Number of vulnerabilitiesThe average number of serious vulnerabilities per Web site tested: 56
Time to resolutionThe average number of days from first customer notification to resolution of the vulnerability: 193
Information leakagePercentage of Websites scanned with information leakage vulnerabilities: 55 per cent. Cross-site scripting vulnerabilities were second most common, at 53 per cent.
SQL InjectionThe number of Web sites vulnerable to SQL Injection attacks: 7 per cent. That continues a downward trend that saw 11 per cent vulnerable in 2011.
All day, every dayPercentage of Web sites that had at least one serious vulnerability every day of 2012: 33 per cent.
Who’s accountable?Percentage of companies surveyed who said their board of directors was held accountable for a security breach: 22 per cent. The security department (79 per cent) and executive management (74 per cent) were much more likely to shoulder the blame.