Learn more about Whistic’s response to Apache Log4j and what we’re doing to help our customers with this vulnerability. Read more

The State of Security and Trust Pages

December 18, 2021

In a previous post, we discussed the make up of privacy, trust, and security at Cloud 100 companies. In today’s post, we’re going to highlight trends in general as they relate to privacy, security, and trust pages. 

To collect this data, we surveyed 520 cybersecurity and infosec professionals to get a feel for their stance on transparency and how they are projecting their security information publicly. Below are our key takeaways.

 

Higher frequency of security pages than Cloud 100

Eighty-one percent of respondents indicated that they had a security page on their company’s website, which is significantly higher than we found among Cloud 100 companies, but more in line with the number of privacy pages found among the Cloud 100. One reason for this may be that some companies view privacy and security pages as synonymous and don’t feel the need to include web pages for both.

 

Publishing contact information publicly should be a priority

Priorities for survey respondents are consistent with Cloud 100 as privacy policies and security questionnaires are the most important type of information companies need to display on their website. Where our survey respondents differ from the Cloud 100 is the importance of contact information for the security or privacy team. 

Our survey found that 40% of respondents thought it was important to include that contact information on their security page, while just 18% of Cloud 100 websites included that information on their security pages.

 

SOC 2 and ISO 27001 More Important to Survey Respondents

Additionally, there was more of an emphasis on including information related to GDPR and CCSA for Cloud 100 companies, while our survey found ISO 27001, SOC 1, SOC 2, HIPAA, and PCI Compliance more important.

There are a number of reasons this might be the case, but the most obvious is that Cloud 100 companies may have more dealings in California and Europe than our survey respondents and have built their security program around the most rigorous regulations they are required to follow.

 

SOTAT_Ebook Cover

Read Our New eBook: State of Transparency and Trust

In this ebook, we discuss the findings from our recent research on transparency and security policies along with recommendations for building a vendor security program that helps establish trust in the sales cycle.

Download Now

 

What security requirements respondents require of vendors

For the most part, what security information respondents require of their customers and what security information they think is most important is consistent. They only differ in the order of importance.

Screen Shot 2021-12-18 at 12.47.27 PM

 

Majority of respondents are flexible with what security information they would accept from vendors

77% of respondents say they are flexible and accept various audits, certifications, standards, and questionnaires from vendors, while 13% say it depends on the vendor, and only 10% say vendors must complete the questionnaire that is sent to them.

 

Download our report

To learn more about how vendor transparency is impacting customer trust, check out our latest report, The State of Transparency and Trust. In addition to the information above, we analyze survey results from 520 cybersecurity and InfoSec professionals about their views on transparency and provide tips for building an effective security and trust page on your website.

If you’d like to learn more about how Whistic can help your business, request a demo today.

vendor risk management vendor assessment security profile vendor security review vendor security management zero trust assessment

About the author

Whistic
Whistic

The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.

Close