Do you know how – or even if – your favorite retailer, or your bank, or your ISP is working to protect you? The Online Trust Alliancerecognizes excellence in consumer protection, data security and responsible privacy practices. Today, we released the 10th annual Online Trust Audit & Honor Roll, covering more than 1,200 predominantly consumer-facing websites, and found that 70% of the websites we analyzed qualified for the Honor Roll. That’s the highest proportion ever, driven primarily by improvements in email authentication and session encryption.
Overall, we found a strong move toward encryption, with 93% of sites encrypting all web sessions. Email authentication is also at record highs; 76% use both SPF and DKIM (which prevent spoofed/forged emails) and 50% have a DMARC record (which provides instruction on how to handle messages that fail authentication).
It’s not all good news, though. We also found that only 11% of organizations use mechanisms for vulnerability reporting, which allows users to report bugs and security problems. Only 6% use Certificate Authority Authorization, which limits certificate abuse. And overall privacy scores dropped compared to last year, primarily due to more stringent scoring in light of the E.U.’s General Data Protection Regulation and the California Consumer Privacy Act. In addition, 15% of organizations had at least one data loss or cyber breach incident.
The U.S. Federal government sector surged to the front with 91% of sites placing on the honor roll, a dramatic turnaround from 2017 when they had bottomed out at 39%. Consumer services (including social media, payment services, video streaming, file sharing, and dating) finished second this year at 85%. News & Media and then Banks came in at 78% and 73%, respectively. Internet Retailers came in at 65%, barely edging out ISPs, carriers, hosters and email providers at 63%. Healthcare, a new sector this year, had the lowest overall honor roll placement at 57%.
The Top 50 (Appendix C) shine bright with the best overall scores across all 1,200 sites we analyzed. They are:
- Top Overall: Google Play
- Top Bank: First National Bank of Omaha
- Top Consumer: Paypal
- Top Healthcare: 23andMe
- Top ISP/Host: Google Cloud Platform
- Top News: Google News
- Top Retailer: Google Play
- Top U.S. Federal: Federal Emergency Management Agency (FEMA)
Too many numbers in here? We have some resources to help distill down the highlights, including:
We’re hosting a webinar to discuss the Audit results on 24 April, from 1PM-2PM EDT (17:00 UTC) for the ISOC community webinar. See https://dev.internetsociety.org/events/ota-honor-roll-webinar/ for more information.
Improve Your Security & Privacy
How would your organization do in the Audit? Check out Appendix E – the Best Practice Checklist – to see how you’d stack up, and use it to improve your site’s security and privacy.
We hope you’ll read the report, view the infographic, watch the video, share the news, and/or join us on the webinar. And be sure to watch OTA on Twitter, Facebook, and LinkedIn and share using #OTATrustAuditHonorRoll!