If you’re just a casual web user, you probably don’t pay much attention to website URLs. You may also don’t know the difference between HTTP and HTTPS. What does that last “S” stand for? Why should you care if a website has this?
Here are some facts about cybersecurity and SSL that you need to know.
Top SSL Stats: Editor’s Choice
- 6.3% of the top 100K are SSL-compliant.
- 85% of all websites were encrypted in 2020.
- Only 47.9% of websites are adequately secured.
- 80.85% of all pages loaded in Firefox use HTTPS encryption.
- Let’s Encrypt has issued almost 2.7 million certificates in November 2021.
- Websites with SSL certificates saw an 18–87% increase in conversion rates.
- The prices of SSL certificates range from $10 to $238 annually.
- In the US, encrypted Chrome browsing time is 92%.
What Is SSL?
SSL (or Secure Sockets Layer) is a security protocol that establishes encrypted and authenticated links between networked users and the site they’re visiting. While most people still refer to this protocol as SSL, it has been long replaced by TLS (in 1999). The latest available update of the protocol is TLS 1.3.
Fraud Issues and Internet Security Statistics
With the ever-increasing cyber population and the millions of online transactions, there is also an increase in cybercrime involving fraud and identity theft. Cybercriminals typically hack users for information to steal their identities.
SSL certificates can help protect website users from these attacks—this can, in turn, improve your customer retention statistics.
1. In 2020, there were 1.4 million cases of identity theft in the US.
With the eruption of the global pandemic, identity thieves have been busier than ever. According to the latest research involving encryption statistics, there were nearly 1.4 million identity theft cases in the US. More precisely, the number accounted for 1,387,615.
This indicates identity thefts have more than doubled year-on-year, with the figures showing 650,523 in 2019.
Unfortunately, hackers got access to this information through unprotected websites and phishing.
2. One-third of all unauthorized data acquisition involves phishing.
Phishing is a popular way for hackers to gain sensitive information. The perpetrators acquire this data by pretending to be a legitimate website or institution. Registered SSL providers confirm the legitimacy of websites while also protecting user data through encryption.
3. With 89,476 reported cases, the banking industry has among the highest numbers of exposed records.
Identity theft is a serious issue that comes in different shapes. Although this figure has skyrocketed with the COVID-19 outbreak, more industries have been more subjected to fraud than others. For instance, banking is one of the sectors with the most issues with data breaches.
Breaches typically happen when fraudsters hack the personal information of bank clients to access credit card credentials. Aside from credit card fraud, SSL security facts show that hackers also take advantage of unauthorized access to online banking accounts.
Government documents have reported the highest cases of identity theft, a staggering 1,663% growth from the pre-pandemic period.
4. 37.9% of users who lack cybersecurity awareness fail phishing tests.
Those who are not familiar with cybersecurity are more susceptible to online fraud. Such victims are unable to determine whether a particular website or pop-up page is malicious. Hence, they unknowingly give personal information to scammers.
SSL statistics imply that websites with protection encrypt this type of data, making it much safer for users without much understanding of cybersecurity.
5. An estimated $24.26 billion was lost due to credit card fraud in 2018.
Based on the latest data available, more than $24 billion were lost to credit card frauds. The same stats also point out how 38.6% of those reported credit card frauds came from the US alone.
Credit card fraud has been ranked as the number one in identity theft cases, amounting to 35% of all fraud reports.
6. According to stats about SSL, businesses comprised 46% of the total number of breached data.
Almost half of all data breaches have come from businesses. These include companies across different industries, such as banking, retail, and online stores.
Non-protected websites expose data out in the open and hackers gain access to customers’ personal information that they use for identity fraud.
7. 6.3% of the top 100K websites are SSL-compliant.
It’s extremely important for all sites to provide absolute security to their visitors and consumers. However, internet privacy statistics indicate that only some of the services, especially the ones involving private and financial information, have prioritized securing their clients’ data.
On the other hand, almost all of the websites bear some sort of security threat—even WordPress stores login details across the internet.
8. During the lockdown, Google blocked over 18 million COVID-related phishing emails every day.
Fraudsters have taken advantage of the COVID-19 pandemic for malicious activities. As the pandemic forces people to stay indoors, they spend more time online.
Google stats on SSL state how the company blocked as many phishing emails as possible—the company registered almost 20 million COVID-related emails a day. Unfortunately, cybercriminals exploit internet users looking for information connected to the pandemic.
On top of that, Google also blocked a staggering 240 million spam messages related to COVID-19 each day.
9. Three new phishing sites are launched every minute.
Phishing sites copy already existing and legitimate websites such as shopping platforms, online banking, credit card companies, and telecommunications providers. A shocking study on SSL traffic statistics reveals that a new phishing site is launched every 20 seconds.
Moreover, phishing sites also pose as random pages stating the user has won fake prizes in exchange for their personal details.
10. 57% of organizations have experienced phishing incidents through mobile devices.
Considering how influential mobile devices have become over the past few years, it is no surprise cybercriminals started making their own way on smartphones and tablets. Hackers use phishing on mobile devices through different apps, including messengers, gaming, and various social media applications.
