OTA Audit Finds More Websites Than Ever are Trustworthy; Increasing Disparity Between Those That Do and Don’t Take Trust Seriously

Share Article

Consumer services sites have best combined security and privacy practices, while banks and government sites have the worst

Online Trust Alliance

The OTA Trust Audit & Honor Roll underscores the urgency to embrace responsible security and privacy practices. Failure risks a long-term impact to the Internet.

The Online Trust Alliance (OTA), an Internet Society initiative with the mission to promote best practices for online trust, announced today the results of its 2017 Online Trust Audit & Honor Roll - the de facto standard for recognizing excellence in online consumer protection, data security and responsible privacy practices.

“Data is the ‘oil’ of the Internet economy. It is fueling innovation, growth and revenue. At the same time, if abused there is a risk of data spills, negatively impacting user expectations and ultimately the Internet at-large,” said OTA Founder and Chairman Emeritus, Craig Spiezle. “The OTA Trust Audit & Honor Roll underscores the urgency to embrace responsible security and privacy practices. Failure risks a long-term impact to the Internet.”

OTA’s ninth annual Online Trust Audit & Honor Roll analyzed more than 1,000 consumer-facing websites for their website and email security and privacy practices. The Audit revealed that 52 percent of analyzed websites qualified for the Honor Roll, a five percent improvement over 2016. However, OTA also observed the emergence of an alarming three-year trend: sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas. The complete 2017 Online Trust Audit & Honor Roll report is at https://otalliance.org/TrustAudit.

The consumer services category scored the highest with 76 percent earning an Honor Roll designation. OTA considers consumer services any website that requires consumers to create an online account such as social media, file sharing or dating. The FDIC 100 banking category scored lowest with 27 percent making the Honor Roll.

“Despite ratcheting up the criteria needed to qualify for the 2017 Honor Roll, it was encouraging to see the highest percentage of recipients since OTA began the Trust Audit nine years ago,” said Spiezle. “While OTA congratulates all Honor Roll recipients, many others have a long way to go to ensuring and embracing acceptable security and privacy practices.”

Industry Highlights
From best to worst performing industries:

  • Consumer Services: This industry was again the best performing with 76 percent making the Honor Roll this year. This segment accounted for 26 of the top 50 consumer-facing sites (52 percent).
  • Internet Retailers: Fifty-one percent of the top 500 Internet retailers made the Honor Roll, a significant improvement over last year’s score of 44 percent. This segment accounted for 10 of the top 50 consumer-facing sites (20 percent).
  • News & Media: Forty-eight percent of news and media sites made the Honor Roll this year, the most significant improvement over the previous year across all industries. In 2016, media and news sites were the worst performing sector with only 23 percent making the Honor Roll. This segment accounted for three of the top consumer-facing 50 sites (6 percent).
  • ISPs, Carriers, Hosters & Email Providers: Forty-six percent of companies in this new 2017 category made the Honor Roll. This segment accounted for seven of the top 50 consumer-facing sites (14 percent).
  • Government: Thirty-nine percent of audited U.S. federal government sites made the Honor Roll. This was a significant decrease from 46 percent in 2016. 60 percent received failing grades.
  • FDIC 100 Banks: The percent of FDIC 100 banks making the Honor Roll saw the biggest drop in 2017, going from 55 percent in 2016 to 27 percent. This sector had shown consistent, significant improvement in their Honor Roll score up to 2016 before plummeting this year predominantly due to increased breaches, low privacy scores and low levels of email authentication. 65 percent received failing grades.

"OTA's Audit continues to drive awareness and recognition about the importance of responsible data security and ethical privacy practices," said Internet Society Chief Internet Technology Officer, Olaf Kolkman. "The increase in sites embracing end-to-end encryption shows it is becoming the norm for site traffic."

Top 50 Scoring Websites
Given the increase in overall Honor Roll recipients, OTA has expanded its list of top performers from 10 to 50 sites. The 50 highest-scoring consumer-facing sites cover a wide range of industries from social media to online services to government to retail. The top 50 list is here and statements from some of the Honor Roll recipients are here.

“Consumer-facing website owners have an important responsibility because their customers entrust them with valuable data,” said Roxane Divol, Symantec Executive Vice President and General Manager, Website Security. “The OTA Audit recognizes those who go beyond compliance and demonstrate stewardship of their customers’ online security and privacy.”

To qualify for Honor Roll status, a website must receive a composite score of 80 percent or better and a score of at least 60 percent in three categories: 1) domain, brand and consumer protection, 2) site security and resiliency and 3) data protection, privacy and transparency. Failing any one category automatically caused a site to fail overall. OTA expanded the 2017 methodology with additional criteria, telemetry and data fidelity addressing today’s security threat and privacy landscape. OTA analyzed websites between mid-April and the end of May 2017. It estimates that it analyzed more than 500 million email headers and approximately 100,000 web pages. 

The 2017 report was funded in part by grants from Symantec and Verisign. Data providers included Agari, DigiCert, Disconnect, Distil Networks, Ensighten, High-Tech Bridge, Infoblox, Malwarebytes, Microsoft, Risk Based Security, SecurityScorecard, SiteLock, Qualys SSL Labs, Symantec, ValiMail and Verisign.

Event Details
A Congressional Briefing about the results of the 2017 Audit & Honor Roll will be held on June 27 from 8:30 to 10:30 am EDT in room 2360 at the Rayburn House Office Building in Washington D.C. OTA will share key findings from the report, host a panel with Honor Roll recipients. At that briefing, OTA will also present the 2017 Cybersecurity, Privacy & Innovation Public Service Award to members of Congress for their contributions to help spur innovation and online trust. OTA will also host an online briefing about the Audit on June 29 at 8 am PDT/11 AM EDT. To register, go here.

About OTA
OTA is an initiative within the Internet Society (ISOC), a 501c3 charitable non-profit with the mission to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. OTA’s mission is to enhance online trust, user empowerment and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, responsible privacy practices and data stewardship. To learn more about OTA visit https://otalliance.org and Internet Society visit https://www.internetsociety.org/

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jaci Hendricks-Scott
Follow >