Access is the tip of the spear for trust. When users log in, they shouldn’t be met with barriers that feel like complicated systems or ambiguous rules. Those first moments, and each login thereafter, must be seamless, immediate, and friction-free to instill trust, the most important ingredient in any digital environment.
In today’s connected digital world, access spans a growing network of vendors and external collaborators, making it the frontline of trust. However, it’s easy for most of us to recall a time when slow or broken access led someone to find a workaround, bypass a rule, take their business elsewhere, or simply give up. These real-time moments of access are where users form their first impressions of a company and establish a baseline for trust.
New data from Thales’ 2026 Digital Trust Index shows a growing disconnect between how organizations design for trust and how users experience it in real time. While visible security measures do build trust, access friction undermines it. Nearly two-thirds of users have experienced access issues in the past year, and most respond predictably by abandoning, delaying or bypassing systems entirely
Friction at login doesn’t just frustrate users, it compounds security risk as people default to productivity over protocol. Business leaders need to recognize that employee, customer, and partner behavior is shaped in these moments of access and when the secure path is also the easiest, security is most effective.
Access Friction Is Driving Risky Behavior at Scale
Across both consumer and enterprise environments, access issues are emerging as a primary driver of risk. Ninety-two percent of partner users experienced access issues with external systems in the last year, and 89% have shared or borrowed credentials or access as a result. These are not edge cases. They reflect a structural reality in many extended enterprise environments where access is inconsistent, delayed or incomplete.
When access fails, users rarely stop working. Instead, they turn to unsecured alternatives such as credential sharing, reused logins and informal pathways that fall outside of IT visibility. These workarounds reduce oversight and expand the attack surface, introducing risk that is difficult to detect and even harder to control. Over time, these behaviors become normalized. What begins as a workaround to maintain productivity becomes embedded in daily workflows, turning short-term fixes into persistent security blind spots.
Also Read: CIO Influence Interview with Gihan Munasinghe, CTO of One Identity
The Root Cause: Broken Access Experiences
The issue is most acute in external collaboration environments, where access complexity is highest.
Only 22% of partner users say access credentials are provided immediately when starting with a new external partner. Just 30% report receiving the full permissions they need on first access. For the majority of users, the initial friction experience is caused by waiting for access, requesting additional permissions or navigating incomplete permissions.
This gap between expected and actual access is a key driver of insecure behavior. It creates a disconnect between what users need to do their jobs and what systems enable them to do on day one. It also reflects a broader misalignment in how trust breakdowns are understood.
Misalignment Between Security and User Reality
IT and security teams typically evaluate trust through the lens of policy compliance, access governance, and enforcement of security controls. For users, trust is defined by whether they can access the tools and systems they need without interruption. This difference creates a blind spot. Security controls may function as designed, yet still prevent users from completing tasks efficiently.
As a result, organizations sometimes underestimate how frequently risky behavior is driven not by malicious intent or noncompliance, but by friction in the access experience. In most cases, users are not bypassing security maliciously; instead, they are working around obstacles to remain productive.
Trust Depends on Experience, And the Gap Is Growing
The data shows that trust rises and falls with experience, a consistent pattern. When access breaks down, users don’t distinguish between usability and security, they lose confidence in both. A difficult access experience signals that systems may be unreliable, overly complex or misaligned with how work actually gets done.
This is especially true during partner onboarding and access setup, where users are often asked to provide more information than expected, increasing hesitation and uncertainty. As expectations for seamless digital interaction rise, even small points of friction have an outsized impact on trust.
At the same time, as organizations adopt AI-driven systems and automation, expectations for seamless access are increasing, but trust is not keeping pace. This dynamic will only accelerate with the rise of agentic AI, where machine identities act on behalf of users and independently request access to systems, data and services. As these interactions scale, the volume and complexity of access requests will increase exponentially, making it even more critical that access is seamless, transparent and governed from the start.
Access is the New Security Boundary
Improving digital trust requires organizations to prioritize access as a primary trust signal rather than a backend administrative function. A critical first step is fixing credential provisioning and access management, particularly for external users like partners. Organizations should prioritize provisioning as part of the partner onboarding process itself, ensuring that role definitions, workflows and collaboration needs are clearly mapped from the outset.
At the same time, transparency and visibility must be foundational to how access and security are designed and communicated. This starts with being more intentional about the data collected during onboarding, requesting only what is necessary, and clearly explaining why each piece of information is needed. Overcollection or lack of clarity quickly erodes trust, particularly among external users who may already be wary of sharing sensitive information.
Beyond onboarding, organizations should make permissions and identity usage more visible and understandable, giving users insight into what they can access and how their data is being used. This principle extends to AI-enabled security as well. Systems should not operate as black boxes, but instead provide clear, explainable outputs that help users understand how decisions are made. When security measures are transparent and intelligible, they become inherently more trustworthy, reinforcing the idea that explainable systems are ultimately more credible and usable.
These aren’t just operational improvements. They directly influence whether users engage with systems as intended or seek alternative, less secure pathways. When access works seamlessly, security teams maintain critical visibility in the process.
About Thales
Thales is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors.
Catch more CIO Insights: CIO as Orchestrator of Cross-Functional Digital Strategy
[To share your insights with us, please write to psen@itechseries.com ]
