Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsGovernment: Federal, State and LocalHospitals & Medical CentersRetail/Restaurants/Convenience

Government Best, Healthcare Worst in Protecting Consumer Data

Computer
April 16, 2019

An online audit of websites has found that consumer-facing U.S. government websites rank highest in security and privacy while healthcare comes in last.

The Internet Society’s Online Trust Alliance (OTA) identifies and promotes security and privacy best practices that build consumer confidence in the Internet.

The 10th annual Online Trust Audit & Honor Roll audited more than 1,200 predominantly consumer-facing websites, and was expanded this year to include payment services, video streaming, sports sites, and healthcare.

“From the global economy to daily individual interactions, more and more of our lives are conducted online. Yet every day brings headlines showing a lack of attention to consumer data and privacy protection,” said Jeff Wilbur, Technical Director of the Internet Society’s Online Trust Alliance. “The OTA Trust Audit & Honor Roll identifies organizations that place a premium on security and privacy, while shining a light on the sectors that have to work harder to earn society’s trust.”

The Audit found that 70 percent of analyzed websites qualified for the Honor Roll, the highest proportion ever, and up from 52 percent in 2017, driven primarily by improvements in email authentication and session encryption. The Federal government category surged to the front with 91 percent of sites placing on the honor roll, a dramatic turnaround from 2017 when government sites had bottomed out at 39 percent recognition. The Federal category supplanted last year’s winner, consumer services, which finished second this year at 85 percent (OTA considers consumer services any website that requires consumers to create an online account such as social media, payment services, video streaming, file sharing, or dating).

Healthcare, a new sector this year that includes pharmacies, testing labs, insurance companies, and hospital chains, had the lowest overall honor roll placement at 57 percent. Followed by ISPs, carriers, hosters and email providers at 63 percent.

Overall, the audit found a strong move toward encryption, with 93 percent of sites encrypting all web sessions (compared to 52 percent in 2017). Email authentication is also at record highs; 76 percent of sites use both SPF and DKIM (versus 48 percent in 2017) and 50 percent have a DMARC record (versus 34 percent previously). One growth opportunity is use of mechanisms for vulnerability reporting, which rose sharply in online retail, news and hosting companies, but were used by only 11 percent of organizations overall.

Industry Highlights – From best to worst performing industries:

1.    Government: (2017: 5th) 91 percent of audited U.S. federal government sites made the Honor Roll. Government sites scored highest in site security (94 percent), DMARC adoption (93 percent) and policy enforcement (83 percent), and IPv6 adoption (46 percent).

2.    Consumer Services: (2017: 1st) 85 percent of audited consumer services sites made the Honor Roll. These sites led in adoption of email authentication (96 percent) and scoring for overall privacy practices (76), and had the highest use of vulnerability reporting (43 percent). Unfortunately, they also had the highest breach rate (34 percent).

3.    News & Media: (2017: 3rd) This category was expanded to include sports sites. Significant improvement to an 78 percent score (vs 48 percent in 2017), thanks largely to nearly quadrupling use of always-encrypted sessions.

4.    FDIC 100 Banks: (2017: last) Banks made significant improvement to 73 percent, nearly triple 2017’s dismal 27 percent ranking, showing significant improvement in email authentication, the highest use of extended validation certificates (more than double the next closest sector) and lowest instance of cross-site scripting.

5.    Internet Retailers: (2017: 2nd) While 65 percent of internet retailers made the honor roll, better than last year’s 51 percent, this sector was outpaced by improvements in most other sectors. Email authentication improved, but privacy failures rose nearly 50 percent due to third party data sharing.

6.    ISPs, Carriers, Hosters & Email Providers: (2017: 4th) 63 percent of companies in this category made the Honor Roll, a solid improvement over 2017’s 46 percent, thanks largely to significant improvement in email authentication.

7.    Healthcare: (2017: unranked) This new sector showed the lowest overall placement on the Honor Roll at 57 percent, largely due to sparse adoption of email authentication and always-encrypted sessions. The industry did show the second highest scores for privacy.

KEYWORDS: cyber security cybersecurity privacy Security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • New Newswire Feature Image 3/8/2012

    DHS Ranked ‘Worst Place To Work’ In Federal Government

    See More
  • cyber health data

    5 keys for protecting health data in WordPress

    See More
  • Encryption Future - Security Magazine

    Best practices for protecting your data from ransomware

    See More

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
  • June 20, 2024

    Turning Threats into Solutions in Today's Cyber Landscape

    ON DEMAND: This webinar will also explore lessons learned and the evolving threat landscape of cybersecurity within local governments and how these key challenges and tactics can develop an effective security strategy.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing