Skip to content

Digital Trust by Design: Why Cybersecurity Is No Longer Just an IT Responsibility

Published: July 14, 2026

Published: July 14, 2026

Digital Trust by Design: Why Cybersecurity Is No Longer Just an IT Responsibility

Every digital interaction—whether a banking transaction, medical appointment, online purchase, or university application—is built on trust. When that trust is broken through a cybersecurity failure, the damage extends far beyond technology. It affects reputation, relationships, and the confidence people place in an organization. Trust has always been one of an organization’s most valuable assets, underpinning every relationship it builds with customers, employees, students, patients, and other stakeholders. As more of those relationships move online, maintaining trust has become inseparable from managing technology responsibly.

For many years, cybersecurity was viewed primarily as a technical function. Organizations invested in firewalls, antivirus software, and network monitoring tools, while responsibility for security largely rested with IT departments. That approach reflected a time when cybersecurity was primarily about protecting systems.

Today, the challenge is much broader. As organizations become more dependent on cloud services, artificial intelligence, connected devices, and digital platforms, cybersecurity has become fundamental to institutional credibility. A security incident is no longer simply a technology failure. Instead, it can quickly become a reputational crisis, leading to a loss of stakeholder confidence.

Security Is No Longer a Technical Problem Alone

The consequences of cybersecurity failures increasingly extend far beyond the organizations directly affected, as the 2024 ransomware attack on Change Healthcare demonstrates. Although the attack targeted a technology provider operating behind the scenes of the healthcare system, its effects were felt by hospitals, pharmacies, physicians, insurers, and patients across the United States, disrupting everything from prescription fulfillment and insurance payments to critical healthcare operations.

The incident demonstrated how deeply interconnected modern organizations have become. Patients who had never heard of Change Healthcare suddenly experienced the consequences of a cybersecurity failure firsthand. The event became an operational, financial, and public confidence challenge for the company.

Many of the most significant security risks organizations face today are rooted in human behavior and organizational decision-making. Phishing attacks, the unauthorized sharing of sensitive information, and governance failures that create avoidable vulnerabilities all reflect choices that technology alone cannot prevent.

The growing use of generative AI in the workplace illustrates this clearly. Employees increasingly rely on AI tools to draft reports, analyze information, summarize meetings, and support decision-making. These technologies can improve productivity, but they also create new responsibilities for handling sensitive information.

Organizations should ensure that employees understand what types of data can and cannot be shared with AI systems, particularly when working with personally identifiable information, confidential business data, or proprietary intellectual property. The distinction is especially important when employees use personal generative AI accounts rather than enterprise platforms that offer greater security controls and protections.

Security Is Becoming Everyone’s Job

Responsibility for security can no longer sit within a single department. In nearly every organization, the functions that keep the business running each work with information that could create risk if it is mishandled. Human resources manages employee records and other personal data, while marketing collects and stores customer information. Finance oversees payment systems and sensitive financial records, and developers build the software and applications that employees and customers rely on.

Each of these roles carries a measure of responsibility for protecting information and preserving trust. A marketing employee who stores customer data in an unsecured application, or a manager who approves an AI platform without understanding how it handles confidential data, can create vulnerabilities that no firewall is able to catch. Security has become a shared responsibility distributed across the organization, and the strength of that protection often depends on the everyday judgment of people who would never describe themselves as technologists.

Digital Trust by Design: Why Cybersecurity Is No Longer Just an IT Responsibility

Designing Trust Into the Organization

The challenge has outgrown what an IT department alone can manage. Maintaining the confidence that stakeholders place in an organization requires active involvement from leadership, as well as coordinated efforts across governance, compliance, human resources, and other business functions, beginning with clear policies, ongoing education, and a commitment to responsible data stewardship. Questions about what information employees may enter into AI systems, how proprietary and personal data should be protected, and what guardrails should govern emerging technologies require oversight that extends across the company rather than resting solely with cybersecurity teams.

The strongest organizations do not treat security as a final review step. They build it into decisions about technology adoption, employee training, and data governance from the outset, so that security becomes part of organizational culture rather than a function that operates apart from the business. This matters most as AI becomes embedded in daily workflows. Employees need more than access to powerful tools; they need clear guidance on responsible use and a strong understanding of how sensitive information should be handled, with expectations consistently reinforced across the organization.

The same principle applies throughout the digital ecosystem. Whether evaluating a new software vendor, deploying a cloud-based platform, or implementing AI-powered services, leaders should weigh what a technology can do alongside how it affects privacy, security, compliance, and stakeholder confidence. Decisions that appear technical on the surface often carry significant implications for organizational reputation and long-term success.

How UoPeople Prepares Computer Science Graduates

Preparing future computer scientists for this environment requires more than teaching programming languages or software development. Graduates increasingly need to understand how technical decisions affect privacy, security, ethics, and organizational trust. At UoPeople, this broader perspective is reflected in a curriculum that combines technical foundations—including databases, communications and networking, operating systems, software engineering, and machine learning—with opportunities to explore systems and applications security, computer ethics, and responsible technology use. 

Alongside this technical grounding, our graduates develop critical thinking about computer ethics, privacy, and security, and they learn to analyze problems from multiple perspectives. The result is graduates who can evaluate risks, make informed decisions, and contribute to organizational cultures that value security and accountability.

Trust is difficult to earn and easy to lose. Organizations that design responsible technology use into their operations will be better positioned to maintain the confidence of those they serve. Those that continue to view cybersecurity as an isolated technical function may discover that the greatest threats to trust originate well beyond the IT department.

Dr. Alexander Tuzhilin currently serves as Professor of Information Systems at the New York University (NYU) and Chair of the Department of Information, Operations and Management Sciences at Stern School of Business.
Read More