Why more SaaS companies are hiring chief trust officers
24 comments
·October 16, 2025cudgy
So companies have now realized that they need to have trust with their customers? That they need to protect their customers data? And that someone in the company should be concerned about it?
This seems more like corporate CYA than anything else. “well we did hire a trust officer and trust officers are trustworthy.”
jrockway
Is this just title inflation for the PR team?
The article doesn't really say anything beyond "CTrO positions exist and think tanks think they're not a trend."
SkyPuncher
I work in this space. The article does a poor job of explaining exactly what this role does - but they allude to it with Chris Peake's comments.
> Peake, a former CISO, said a lot of the skills from his previous role have translated into his current one. However, he said the CTrO role differs from the CISO role because it operates more on the “business level,” as the work done by a CTrO can directly impact revenue generation, contract negotiation, and onboarding new customers.
In my view, it's a role that sits between Sales and Security. A major part of the role is getting customers and prospects information about your business and security controls to validate their own needs (e.g. compliance requirements). It's still a semi-technical role, but isn't necessarily focused on the nut-and-bolts of ground-level security.
evanjrowley
Sounds like a Chief Compliance Officer but with applicability to less-regulated industries/markets.
alephnerd
Basically. But the issue is, in a lot of enterprises, the decisionmakers won't chat with anyone who doesn't have an exec title.
Onavo
Well, it also helps to spread the responsibility and when you get hacked you can either promote one and fire the other one, or just fire both to show that you are doing something.
ksec
I really like the old fashion way of Apple with only three C. CEO, CFO, and COO. Nothing else. Others are at best SVPs.
donperignon
I will never trust a chief trust officer…
Havoc
That title will age like milk
noir_lord
You earn trust by doing the right thing by users/customers on a sustained basis.
It's not something you get by appointing someone to the board, someone who will be unknown to the vast majority of users of a product/service.
At best they'll do no harm I guess.
RobotToaster
Because nobody trusts them?
hunterpayne
The irony, it burns...
tracker1
CTrO == CISO with marketing spin.
ratelimitsteve
does this feel to anyone else like hiring a Chief Fall Guy? Securing data is and should be under the chief technical officer or the chief security officer, depending on how the org is structured, rendering this position redundant. The pattern I bet we see emerge is gonna be one where it's rather a cushy gig for a while but if there's a breach you're expected to resign or be fired so that the company can give us the old "the people responsible have been sacked". Like the moderately racist legends of tribes in a land untouched by modern civilization who designate a king and let him live in luxury for as long as times are good, and then behead him as a sacrifice at the first crop failure.
thewebguyd
Kind of what it sounds like to me.
> “Effectively, what the role does is offer assurance to the customers or potential customers of that organization that their data, their information, their technology, the infrastructure, the platform itself, can be trusted as those customers adopt it,”
Like, protecting your customer's data should be assumed and the default. That you would need what's effectively another PR executive to communicate that and "offer assurance" just sounds like marketing speak for "We are doing the bare minimum, but we need our customers to think we do more than we actually do to keep theri data safe."
Just sounds like the CISO's personal PR mouthpiece and like you said, someone else to take the fall when they get breached.
nathanaldensr
>implying the rest of the company is not trustworthy
Remember "Do no evil"?
This sounds like another bogus role they'll ditch once they get their Nasdaq listing and need to make profits for their shareholders.
I'd probably trust any organisation with a role like this even less. It sounds like an organisation that doesnt think it can be trusted.