Menu
For professionals who help clients establish a presence online, the subject of website security often flies under the radar. It’s a specific niche and one that many web professionals often avoid.
To cast light on the subject, this year we look at insights from more than 200 web professionals — including web designers, developers, freelancers, and marketing agencies. Their answers produced statistics related to:
The term “web professional” loosely refers to individuals and organizations that provide services online, including:
A closer look at the web professionals
Individuals responding to our survey held decision-making roles, either as a solo entrepreneur or with a business or nonprofit. Nearly 34% of respondents indicated they owned or held a partnership in a small business. More than 38% said they developed websites for clients, either as a freelancer or the owner of an agency.
The scope of their work varied. More than half of our respondents (51.4%) worked on a smaller scale, indicating they handled fewer than eight websites in the past year. About 28% of respondents were midsize operations, with between eight and 50 sites last year. Larger operations, with 51 to 100+ websites, accounted for just over 10% of responses.
Although there remains no fire-and-forget method for securing websites, third-party components like WordPress plugins are becoming more popular for this role. These components often automate routine tasks like scans and backups, reducing the amount of time a person needs to spend on them.
The vast majority of all respondents relied on third-party components or plugins to secure clients websites, with 46% paying for these components and 42% using free versions. Although larger operations relied on plugins, more than 73% of them indicated they handled some aspects of website security in-house.
Get certified with our free Agency Security 101 Course
This data aligns with the amount of money that respondents said they were willing to spend each year on website security. More than 79% of all our web professionals said they were unwilling to spend more than $500 — a figure which seemed to remain a benchmark regardless of the size of their operation.
Download the website security marketing kit
Hands-on website security tasks
For tasks that required some degree of manual interaction, the vast majority of respondents (75%) indicated they handled updates to the CMS and other components. More than 67% also indicated they backed up clients’ websites, while 57% installed SSL certificates and 56% handled scanning and monitoring.
Overall, only a quarter of all respondents indicated they would handle malware cleanup. However, that figure jumped to nearly 59% among larger operations, compared with less than 11% among smaller operations.
Technology recommendations & implementation
Only 2% of respondents indicated they didn’t recommend or set up any kind of security products for clients. The majority of our web professionals recommended or set up products including:
This awareness of website security was echoed in reponses about installing security patches — one of (if not the most) popular attack vectors for bad actors. More than 63% of respondents said they enable automatic updates or install them as soon as possible.
However, these figures shifted among smaller operations, as they mainly relied on automatic updates — or checked weekly (14.8%) if automated updates were unavailable.
A significant majority (66.4%) of all our web professionals indicated they did not need help discussing website security with clients, and nearly 56% indicated having the discussion early, when clients first signed up. However, nearly 15% said they don’t talk about website security at all with clients.
Interestingly, respondents who didn’t discuss website security said that more than 77% of their clients were concerned or extremely concerned about website security — with a third of these clients having experienced a malware infection.
Perhaps unsurprisingly, among respondents who said their clients were unconcerned or extremely unconcerned about website security, nearly 78% had experienced a hack. Hacks took a variety of forms:
The impacts of a hacked website
Among all of our web professionals, more than 59% said the greatest impact of a hack on their clients was lost time. More than 27% reported a loss in revenue, while damage to their clients;’ brands was also an issue — with 26.4% reporting a loss in confidence and 25.6% noting a damaged reputation.
Scan a Website For Free With SiteCheck
When it comes to web professionals and website security, there are limitless one-off scenarios and related discussions. This year’s Web Professional Security Survey seeks only to expose the tip of the iceberg and, hopefully, spark discussions that ultimately support a safer internet for everyone.
Key takeaways from this report include:
Thank you for taking the time to read our report. If there is any additional information you think we should be tracking or reporting on, we want to hear from you.
