Press release

Tala Security ‘State of the Web’ Report Highlights Risk and Unprecedented Levels of Vulnerability to Credit Card E-Skimming and Identity Theft During 2019 Holiday Season

Sponsored by Businesswire

Tala Security, an industry leader in the protection of enterprise websites and web applications against advanced threats, today announced a consumer and business alert: expect unprecedented levels of online data theft this holiday season due to a lack of deployed client-side security measures.

The State of the Web Report from Tala Security highlights the widespread vulnerability resulting from integrations that enable and enhance website functionality. These integrations, which exist on nearly every modern website operating today, allow attackers to target PII and payment information. 98% of the Alexa 1000 websites were found to be lacking security measures capable of preventing attacks. In related warnings, both the FBI and the PCI Council cautioned that hackers are targeting online credit card information.

“Online merchants and website owners must recognize the critical need for client-side security. The fundamental driver of online commerce — consumer trust — is at stake as attackers target widespread client-side vulnerabilities to steal credentials, credit card numbers, financial data and other PII,” said Aanand Krishnan, Founder & CEO of Tala Security.

Key Findings from the Tala 2019 State of the Web Report:

  • Only 2% of Alexa 1000 sites have implemented effective controls to prevent personal, financial and credential theft.
  • User form data sent, captured on forms available on 98% of websites, is exposed to 10 times more domains than intended by the website owner. This creates a massive opportunity for data theft from attackers.
  • The average website relies on 31 third-party integrations, which provide nearly two-thirds of the content customers view on their browsers. This content is delivered via client-side connections that lack effective security controls.
  • Most consumers will be surprised to learn that only one-third of the content rendering on their browser is owned, created and served by the owner of the website. The remaining two-thirds is served via client-side connections that lack effective security.
  • Although 27% of website owners attempt to deploy security measures, only 2% succeed in deploying effective policies capable of preventing client-side attacks.

Download the Tala 2019 State of the Web Report here:

About Tala Security

Tala protects modern websites and web applications from critical and growing threats, such as cross-site scripting (XSS), Magecart, website supply-chain attacks, clickjacking and others. Tala defends against such attacks by automating the deployment and dynamic adjustment of browser-native, standards-based security controls such as Content Security Policy (CSP), Subresource Integrity (SRI), HTTP Strict Transport Security (HSTS) and other web security standards.

The activation of browser-native security controls provides comprehensive security without requiring any changes to the application code and with near zero impact to website performance. Tala’s product is powered by an AI-assisted analytics engine that evaluates over 50 unique indicators of a web page’s behavior. The analytics engine provides comprehensive risk analysis and enables Tala to automate the generation, implementation and updating of browser-native security policies. Tala’s product also provides customers with alert analytics and incident management. Tala secures millions of web sessions for large providers in verticals such as financial services, online retail, payment processing, hi-tech, fintech and education. Learn more at