HTTP is getting out of date.
"HTTPS and making sure your site is secure is an imperative at this point... Google will start marking things non-secure... The future of the web is a secure one, and so make sure people in your organization understand https, and it should be on the road map" for 2017. Thao Tran, Google, Share16 event.
97% of websites lack basic security
Cybercrime is no longer limited to the theft of financial or personal data. Every online interaction is an opportunity for hackers to exploit, profit or disrupt lives.
90% of large organizations have been breached , and so are 74% of small & medium organizations. 500'000 sites affected by Heartbleed are at risk of significant data breaches.
75% of websites have critical vulnerabilities. 1 in 5 of vulnerabilities discovered allowed cybercriminals access to sensitive data, or to website content, or to compromize visitors computers.
As the cybercrime community becomes more aggressive, there is more need than ever to call out sites with inadequate security. Browsers are increasing visual indicators of sites security levels, indicating when a site lacks adequate security. Search engines are using security for ranking criteria.
Popular news websites, hotels, pharmacies, gaming sites, and many online banking sites are among millions of websites that are now explicitly flagged as "not secure" by some of the most commonly used browsers.
Current stable versions of Google Chrome and Mozilla Firefox now display a "not secure" warning in the URL bar if a webpage served over an unencrypted HTTP connection requests a user's password – even if the password is usually submitted to a secure (HTTPS) site. This is because an attacker could modify the non-secure HTTP form and cause the user's credentials to be sent elsewhere.
This security feature was first introduced in Firefox 51, which was released on 24 January 2017, and then in Chrome 56, which was rolled out in the weeks following 25 January 2017. Chrome also displays the warning on pages that contain fields for entering credit card numbers. Browsers actually are incrementally adding warnings for HTTP, raising their expectations each month as the web moves further towards a fully-encrypted future.
For a few years, research shows an increase in encrypted URLs. Considering their user-based algorithm updates, search engines (Google...) preference for trusted sites is not surprising. If users are guaranteed to have a secure site experience, they will prefer HTTPS to HTTP. Therefore switching to HTTPS will benefit you and the security of your site.