Police websites failing to reach cybersecurity standards, report says

A new survey by The Centre for Public Safety has revealed that just one in four police and affiliated websites demonstrated the highest standards of data security.

The organisation, which promotes policing efficiency, scanned 71 police and affiliated websites and found that just over one-quarter (27%) demonstrated the highest world-class standard of secure connection. The remainder (73%) either lacked a secure connection for visitors or their implementation was deemed deficient or insecure.


Lack of support

Almost one in four (24%) of the sites lacked support for secure connections at all, meaning information is communicated in plain unencrypted text across the internet. Of these, almost 70% (11 agencies) invited users to submit personal data – and in some cases information specifically relating to criminal activity – via these unsecured connections. They are exposing the public to unnecessary risk.

This is despite the fact that the use of secure connections when transmitting personal data is regularly highlighted in crime prevention and online safety advice (“look for the padlock”) issued by the police service, Government and industry partners.

Around one in ten were found to have significant vulnerability in their implementation of a secure connection – including the National Crime Agency’s Child Exploitation and Online Protection Centre (CEOP), which has a specific online focus, along with six territorial police forces.



The A-graded delivery of ‘secure-by-default’ by 17 police forces demonstrates that some forces and their IT partners recognise the need to both signal and deliver a secure communications channel. The Civil Nuclear Constabulary and
Independent Police Complaints Commission received the highest grades.

“We call on those forces that fell short to demonstrate the best practice observed in other forces and we offer a number of recommendations to tackle the current and future threats facing the police service’s public-facing digital infrastructure,” the organisation commented.

More information and the full report can be found here.

Related reading