Building Trust 16 April 2019

Announcing the Online Trust Audit & Honor Roll Results

By Megan KruseFormer Director, Advocacy and Communications

Do you know how – or even if – your favorite retailer, or your bank, or your ISP is working to protect you? The Online Trust Alliancerecognizes excellence in consumer protection, data security and responsible privacy practices. Today, we released the 10th annual Online Trust Audit & Honor Roll, covering more than 1,200 predominantly consumer-facing websites, and found that 70% of the websites we analyzed qualified for the Honor Roll. That’s the highest proportion ever, driven primarily by improvements in email authentication and session encryption.

Highlights

Overall, we found a strong move toward encryption, with 93% of sites encrypting all web sessions. Email authentication is also at record highs; 76% use both SPF and DKIM (which prevent spoofed/forged emails) and 50% have a DMARC record (which provides instruction on how to handle messages that fail authentication).

It’s not all good news, though. We also found that only 11% of organizations use mechanisms for vulnerability reporting, which allows users to report bugs and security problems. Only 6% use Certificate Authority Authorization, which limits certificate abuse. And overall privacy scores dropped compared to last year, primarily due to more stringent scoring in light of the E.U.’s General Data Protection Regulation and the California Consumer Privacy Act. In addition, 15% of organizations had at least one data loss or cyber breach incident.

The U.S. Federal government sector surged to the front with 91% of sites placing on the honor roll, a dramatic turnaround from 2017 when they had bottomed out at 39%. Consumer services (including social media, payment services, video streaming, file sharing, and dating) finished second this year at 85%. News & Media and then Banks came in at 78% and 73%, respectively. Internet Retailers came in at 65%, barely edging out ISPs, carriers, hosters and email providers at 63%. Healthcare, a new sector this year, had the lowest overall honor roll placement at 57%.

Top Scorers

The Top 50 (Appendix C) shine bright with the best overall scores across all 1,200 sites we analyzed. They are:

  • Top Overall: Google Play
  • Top Bank: First National Bank of Omaha
  • Top Consumer: Paypal
  • Top Healthcare: 23andMe
  • Top ISP/Host: Google Cloud Platform
  • Top News: Google News
  • Top Retailer: Google Play
  • Top U.S. Federal: Federal Emergency Management Agency (FEMA)

Audit Resources

Too many numbers in here? We have some resources to help distill down the highlights, including:

Webinar

We’re hosting a webinar to discuss the Audit results on 24 April, from 1PM-2PM EDT (17:00 UTC) for the ISOC community webinar. See https://www.internetsociety.org/events/ota-honor-roll-webinar/ for more information.

Improve Your Security & Privacy

How would your organization do in the Audit? Check out Appendix E – the Best Practice Checklist – to see how you’d stack up, and use it to improve your site’s security and privacy.

We hope you’ll read the report, view the infographic, watch the video, share the news, and/or join us on the webinar. And be sure to watch OTA on TwitterFacebook, and LinkedIn and share using #OTATrustAuditHonorRoll!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...