Internet security statistics also show that individuals are more susceptible to phishing attacks on mobile devices than desktop computers.
11. Mobile phishing attacks have been up 85% per year since 2011.
Phishing on mobile is getting more common. Users who have encountered these activities reported clicking on links that bypass multiple security layers.
Emails are usually the first contact for malicious content, which people often open on mobile devices.
SSL Stats and Internet Security Facts
The prevalence of criminal activities online has made the use of SSL a standard practice. Through SSL, users can determine the websites’ legitimacy early on and exit if any problems arise.
The SSL data encryption also protects sensitive information, ensuring that all transactions are safe.
12. HTTPS websites accounted for 85% in 2020.
Malware campaigns that use some type of encryption were predicted to reach 70% by the end of 2020.
While the global internet traffic has been growing at the rate of 27% CAGR, encrypted internet traffic has shown similarly accelerated growth, from 55% in 2017 to 85% in 2020.
Unfortunately, the rise of encrypted traffic is not completely positive. Cybercriminals are now using encryption to carry out their attacks more easily without being detected. For this reason, companies operating online must think of new ways to protect themselves.
13. 47.9% of surveyed websites are inadequately secured.
This data for January 2022 showed how the percentage of websites that passed the encryption test with one of the A grades (A+, A, A-) is steadily growing. According to HTTPS usage statistics, about 51.6% of all the encrypted websites passed with an A grade in December 2021.
Only 17.9% are currently graded A+, signifying the maximum security provided for their visitors. Considering how many websites are there, there is still a long way to go when it comes to internet security.
14. 80.85% of all pages loaded in Firefox use HTTPS encryption.
When it comes to the US users alone, the percentage is even more impressive—92.84% of pages were encrypted for users’ security.
Comparatively, HTTPS statistics show users in Japan, for example, are much closer to the global average, with 84.95% browsing the pages safely.
15. SSL Labs reports that only 52.1% of websites on the internet are secure.
Out of 136,344 websites surveyed, only 71,053 were rated as secure. Grade F, indicating severe security issues, was given to 2% of the website in a monthly scan for January 2022.
It’s important to note that the websites were taken from Alexa’s list of the world’s most popular sites.
16. Let’s Encrypt has a market share of 8.3% among the websites using SSL certificates.
Let’s Encrypt is used as SSL certificate authority by 9.3% of websites. As of February 2022, the usage has decreased from the previous year. However, this figure is still astonishing, considering the company’s market share was just under 0.1% in March 2021.
17. In November 2021 alone, Let’s Encrypt has issued over 2.7 million certificates per day.
During this period, the number of certificates has reached an all-time high. SSL statistics revealed that it was only the beginning of 2021 when over two million certificates were issued.
The timing doesn’t come as a surprise, considering that many people’s lives have been reduced to online existence and operating—boosting concerns and immediacy for secure navigation on the internet.
18. Having multiple security products increases security risks by 50%.
“Less is more” is certainly true when it comes to security providers. Data shows that organizations face half of the security risks due to having multiple security providers.
Sticking with one provider with a tailor-fitted security approach is much safer than having several vendors.
19. SSL facts show ecommerce websites with SSL certificates saw an 18–87% increase in conversion rates.
Users are more likely to click the buy icon and give information knowing that the site is secure and can be trusted.
The increase in profitability is a huge benefit for ecommerce sites compared to the small fees associated with getting an SSL certificate, thus becoming the standard for all ecommerce businesses.
20. Good SSL certificates range from $10 to $238 annually.
The best SSL certificate is one that fully protects your website users. But there are different types of certificates with various extra features. While there are free SSL options, such as CACert, they only offer a very basic protection level.
Next is Namecheap from Comodo Positive at $10 annually, with features that are a notch higher than the free versions.
On the other hand, Geotrust True BusinessID stands at the top at $238 annually. With that hefty price tag comes all the features business owners need, as well as the positive association with a well-trusted security brand.
21. SSL certificate facts reveal that 86% of scammers can still conduct fraudulent activities through registered HTTPS sites.
As free SSL certificates only give you basic protection, perpetrators use the loopholes on free certificates for malicious intentions. It’s shocking how almost 90% of these attacks use malware or other forms of trojan viruses.
Other common means for fraudsters to conduct malicious activities happen through spear phishing, CEO fraud, and impersonation tactics—to mention a few.
In terms of email-based attacks, only 14% of cybercriminals used malware to violate people’s security.
22. The recommended HTTPS encryption strength is 128/256-bit bulk.
The encryption strength is measured in bits used to encrypt data during one SSL session. The higher the number of bits is, the longer it takes to decipher the data encrypted by it. Although 256-bit is the safest option, 128-bit is also very difficult to crack.
23. California alone had 147,382 reported cases of identity theft in 2020.
California has the most reported identity thefts in the US, followed by Illinois, Texas, Florida, and Georgia.
The SSL overview proves that the number of cases coincides with the population’s size per state, as the higher population also tends to have higher reports.
