This is largely based on preception and trust.
How do I trust if the infrastructure or system is secure?
We need to look at these core elements:
- Any regulatory mandate in this industry sector? Pick public transportation as example, mandatory insurance coverage, regular inspection for license renewal, periodic operator training, compliance with safety regulations etc.
- How well is the service provider doing among peers? Let’s say, the type and severity or incidents of this provider in past years among others, rating from customer reviews and comments.
All the above are applied in both the physical and cyber worlds.