46% of the most trusted US companies' employees reuse breached passwords

/EIN News/ -- Cybernews researchers analyzed the top 100 most trusted companies in America – including Nvidia, Costco, Apple, American Express, and others – and found that all of them had experienced data breaches, exposing critical cybersecurity weaknesses. Moreover, 46% of analyzed companies are vulnerable due to employees reusing breached passwords.

According to the Cybernews Business Digital Index, most trusted companies from various sectors in the US have low cybersecurity standards. 94% of businesses from the analyzed list scored D or worse for their cybersecurity efforts. In addition, all analyzed companies had experienced a data breach, and one in four had been breached within the past 30 days.

Most trusted companies don't have strong security

All businesses from the top 100 most trusted companies list have poor cybersecurity health, revealing alarming cyber weaknesses across various sectors.  

According to the index, which uses only publicly available information to grade businesses and various institutions based on their online security measures, 53% of the US most trusted companies scored a D for their cybersecurity efforts, while 41% are in the critical risk (F score) category.

“Being trusted by the public doesn’t mean a company is secure. Our findings show that even the most reputable brands are failing basic cybersecurity standards – and that’s a serious concern. Companies must uphold strong digital defenses if they want to truly protect their customers and live up to that trust,” says Vincentas Baubonis, Head of Security Research at Cybernews.

Unfortunately, despite their reputations, the most trusted companies in the US achieved an average cybersecurity score of 69 out of 100. According to the index methodology, scores between 70 and 79 are considered high risk. Based on this, it can be predicted that the analyzed American companies' data is highly vulnerable.

100% of companies had data breaches 

The most common security issues included data breaches, SSL/TLS misconfigurations, system hosting flaws, and web application vulnerabilities. Every organization analyzed had experienced a data breach, with one in four occurring in just the past 30 days. 

SSL/TLS, the technology that secures communication between websites and users, was misconfigured across all cases, putting sensitive data at risk and increasing exposure to cyberattacks.

Interestingly, researchers discovered that around half (46%) of all companies are vulnerable due to employees reusing breached passwords, significantly increasing the risk of unauthorized access through credential-stuffing attacks. This highlights a critical human factor in cybersecurity, where poor password hygiene can compromise even strong systems.

Additionally, system hosting issues were found in 93% of companies. These include poor server setups or outdated infrastructure that can make systems easier to attack. 

Web application security was another major issue – 89% of companies had problems in this area. These are often entry points for attackers, especially if outdated or faulty features aren’t updated or fixed.

50% of the companies also struggled with outdated or unpatched software – a common weakness that, when left unresolved, creates easy entry points for attackers. Additionally, over a quarter (27%) of companies faced email security issues, making them more vulnerable to phishing, spoofing, and unauthorized access.

Lastly, around half of the analyzed companies had high-risk vulnerabilities, and 36% faced critical security issues, again confirming a weak overall cybersecurity posture.

Retail and finance sectors have the worst cybersecurity

After analyzing the top 100 most trusted companies in the US, the Cybernews team found that the Retail & Consumer and Financial & Professional Services sectors ranked lowest in cybersecurity performance.

In the Retail & Consumer sector, companies were almost evenly split between high-risk and critical-risk categories, with 48% scoring a D and 50% falling into the F category.

65% of companies in the finance sector are rated at a high-risk D level, and 22% are classified as critical-risk (F).

Sector-specific vulnerabilities

Several cybersecurity issues were found in all companies across the analyzed Retail & Consumer and Financial & Professional Services sectors. In both industries, 100% of analyzed companies experienced data breaches and had SSL/TLS configuration problems, showing serious gaps in protecting sensitive data and securing online communication. 

“When data breaches and SSL/TLS misconfigurations affect 100% of companies, the consequences are serious. SSL/TLS helps protect data sent between users and websites, so when those configurations are flawed, businesses risk financial loss, legal action, and reputational damage, while customers may face identity theft, fraud, and privacy breaches,” Baubonis says. “Securing digital infrastructure is essential to protect both the organization and the people who trust it.”

System hosting issues were also common, affecting 93% of Retail & Consumer companies and 96% in the financial sector. Web application vulnerabilities were reported by 87% of Retail & Consumer firms and all Financial & Professional Services companies. This means that systems people log into, click through, or use online have flaws that could be potentially exploited by hackers.

While less frequent, software patching problems were still notable, found in 59% of Retail & Consumer companies and 43% of the financial sector. This suggests that many organizations are falling behind on critical updates.

Research Methodology

For this study, the Cybernews research team analyzed the list of the top 100 most trusted companies in America. The list is available here. The list was compiled by Forbes. 

This report assesses cybersecurity risk across seven core dimensions: software patching, web application security, email security, system reputation, system hosting, SSL/TLS configuration, and data breach history. 

The report’s Methodology can be found here. It provides detailed information on how researchers conducted this analysis.

About Business Digital Index

The Business Digital Index (BDI) is designed to evaluate the cybersecurity health of organizations worldwide. It aims to help businesses by providing a clear, transparent, and independent assessment of their cybersecurity management, contributing to a more resilient digital future.

By leveraging data from reputable sources, such as IoT search engines, IP and domain reputation databases, and custom security scans, the BDI comprehensively assesses a company’s cybersecurity strength.

The index evaluates risks across seven critical areas: software updates, web security, email protection, system reputation, SSL setup, system hosting, and data breach history.