Websites run by the country’s largest banks and the U.S. federal government scored the poorest in a security and privacy analysis.

The non-profit Online Trust Alliance (OTA) Alliance anonymously audited more than 1,000 websites for their site security, email security and privacy practices, without the sites knowing they were being watched.

The OTA’s 2017 Online Trust Audit & Honor Roll found that many of the companies and government agencies that operate some widely-used websites drop the ball when it comes to security and responsible privacy practices.

Fifty-two percent of the audited sites qualified for the OTA’s Honor Roll – a five percent improvement from 2016 and up from just 30 percent in 2014.

Websites run by the country’s largest banks and the federal government had the most failing grades and fewest Honor Roll recipients of the six categories studied.

To make the Honor Roll, a site must achieve an overall score of 80 percent or higher in three core categories – consumer protection, site security, and privacy – with no failures in any category.

Sixty percent of the 100 U.S. government sites audited received failing grades. Only 39 percent made the Honor Roll, a significant drop from last year’s 46 percent.

Top of Class honors went to the Census Bureau, Department of Education (grants and aid), (Dept. of Health and Human Services), Federal Communications Commission (FCC), Federal Deposit Insurance Corporation (FDIC) and US Postal Service store.

Only 27 percent of the country’s 100 largest banks made the honor roll, down from 55 percent in 2016. Until now, the banking sector had shown consistent and significant improvement.