In July 2018, Google started explicitly warning users in Google Chrome when a website is “not secure”, meaning it isn’t an HTTPS site.
You’ll likely already know that moving to HTTPS helps with better search rankings and a faster site (you can test http vs https site speed here).
In this original study compiled by our team at John Cabot, we explore how the “not secure” label impacts user behaviour and perceptions of a website.
- Loss of customers – 46% of respondents said they wouldn’t enter their name, password or bank details into a website that was labelled as “not secure”. 64% of those said they would leave the website instantly.
- Loss of trust – Many respondents believed that the website was dodgy, a scam or had been hacked.
- Types of organisations – The type of organisation affects how respondents react to the warning, particularly customer-facing businesses whose integrity is doubted.
- Strength of brand – The results varied based on how strong the brand already was. A recognisably trustworthy brand like John Lewis, for example, is more likely to be given the benefit of the doubt and would have little effect.
How do I apply this research:
While there may already be plenty of information out there on why and how you should move to HTTPS, there’s very little on what real people actually think and how it affects their perceptions.
If you or a client are worried about making the move to HTTPS due to traffic loss, not having the expertise or technology restrictions, then this research could help create a business case for investing in the move.
It also highlights how important it is to invest in your brand and how companies can be “forgiven”, which may also apply to bad reviews and technical faults.
Google Chrome currently has 70% market share when it comes to desktop browsers (Statista). That’s a lot of people seeing the “not secure” warning, and yet, millions of websites including major UK businesses still haven’t made the switch. This even includes trusted brands like Topshop, National Rail and Three (which you’ll find on the desktop version).
We asked why and discovered there were a range of possible reasons including worries about losing website traffic during the migration, system issues and poor redirects, but also not having enough in-house expertise to do it.
During our research, we showed 1,324 people from the UK the “not secure” warning on generic websites across various industries. This included hotels, estate agents, event management, wedding planning, department stores, clothes retailers, travel companies, phone networks, railway networks and universities. We asked them to explain what this meant to them and what it made them think about the organisation.
After, we replaced these generic examples with recognisable brands to see how participants’ answers changed. All questions were open-ended, designed to get only the most authentic answers. This helped us to be able to fully explore the subject.
What does the “not secure” label mean to you?
Result takeaway – Overall, 47% of the people we tested knew roughly what the warning meant. We found that 46% said they wouldn’t enter their name, password or bank details into a website that was “not secure”, with 64% of those saying they would leave the website instantly. Many said they believed that the website was dodgy, a scam or had been hacked.
Additionally, 14% feared their device had been exposed to a virus, 8.4% thought it had signed them up for spam emails and 12% thought it was a fake version of a real website. 9% were slightly less suspicious and believed it indicated the content was unreliable and not fact-checked. Others thought it indicated a lack of privacy or feared that their search history would become available to purchase.
How does this affect customer-facing businesses?
Result takeaway – The results quickly change with the type of business with customer-facing businesses generally suffering a loss of customer trust. With an estate agent example, we saw a significant increase in answers reflecting on the organisation’s integrity itself as opposed to the website. The most popular answers identified the estate agent as being unprofessional and amateur, and “not bothered” about their customers. Terms like “avoid”, “don’t trust”, “dodgy” and “crooks”, kept appearing, and were all related to ripping off their customers.
In a hotel website example, however, answers were around the product (the hotel itself) being “fake” and not really existing. Common terms included “would not book” or would require “further research”.
Finally, when we showed participants well-known brands as examples, the results echoed the previous industry results. All except one: John Lewis.
How are legacy brands affected?
Result takeaway: When showed John Lewis, results changed. As a recognised and iconic brand, it gains the trust of its customers with its famous promise “Never knowingly undersold”. This trust, it seems, makes all the difference. While 21% of participants’ answers reflected a disappointment with the brand, a surprising 23% chose not to believe it at all and became suspicious of the research. In fact, 10% thought they’d mistakenly clicked on the wrong link, 10% blamed the software or technology they were using and 4% even blamed their device.
What is even more interesting is that whilst 64% of respondents originally said they’d leave a “not secure” website immediately, with John Lewis, that dropped to just 5%. Overall, it seems that customers refuse to or simply cannot believe that John Lewis is untrustworthy, which is a real testament to the strength of their brand, but this obviously won’t work instantly for everyone.
As with any research, participants know they are being monitored so that can cause them to behave differently. For example, with the “not secure” label highlighted, it might prompt them to overthink their answers, rather than act as they naturally would.
By making the questions open-ended, our intention was to get real answers instead of the results we wanted. When grouping or categorising the answers, however, this was based on our understanding, which means it may have been possible for us to misinterpret the meaning of the answers.
All websites and users are very different, so while the examples used might apply to an example in your industry or similar brand, this doesn’t mean you’ll get the exact same results.
The “not secure” label not only impacts rankings in the SERPs and website speed but also user behavior. This study shows that the public is divided on what the ‘not secure’ label actually means. The results show that only 47% of participants knew the actual meaning of the warning, and their behaviours changed based on their own interpretation of it.
With 46% saying they wouldn’t enter their name, password or bank details into a website that was “not secure”, it’s definitely something to consider. Although this exact figure may not apply to you or your client’s business, (as the results varied on industry and brand) it does show that moving to HTTPS will not only help users find your website through better rankings, have a better experience through speed, but it will also boost conversions as customers are not instantly put off by this warning.