The average website has serious vulnerabilities more than nine months of the year. “Information Leakage” has replaced Cross-Site Scripting as the most common website vulnerability, WhiteHat Security study says. Education industry has the dubious honor of leading the category — 78 percent of sites in those industries were vulnerable. Social networking and retail have the largest windows of exposure, potentially reflecting the rate at which they update sites and introduce new code. Healthcare and banking have the lowest rates, yet 14 and 16 percent (respectively) of those sites had serious vulnerabilities throughout the year.
Source: https://thehackernews.com/2011/03/most-websites-vulnerable-to-attack.html