This is largely based on preception and trust.
How do I trust if the infrastructure or system is secure?
We need to look at these core elements:
- Any regulatory mandate in this industry sector? Pick public transportation as example, mandatory insurance coverage, regular inspection for license renewal, periodic operator training, compliance with safety regulations etc.
- How well is the service provider doing among peers? Let’s say, the type and severity or incidents of this provider in past years among others, rating from customer reviews and comments.
- How does the service provider demonstrate what has been done to secure? Common examples are personal data handling transparency via the published privacy policy, alert end user on login from other rare locations, security tips in their official portal, committed service level pledge.
All the above are applied in both the physical and cyber worlds.