Business Law & Compliance

Stuck with an unsecure business site? Here's what your customers are thinking

8 min read

13 February 2019

An unsecure business site is not only a security threat for customers, it can turn them off your brand for good. Our research provided exclusively for Real Business shows you exactly what customers are thinking when they click on unsecure sites.

Will anyone trust you if you’re “not secure”? That’s the question diligent business owners should be asking themselves if they have a company website, (which is everyone these days).

So, listen up SME owners, because the issue of website security affects the whole lot of you.

Imagine the scenario…you’re a potential customer and you’re browsing the internet. Then suddenly you come across a site that’s flagged as “not secure”. What do you do?

Your automatic reaction might be to leave the website or start questioning the legitimacy of the brand entirely.

Well, according to the research we’ve compiled at John Cabot, many customers would be put off a brand for good if their website appears unsecure. Let’s find out more…

Back in July 2018, Google Chrome started explicitly warning users that if a website’s domain was simply delivered on HTTP and not HTTPS, it means it wasn’t deemed secure enough.

We did the research so you don’t have to

As a business owner, you might be wondering what this means for your website traffic, sales and brand.

We were curious too, so over the last month we have surveyed around 1,324 people to find out whether the “not secure” warning actually impacts user behaviour. You can read about the findings later on…

Google set the rules to make the internet safer

To understand where this all came from, we have to go back to 2014 when Google first announced that websites that moved to HTTPS would be rewarded in Google’s search results, making it an SEO ranking factor.

This was a part of Google’s plan to make the web a safer place. However, you may have noticed that there are still millions of websites with the “not secure” warning, including major UK businesses such as Topshop, National Rail and Three (you’ll see this on the desktop version), despite being trusted brands. But more about that later…

Testing customer reactions: The outline

To kick off the research, we showed participants the “not secure” warning on generic websites and asked them to explain what it meant to them and how it reflects upon the organisation.

We only asked open-ended questions so we’d get the most authentic answers. The questions were designed to explore the subject as fully as possible.

The results: Customers are “turned off” by an unsecure website

Overall, 47% of the people we tested had the right idea and knew roughly what the warning meant.

We found that 46% said they wouldn’t enter their name, password or bank details into a website that was “not secure”, with 64% of those saying they would leave the website instantly.

“Many believed that the website was dodgy, a scam or had been hacked.”

Additionally, 14% feared their device had been exposed to a virus, 8.4% thought it had signed them up for spam emails and 12% thought it was a fake version of a real website.

9% were slightly less suspicious and believed it indicated the content was unreliable and not fact-checked.

Other responses included a lack of privacy or fears that their search history would be available to purchase.

Customer-facing businesses with unsecure sites suffer loss of customer trust

We were surprised at how these results quickly changed based on the type of business.

This was most obvious with an estate agent and a hotel’s website. With the estate agent example, we saw a significant increase in answers reflecting on the organisation’s integrity itself as opposed to the website.

“The most popular answers identified the estate agent as being unprofessional and amateur, and “not bothered” about their customers. Terms like “avoid”, “don’t trust”, “dodgy” and “crooks”, kept appearing, and were all related to ripping off their customers.”

The hotel website example, however, received answers around the product (the hotel itself) being “fake” and not really existing. Common terms included “would not book” or would require “further research”.

Finally, we showed participants well-known brands as examples. The results echoed the previous industry results. All except one: John Lewis.

Legacy brands can sometimes get away with unsecure websites: The John Lewis example

John Lewis is recognised as an iconic brand, gaining the trust of its customers with its famous promise “Never knowingly undersold”.

– This trust, it seems, makes all the difference.

While 21% of participants gave answers related to being disappointed with the brand, a surprising 23% chose not to believe it at all and became suspicious of the research.

In fact, 10% thought they’d mistakenly clicked on the wrong link, 10% blamed the software or technology they were using and 4% even blamed their device.

“More interesting still, whilst 64% of respondents originally said they’d leave a “not secure” website immediately, with John Lewis, that dropped to just 5%.”

In all, it seems that customers refuse to or simply cannot believe that John Lewis is untrustworthy, which is a real testament to the strength of their brand, but this obviously won’t work instantly for everyone.

Why are website owners not making the move to safety?

Many website owners still haven’t made the move to HTTPS and when we asked why we discovered that people are worried about losing website traffic during the migration, system issues and poor redirects, as well as not having enough in-house expertise to do it.

There’s no need to fear the move

If you’re thinking about making the switch, we hope that this research demonstrates that moving to https is not just about better search rankings and a faster site (you can test http vs https site speed here), it also impacts user experience, bounce rates and the amount of visitors willing to input basic or sensitive information on your site.

SMEs, brand quality alone won’t be enough to save you

In all, don’t be lazy about your “not secure” label, it can seriously affect the way your customers engage with your site, as well as their perception of your brand as a whole – unless you’re John Lewis, of course.