Overall, a mere four percent of state websites pass both the HTTPS and DNSSEC cybersecurity tests, a new report says.