Today’s nationwide survey of UK Public Sector domain infrastructure shows a disturbing picture of critical SSL failings on 25% of sites.

The survey, carried out by Cloud SSL during the first week of March, reveals compromised legacy SHA-1 certificates are still covering 10% of all sites and the NOT SECURE browser warning is present on 25% of all sites.

This comes at a time when GDPR Compliance, Browser Changes (NOT SECURE) and the full retirement of SHA-1 are all driving essential change and best practice in website SSL security.

Join the University of Oxford and many other Public Sector organisations in using our Unlimited Issuance SSL Account with free Audit Tools, to target SSL risks and save significantly on SSL spend, whilst being able to issue Extended Validation SSLs to every site. The more you issue the less it costs.

The current average spend per Public Sector Organisation on SSL certificates is £6,230 per annum – and rising.

The average cost using Cloud SSL, per Public Sector Organisation, is £2,500 per annum for an unlimited number of SSL certificates. Each organisation can protect more sites for less than half their usual spend, and all with High Assurance EV SSL Certificates.

UK Public Sector SSL Survey

Browser Changes

The SHA-1 algorithm is no longer secure. Google has already announced that Chrome will block SHA-1 SSL/TLS certificates from version 56, which is was released at the end of January 2017. They have also marked all NON-HTTPS with FORMS, LOGIN or PAYMENT pages as NOT SECURE.

Microsoft and Mozilla have now announced they too will be ending support for SHA-1 HTTPS certificates – Mozilla from build 51 of Firefox (January 2017) and Microsoft Edge / Internet Explorer 11 from February 14th 2017. On all fronts, D-Day is finally arrived for SHA-1 and more importantly for unprotected sites.

Are your Logins and payment pages secure?

If not, your visitors will now see web browser warnings – you will begin to lose traffic and your online revenue will decrease.

Prevent your website from displaying as non-secure by booking a free audit across all your sites and creating a free SSL account, securing your entire SSL estate at reduced cost.