Most Government Websites Fail Online Trust Alliance Security & Privacy Audit


Consumer services sites such as Twitter Inc. and YouTube have the best website and email security and privacy practices, but approximately 60 percent of government websites are exposed to cybersecurity threats, according to a June 20 report by the Online Trust Alliance, an online industry non-profit.

The alliance’s ninth annual “Online Trust Audit & Honor Roll”—for which the group analyzes more than 1,000 consumer-facing websites for privacy and security measures—found that 76 percent of audited consumer services websites had sufficient “grades” to make the honor roll. The OTA defined consumer services websites as “any website that requires consumers to create an online account such as social media, file sharing or dating.” 

Trailing the consumer services industry, 51 percent of internet retailers, 48 percent of news and media, 46 percent of internet service providers, 39 percent of U.S. federal government websites, and 27 percent of Federal Deposit Insurance Corp. 100 banks made the OTA honor roll. 

The OTA found that more websites are “trustworthy” than ever before, but the disparity between secure and unsecure websites is increasing. Websites “increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas,” OTA said.

The OTA noted that the score for U.S. government’s websites decreased significantly from 46 percent in 2016. 

Privacy and security risks associated with U.S. government websites have been well-documented before, but it looks like the federal government is starting to take concrete steps to address them. 

In February 2016, President Barack Obama proposed a $19 billion Cybersecurity National Action Plan, which included a $3.1 billion fund to modernize and replace legacy information technology systems in the government. Following up on Obama’s efforts, President Trump May 11 signed an executive order aimed at protecting U.S. critical infrastructure systems and federal information technology networks from growing cyberattack risks. In addition to calling for stronger critical infrastructure systems, Trump directed agency heads to be responsible for cybersecurity management; asked the secretaries of Commerce and Homeland Security to identify and promote action to increase internet resiliency; called for an assessment of the cybersecurity workforce; and directed the administration work with international allies to reach these goals.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.