SSL certificates have come a long way since the early days of HTTPS adoption. A decade ago, only large companies and shopping sites required encryption. SSL certs were expensive and riddled with security vulnerabilities. Today, encryption is mandatory for all websites, regardless of type and size. With more users than ever sharing sensitive data online, protecting it against cyber-thieves is essential.
The ultimate goal of browsers and Certificate Authorities is to encrypt the entire Internet. And while we’re not quite there yet, the encrypted traffic across services such as Google is well over the 90% mark. To better understand how far HTTPS has come, we’ve provided a broader perspective through the lenses of numbers and statistics. Check below the top 10 stats about SSL Certificates.
1. 157,605,195 SSL certificates detected on the Internet
According to BuiltWith, we have over 157 million SSL certificates on the Internet as of 18th February 2021. That’s almost double the amount compared to the last year. In the United States alone, the number of certificates is a whopping 50,623,999. Second-placed Germany has only 4,640,223 certs. On the opposite side, The Union of Comoros has just 22 SSL certificates for the entire country.
2. 96% of all SSL certificates on the Internet are issued by just 9 Certificate Authorities
43.6% of all the websites use the IdenTrust CA. That is an SSL certificate authority market share of 52.7%. Digicert Group comes in second place with a 19.7% share, while Sectigo is currently third with a 17% market share. Most SSL certificate authorities, including Amazon, have a market share of less than 0.1%. Source: W3Techs.
3. The Certificate Authority market is expected to reach $123.8 million by 2023.
According to a report by MarketsandMarkets, the global certificate authority market will grow from $57.1 million in 2017 to $123.8 million by 2023, at a Compound Annual Growth Rate (CAGR) of 10.2% during the forecast period. That’s more than double the amount.
4. 94.3% of SSL certificates are Domain Validation
Domain Validation certificates dominate the Web with a 94.3% share as per a Netcraft report. Organization Validation certs have a 5% market share, while Extended Validation products 0.7%. Let’s Encrypt alone has issued over a billion free certificates. However, there’s also a definite place for premium certificates when you look at the share of traffic by certificate type. 49% of all the traffic goes via sites with OV, 37.9% via sites with DV, and 13.2% via sites with EV.
5. 59.4% of sites have inadequate security
According to SSL Pulse, a global dashboard for monitoring the quality of SSL/TLS support over time across Alexa’s top 150,000 most popular websites, a worrying number of sites (59.4%) don’t follow the best security practices. Of 137,270 sites surveyed on February 4, 2021, 81,605 had inadequate security. Whether it’s an incomplete certificate chain or weak ciphers, the alarming figure emphasized why a proper SSL configuration is critical.
6. 42.9% of sites support the latest TLS 1.3 protocol
TLS 1.3 brings new security features and a faster TLS handshake. Since its release in 2018, 42.9% of surveyed sites by SSL Labs have migrated to the latest version. 3.8% of sites still support the now-deprecated SSL protocol.
7. 74% of All Phishing Websites Use HTTPS
According to the Anti-Phishing Working Group (APWG), 74% of the phishing sites used the padlock in 2019. The report concluded that phishing activity, as well as the use of HTTPS protocol, are on a continuous ride with more than half (58%) of phishing websites employing a valid SSL certificate in Q1 of 2019 alone. That’s a significant 12% increase from the Q4 of 2018. Free SSL certificates offer phishers an extremely easy way to look more credible.
8. 85% of online shoppers avoid unsecured websites.
In November 2014, GlobalSign surveyed 6,000 respondents in Germany, France, the UK, the Netherlands, and Scandinavia to assess the general knowledge of internet security in Europe. It turned out, 85% of online shoppers refused to buy from unencrypted websites, while 82% didn’t access such sites altogether. Considering that this survey is six years old, today’s numbers are well into 90%.
9. 9.1732631e50 years needed to break the SSL encryption
Here at SSL Dragon, we’ve crunched the numbers to prove beyond any doubt that breaking the SSL encryption is beyond human capabilities. Unless you build a hypothetical super-computer that will require electricity from 30% of all nuclear plants, decoding the encrypted certificate is just a pipe dream.
10.82.2% of the websites use a valid SSL certificate
82.2% of the websites use a valid SSL certificate in 2021, up from 17.8% five years ago. The report courtesy of W3Techs highlights the progress of HTTPS adoption over the years, among other things. While percentage-wise, this number is pretty high, the remaining unencrypted 17.8% amount to millions of websites that are a potential security threat to users.
As you can see, the numbers indeed tell a story. The Internet is becoming a safer place as a result of affordable certificates and steady HTTPS encryption. However, plenty of challenges remain, especially the way websites configure their SSL certificates. With more and more services and companies migrating online, the SSL industry will continue to grow in the upcoming years.