Here’s the summary from Emily Schechter, the Google Chrome Security Product Manager:
“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption, and within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure.’ Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure.'”
All the major browsers already have plug-ins that alert users anytime they’re visiting a non-secure (HTTP) website, but Google’s planned move will likely prompt them to incorporate the notification into their core product as well.
According to Google’s statistics, 81 of the top 100 sites (as ranked by traffic volume) already use HTTPS. In addition to that, Google reports that 68 percent of Chrome users are finding HTTPS when using Android and Windows, and 78 percent of the time when using Mac OS X, iOS, and Chrome OS. Those figures are markedly higher than they were in 2010, when an estimated 40 percent of websites were using the secure socket layer.
If your company’s website hasn’t already made the switch, the time to do so is now. The writing is clearly on the wall, and it’s not hard to imagine that after Google begins “shaming” non-secure sites with the notification, they’ll also start implementing penalties that will hurt their position on search results pages. Even if they don’t, the persistent non-secure warnings will be enough to keep many users away, so it doesn’t matter how well optimized or SEO-friendly your site is, an increasing percentage of users may simply opt out if it’s not secure.