24. In 2022, Brave turned out to be the most secure web browser.
Brave has been ranked as the most secure web browser. Brave’s primary focus is on privacy, as it does a superb job of blocking cookies and pop-up ads. Tor Browser placed second for the most secure web browser: it’s also highly secure but at the expense of speed.
The most popular names, such as Mozilla, Google Chrome, and Safari are trailing behind them.
25. According to SSL encryption stats, 69% of organizations don’t believe antivirus software is enough.
With cyber fraud continuously rising, the most recent statistics and facts show almost seven in ten of surveyed organizations believe that anti-virus software is not enough to protect them from data breaches.
While many antivirus providers offer a fair amount of protection, SSL will always be an essential defense line against attacks.
26. Sectigo is the best SSL provider, taking up a 40.30% in market share.
Not only is Sectigo among the top 10 SSL certificates, but it is the most used out there. Comodo Cybersecurity comes far behind, registering a market share of 19.88%. Digicert ranks third, standing at 14.42%.
GoDaddy (12.69%), Starfield Technologies (8.36%), and Global Signs (3.18%) place fourth, fifth, and sixth, respectively. Network Solutions, SecureTrust, and Entrust complete the top 10.
27. 65% of CIOs are concerned about cyberattacks due to expired or compromised SSL certificates.
It is safe to say that there are different types of SSL certificates, as 93% of CIOs admitted to having more than 100,000. However, about two-thirds of CIOs are still worried about cyberattacks because their SSL certificates might be expired or, even worse, compromised.
More than half (56%) of respondents expressed concerns about a business disruption caused by outages of invalid certificates.
Around 74% of these CIOs indicated that they experienced a certificate-related outage over the past years.
28. Apple is the most copied organization for phishing attacks.
According to Google HTTPS statistics, Apple is not only popular among gadget-savvy folks, but it’s also a favorite among fraudsters. Hackers often copy the Apple website to attract unsuspecting users.
Scammers use fake promotions and other lures to obtain user information while pretending to be Apple.
29. As of January 2022, the percentage of encrypted Chrome browsing time in the US is 92.
The traffic is counted only for the active tab in Chrome—if a user has more tabs open, metrics aren’t drawn from the inactive tabs. It’s important to highlight that this is data collected from Windows OS only.
When it comes to Android devices, the Google Chrome SSL encryption percentage is even higher, standing at 98%.
30. Only 2.8% of surveyed sites support SSL v3.0.
Conversely, an astonishing 99.6% of websites support TLS v1.2. This version of the security layer is the most supported across the web, with its newer version—TLS v1.3—supported on 51.4% of websites.
Although last updated eight years ago, the final version of TLS 1.3 has been available online only since August 2018. After going through a total of 28 drafts, it was finally announced that it’s ready to use. TLS 1.3 version usage statistics showed a projected growth by the end of the year.
31. China is the largest source of phishing email spam accounting for 21.26%.
Most phishing and spam emails come from China. The US follows with 14.39%, and Russia comes third with 5.21%. Venezuela had the most phishing victims, according to the most recent survey available.
SSL Stats: The Takeaway
Various research points out the importance of SSL in online security. Users have to be vigilant when visiting websites and must always make sure to first check for authenticity by looking for SSL indicators.
For web owners, SSL use is a must, not only for increasing conversion rates but also as part of the movement to make cyberspace safer for everyone.
Frequently Asked Questions
How secure is HTTPS?
While HTTPS confirms the usage of an SSL certificate, there are still several instances that this can be breached. Despite not being a guarantee of security, SSL is still a protective layer that helps reduce the chances of fraud.
Depending on the SSL certificates used, fraudsters will find it a lot harder to continue any malicious activities. On the other hand, users will be aware of whether to proceed or leave through the security indicators.
What’s the difference between site stats with and without SSL?
Google proves that websites with this type of encryption rank much higher in the search engine results than those without SSL. In a move to promote safe browsing, Google automatically prioritizes SSL-protected sites and pushes them higher on search results.
Other search engines are following Google in this, making SSL a standard for a trusted website.
What percentage of websites use SSL?
Currently, 85% of all websites are using SSL. With search engines rallying to promote a safer online environment, the number has grown in recent years and continues to rise.
Users’ awareness about online security is also spreading, making legitimate site owners more willing to employ SSL to gain trust with their visitors.
How much does an SSL certificate cost?
There are many different SSL certificates, ranging from free to $218. The price typically depends on the SSL providers and type of service, as the cost increases with the number of features.
Free SSL certificates are considered starter packs and come with the most basic protection. The higher the price tier, the more protective features there are.
How many websites use HTTPS in 2022?
SSL stats reveal that default protocol HTTPS is used by 78.2% of all websites on the internet. Search engines’ initiatives to favor SSL-protected sites in searches push web owners to use protective measures.
The numbers continue to rise as many web owners are catching up now—HTTPS has become a standard for most business websites.
AARP, Best VPN, Built With, Datanyze, Exai, Fool, Fortinet, Frontiers, Google, KnowBe4, Let’s Encrypt, Lifewire, PurpleSec, Sectigo Store, Security Boulevard, Shift Processing, SSL Labs, The SSL Store, Virus Guides, W3Techs