Banks show most security improvements, still have long way to go
FDIC member banks showed the most improvement over last year: 25 percent of them made the Honor Roll in 2013, up from 22 percent in 2012. The banking sector also led in the adoption of EV SSL certificates with a 60 percent uptake rate. Retailers were second in the adoption of EV SSL, with a 33 percent adoption rate.
However, of those banks that did not qualify for the Honor Roll, 71 percent received failing grades in one or more categories, which OTA says it largely attributes to inadequate email and domain protection or outdated privacy policies with inconsistencies observed between their written policy and actual data collection observed.
As for top U.S. Government sites, OTA says they made improvement across all sectors in 2013, achieving 88 percent support of DNSSEC. However, OTA also found that these sites significantly lagged in helping protect consumers from forged and deceptive email and securing their sites from known vulnerabilities. Only 20 percent of government sites adopted both SPF and DKIM, and one-third received failing grades for their SSL server security.
"The 2013 report demonstrates how business leaders have recognized the need to move from compliance to stewardship," Spiezle says. "This is critical to consumer trust and to help stem the call for more regulation. The Online Trust Honor Roll report provides prescriptive and actionable guidance for businesses to move from a state of inaction to one which will enhance consumer protection."
Sign up for CIO Asia eNewsletters.