We\u00a0frequently hear that we can\u2019t have privacy and security; sadly, that is often still the case as an audit of over 1,000 top websites analyzed for security and privacy practices showed an alarming trend for the third year in a row. The Online Trust Alliance said, \u201cSites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.\u201dThere is good news and bad news coming out of the audit (pdf). The good news is that 52 percent of websites, the highest percent in nine years of the annual analysis, qualified for the OTA\u2019s Honor Roll. The flipside is that 46 percent of the websites failed the audit; of those, bank did the worst.Of the top 100 banks analyzed for both good cybersecurity and privacy practices, 65 percent failed. Not even one bank made it to the \u201cTop of Class.\u201d Granted, the OTA upped its failure threshold this year, but an increased number of data breaches, website security vulnerabilities and inadequate privacy disclosures also played into the high number of bank websites that flunked OTA\u2019s tests.Banks scored the lowest in SSL security due to using outdated and insecure ciphers. There was a \u201chuge increase\u201d in bank websites receiving failing privacy scores, but 85 percent of the banks analyzed did have the best basic anti-bot protection. This year\u2019s audit also scored sites on disclosure of cross-device tracking; banks came in at 34 percent, with the top 100 US federal government sites faring much worse by scoring a miserable 4 percent for disclosing such tracking.OTA explained that sites can earn 100 baseline points in three core assessment categories: consumer protection, site security and privacy. Sites can score bonus points for best practices or receive penalty points for vulnerabilities, breaches and legal settlements. To make it onto OTA\u2019s Honor Roll, a site must not fail any of the three core categories and achieve an overall score of 80 percent of higher.More than 60 percent of Fed sites and large banks received failing grades in at least one or more categories. The OTA report explained, \u201cThe security oversights and inadequate privacy policies observed reflect the need to add resources in these areas. These missteps often reflect a lack of ongoing security discipline, failure to take a user-centric view on privacy, and\/or organizations not embracing data stewardship and responsible privacy principles.\u201dIt\u2019s not all gloom and doom. In fact, while banks and US government sites were the least trustworthy, more sites than ever are trustworthy. 76 percent of consumer services sites made the Honor Roll. News sites were the most-improved with 48 percent making the Honor Roll; last year, only 23 percent made it onto the list.The best of the best from the audit made it to OTA\u2019s Top of Class. Although OTA doesn\u2019t list the sites which failed the audit, the 2017 full report (pdf) does include a list of the top sites which made it to the Honor Roll as well as the percent of those analyzed which failed.