Companies had to receive a composite score of 80 percent or more of the available points to qualify for the honor roll. Additionally, a new requirement was added this year: The companies had to score at least 55 percent of the points in each of the three major categories of brand/domain protection, site security and privacy policies and practices.
"We really believe that trust and security is like a chain," Spiezle explains. "You're only secure as your weakest link."
"One of the areas that we're really pushing is the need to move from a compliance perspective to one of stewardshipfrom what you have to do to comply to what you can do that's above and beyond," he adds.
Twitter takes top consumer security, privacy honors
Spiezle notes that Twitter, which achieved the highest composite score of any of the companies audited, is an exemplar of that approach.
"Twitter is pleased to have earned the top score on the OTA Honor Roll," says Bob Lord, director of information security at Twitter. "By supporting Always-on SSL, Do Not Track, DMARC and most recently login verification, we aim to keep users connected securely to everything happening in the global town square."
Companies in the Social 50 outpaced both the IR500 and FDIC 100 two to one in the percentage of companies qualifying for the Honor Roll. Spiezle notes that companies focused on social tend to be much newer, which in turn tends to make them more agile, as they are less dependent on legacy technologies. Many banks and commerce sites are saddled with complex legacy sites and data centers that impede their ability to quickly adopt best practices.
Retailers improving adoption of best practices
Of the Internet Retailer 500, 26 percent achieved the Honor Roll, up slightly from 25 percent in 2012. Brooklyn, Oh.-based American Greetings, the world's largest publicly traded greeting card company, won the top score in the retailer category.
"Through an ongoing process we have evolved our data security and privacy practices from one of compliance to one of stewardship," says Joseph Yanoska, vice president, technology, American Greetings. "We're honored by the recognition the OTA has given us, and are committed to supporting their efforts. We share and embrace their approach to security and hope that it results in a higher level of trust from our customer base."
While retailers overall improved their rating in the 2013 audit, Spiezle says that 74 percent have not fully adopted best practices, and 53 percent of retailers that did not qualify for the Honor Roll failed to achieve passing scores in one or more categories, which unnecessarily exposes their users to security, privacy and social engineering threats.
Sign up for CIO Asia eNewsletters.