Google has officially announced that HTTPS is now a ranking signal. HTTPS ensures you can safely send personal data online (like credit card information, login details and so on) without the risk of it leaking to a third party. For protecting transferred data, HTTPS uses SSL technology. So, to enable HTTPS for your website, you will need to get an SSL Certificate (usually on a paid basis) and install it on your server.
You will need HTTPS if your site is taking transactions. HTTPS has been a standard for a long time for any e-commerce store. If your site needs data for logins, comments or email subscriptions, it is a good idea to use HTTPS to build user trust.
Moving from HTTP to HTTPS will not noticeably improve your rankings at the moment but it is clearly on Google’s radar. There is no penalty involved with running an HTTP site. However, most sites nowadays use the personal data of visitors (comments section, for example) and it is better to have this data encrypted.