According to the published State of the Web 2016 report by Menlo Security, 46% of the world’s top one million sites are ”risky”.

The report labelled a website or its background sites (that provide active content to the website) as risky if one or more of the following was true:

  • runs software with known vulnerabilities (CVEs);
  • was categorised as “known-bad”, such as hosting phishing, malware, etc;
  • has had a security incident in the last 12 months.

Based on these, of the one million top websites around the world, over 355,000 were either running vulnerable software or accessing vulnerable background sites; nearly 167,000 were considered “known-bad”; and almost 32,000 had recently suffered a security incident. Many of them fell into more than one category.

Business and economy sites the most vulnerable
Of all the websites found risky, business and economy sites ranked number one in the vulnerable software and recent security incident categories, and number three in the category of known-bad sites.

Do you test your website for vulnerabilities?
Frequent vulnerability assessments and penetration testing are good practice for keeping ahead of cyber criminals. For further details, please visit our penetration testing page.