News and sports websites have some of the lowest levels of security adoption, a study has suggested.
A team of cyber-security experts looked at the security protocols used by the top 500 sites in various industries and online sectors.
They found that fewer than 10% of news and sports websites used basic security protocols such as HTTPS and TLS.
Even those that do are not always using the “latest or strongest protocols”, one of the study’s authors said.
“As time goes by, all encryption gets weaker because people find ways around it,” Prof Alan Woodward, a cyber-security expert at the University of Surrey, told the BBC.
“We tested the University of Surrey’s website using a site called Security Headers a couple of weeks ago and it got an A,” he explained, “but it’s only a C now.”
The research, published in the Journal of Cyber Security Technology, shows that some sectors seem much more security-conscious than others.
The websites of computer and technology companies and financial organisations showed a much higher level of adoption than shopping and gaming sites, for example.
“In the financial sector, almost every one of the sites we looked at had encrypted links”, Prof Woodward said, “but even in retail the adoption of the very latest standards is low.”
A quarter of the shopping sites studied were using Transport Layer Security (TLS), which offers tools including digital certificates, remote passwords, and a choice of ciphers to encrypt traffic between a website and its visitors.