In early 2017, Google began flagging sites without the SSL protocol, which is the International Sign of website security. They even intend to get much tougher from 2018 onwards, if your URL does not begin with HTTPS. You will feel the penalties no doubt because web security is no longer a luxury, but an absolute necessity, especially in the widespread occurrence of cyber crime and online fraud. Hackers always try to stay one chapter ahead of the game, and looking for any loopholes within the security of a site.