WebPKI Observatory — Concentration Risk
An HHI of 2324 and 93% five-firm concentration creates meaningful systemic dependency, where operational failures at any top-tier CA would impact a substantial portion of the encrypted web. Internet Security Research Group's 39.2% share alone represents critical infrastructure scale, while the top three CAs collectively serve over 71% of issuance. This concentration amplifies the governance and operational risk findings in later tabs, as incidents at dominant CAs have disproportionate ecosystem impact.