner users — distributors, resellers, contractors, and suppliers who access external systems — 81 percent say they would trust an organization more if it used AI to strengthen security, and 70 percent extend that trust to generative or agentic AI applied to access management. Where AI is presented as a tool for improving processes that are currently slow and unreliable, the reception is favorable.
Partner Access: Systematic Failure Across the Value Chain
The partner user findings describe a system under sustained operational strain. Only 22 percent of partner users receive login credentials immediately upon starting work with a new external organization. Just 30 percent receive the full permissions they need at first access. The majority begin engagements in a holding pattern — ready to work, but blocked by provisioning delays.
The downstream effects are substantial. Ninety-two percent of partner users experienced access problems with external systems in the previous twelve months. Eighty-nine percent abandoned or delayed work tasks as a result. When the official route fails, informal workarounds follow: 66 percent of partner users have shared or borrowed credentials, and among those, 53 percent attribute the behavior directly to slow provisioning processes.
This normalized credential sharing represents what the report terms ‘silent security debt’ — a category of risk that accumulates without triggering immediate incidents but increases exposure over time. Fifty-two percent of partner users believe someone may have accessed an external partner system while impersonating them within the past twelve months.
Visibility compounds the problem. Only 30 percent of partner users report confidence that they understand what permissions they hold on external systems. Sixty-five percent say they have encountered data or settings they should not have had access to. The same provisioning failures that create access delays are also generating inadvertent exposure.
The IT Leadership Perception Gap
IT and security leaders occupy a distinct position in the data: consistently more confident than the users they serve. Forty-four percent believe their consumer customers completely trust their organization’s digital interactions; the consumer data tells a different story. Only 11 percent of IT leaders identify initial data collection as the step most likely to cause abandonment; 28 percent of consumers report leaving an organization precisely because it demanded too much personal information at that stage.
On credential sharing, 39 percent of IT leaders attribute the behavior to partner preference for convenience; only 17 percent link it to slow provisioning. Partner users, asked the same question, point to slow provisioning as the primary cause — at 53 percent. This attribution gap means the problem is being misdiagnosed and, as a result, inadequately addressed.
The authentication gap is also visible. Eighty-seven percent of IT leaders say that offering passkeys to consumers is important; only 49 percent currently do so. Fifty-one percent allow customers to authenticate via existing identity providers such as Google or Apple, but just 36 percent have formalized this as a capability — the majority are still evaluating it. Intent is consistently ahead of implementation.
Transparency as Operational Infrastructure
Across all three user groups, the research returns repeatedly to transparency as a functional — not merely reputational — variable. When the purpose of a data request is clearly explained, willingness to comply rises substantially. For phone numbers, stated willingness to share rises from 19 percent to 48 percent when the reason is provided. For email addresses, from 33 percent to 54 percent. For national identification numbers, from 7 percent to 24 percent.
Similarly, 66 percent of consumers say they trust organizations more when privacy and security settings are easy to find and modify. Sixty-eight percent report that clear, plain-language copy — on forms, permission requests, and policy pages — is the single biggest trust booster in digital interactions. Language itself, the research suggests, functions as a security signal.
Among partner users, 70 percent say they are routinely asked for information that does not appear necessary, and 72 percent do not feel they fully understand how their data is collected and used. The result is a trust deficit driven not by malicious intent but by process opacity: users cannot evaluate the risks they are accepting, and that uncertainty erodes confidence in the system.
What the Data Requires
The report’s conclusions are consistent across all three audiences. For consumers, the core requirement is reliable, explainable onboarding — fast where possible, but contextualized when sensitive data is requested. Progressive profiling (collecting only what is needed at each stage, paired with a plain-language rationale) reduces abandonment without compromising security. Risk-based authentication (RBA), which calibrates verification intensity to the actual threat level of each transaction, can reduce friction for low-risk interactions while maintaining control where it matters.
For partner users, the operational fixes center on provisioning speed, entitlement visibility, self-service capabilities, and lifecycle alignment. When access is granted, modified, and revoked in line with actual working needs — and when users can see what they are authorized to do — the conditions for credential sharing and inadvertent overexposure are reduced.
For both groups, AI represents a conditional opportunity. Applied to low-risk, high-volume tasks with clear explanation and visible controls, it can improve efficiency and reinforce trust. Applied without transparency, it risks compounding the opacity problems already evident in onboarding and data collection.
The 2026 Digital Trust Index was commissioned by Thales and conducted by Vanson Bourne in January and February 2026. Respondents were drawn from the United States, Canada, Mexico, Brazil, the United Kingdom, France, Germany, the Netherlands, the UAE, South Africa, Singapore, Japan, and Australia.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de