“Data is the ‘oil’ of the Internet economy. It is fueling innovation, growth and revenue. At the same time, if abused there is a risk of data spills, negatively impacting user expectations and ultimately the Internet at-large,” said OTA Founder and Chairman Emeritus, Craig Spiezle. “The OTA Trust Audit & Honor Roll underscores the urgency to embrace responsible security and privacy practices. Failure risks a long-term impact to the Internet.”
OTA’s ninth annual Online Trust Audit & Honor Roll analyzed over 1,000 consumer-facing websites for their website and email security and privacy practices. The Audit revealed that 52 percent of analyzed websites qualified for the Honor Roll, a five percent improvement over 2016. However, OTA also observed the emergence of an alarming three-year trend: sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.
See comments from Honor Roll recipients!
The consumer services category scored the highest with 76 percent earning an Honor Roll designation. OTA considers consumer services any website that requires consumers to create an online account such as social media, file sharing or dating. The Bank 100 category scored lowest with 27 percent making the Honor Roll.
“Despite ratcheting up the criteria needed to qualify for the 2017 Honor Roll, it was encouraging to see the highest percentage of recipients since OTA began the Trust Audit nine years ago,” said Spiezle. “While OTA congratulates all Honor Roll recipients, many others have a long way to go to ensuring and embracing acceptable security and privacy practices.”
Industry Highlights
From best to worst performing industries:
- Consumer Services: This industry was again the best performing with 76 percent making the Honor Roll this year. This segment accounted for 26 of the top 50 consumer-facing sites (52 percent).
- Internet Retailers: Fifty-one percent of the top 500 Internet retailers made the Honor Roll, a significant improvement over last year’s score of 44 percent. This segment accounted for 10 of the top 50 consumer-facing sites (20 percent).
- News & Media: Forty-eight percent of news and media sites made the Honor Roll this year, the most significant improvement over the previous year across all industries. In 2016, media and news sites were the worst performing sector with only 23 percent making the Honor Roll. This segment accounted for three of the top consumer-facing 50 sites (6 percent).
- ISPs, Carriers, Hosters & Email Providers: Forty-six percent of companies in this new 2017 category made the Honor Roll. This segment accounted for seven of the top 50 consumer-facing sites (14 percent).
- Government: Thirty-nine percent of audited U.S. federal government sites made the Honor Roll. This was a significant decrease from 46 percent in 2016. 60 percent received failing grades
- Top 100 Banks: The percent of the top 100 banks making the Honor Roll saw the biggest drop in 2017, going from 55 percent in 2016 to 27 percent. This sector had shown consistent, significant improvement in their Honor Roll score up to 2016 before plummeting this year predominantly due to increased breaches, low privacy scores and low levels of email authentication. 65 percent received failing grades.
“OTA’s Audit continues to drive awareness and recognition about the importance of responsible data security and ethical privacy practices,” said Internet Society Chief Internet Technology Officer, Olaf Kolkman. “The increase in sites embracing end-to-end encryption shows it is becoming the norm for site traffic.”
Top 50 Scoring Websites – “Top of Class”
Given the increase in overall Honor Roll recipients, OTA has expanded its list of top performers from 10 to 50 sites. The 50 highest-scoring consumer-facing sites cover a wide range of industries from social media to online services to government to retail. They top 50 list is here and statements many Honor Roll recipients are here.
“Consumer-facing website owners have an important responsibility because their customers entrust them with valuable data,” said Roxane Divol, Symantec Executive Vice President and General Manager, Website Security. “The OTA Audit recognizes those who go beyond compliance and demonstrate stewardship of their customers’ online security and privacy.”
Methodology
To qualify for Honor Roll status, a website must receive a composite score of 80 percent or better and a score of at least 60 percent in three categories: 1) domain, brand and consumer protection, 2) site security and resiliency and 3) data protection, privacy and transparency. Failing any one category automatically caused a site to fail overall. OTA expanded the 2017 methodology with additional criteria, telemetry and data fidelity addressing today’s security threat and privacy landscape. OTA analyzed websites between mid-April and the end of May 2017. It estimates that it analyzed more than 500 million email headers and approximately 100,000 web pages.
The 2017 report was funded in part by grants from Symantec and Verisign. Data providers included Agari, DigiCert, Disconnect, Distil Networks, Ensighten, High-Tech Bridge, Infoblox, Malwarebytes, Microsoft, Risk Based Security, SecurityScorecard, SiteLock, Qualys SSL Labs, Symantec, ValiMail and Verisign.
Event Details
A Congressional Briefing about the results of the 2017 Audit & Honor Roll will be held on June 27 from 8:30 am to 1 0:00 AM EDT in room at the Rayburn House Office Building in Washington D.C. OTA will share key findings from the report, host a panel with Honor Roll recipients.
OTA will also present the 2017 Cybersecurity, Privacy & Innovation Public Service Award to members of Congress for their contribution to help spur innovation and online trust. OTA will also host an online briefing on June 29 at 8 am PDT/11 AM EDT. To register, go here.
About OTA:
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.