• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

95% of websites risk operating on outdated software with known vulnerabilities

By kamran | At March 27, 2021

Mar 27 2021

95% of websites risk operating on outdated software with known vulnerabilities

David opts for the “Remind Me Later” button whenever a notification pops up for a software update – and he’s been doing it for the past six months. Sounds familiar? We bet it does because we are all David at some level.

Keeping your software updated is one of the most essential steps you can take to keep your website secure but it appears that not many people give it much consideration.

A study conducted by researchers from the Institute for Internet Security at the Westphalian University of Applied Sciences analyzed 246 client- and server-side software products used across more than 5.6 million websites. The study was led mainly by Nurullah Demir and Tobias Urban and went on for eighteen months. The study looked at the software products used by websites, their update statuses and release dates and then mapped them against the 147,312 known vulnerabilities identified by the NVD (National Vulnerability Database).

The results of the study revealed that nearly all of the websites studied used at least one outdated software product – only 6% of websites were running on fully updated software and a shocking 47% had let their entire software library go out of date. This made the websites susceptible to a whole myriad of known vulnerabilities via the outdated security holes which could allow hackers to inject malware or steal sensitive data – and they won’t even have to do much to get into the system.

Of all the software products that were analyzed, 60% were found to be exploitable by these vulnerabilities and 95% of the websites were using these outdated software products (meaning that there’s a 95% chance that any website you visit would be vulnerable to attack). Not only that, the number of vulnerable websites is increasing exponentially as websites keep postponing updates and accumulating further vulnerabilities. Apart from this, there are a few more shocking findings from the study:

  • Each software product analyzed had 8 vulnerabilities on average.
  • 92% websites are vulnerable to potential XSS (cross-site scripting) attacks.
  • The average website is engaged in 29 vulnerabilities.
  • The average software product is approximately 48 months behind the latest update – that’s 4 years.

The potential cost of running old software is actually much higher than website owners estimate. While it is true that maintaining a whole array of complex technologies up to date is costly in itself, and making sure that everything functions together is not easy, even a single vulnerable component can endanger the entire system.

Web applications are composed of different modules – think of them as cogs – that work together and perform specific tasks. Even if one cog starts to malfunction, the security of the entire application would be compromised. And it has been found that a cybersecurity attack results in an average $2.6 million in damage.

So the solution to this problem is very simple, even if it is time-consuming: make sure all your software is up to date to avoid any sort of security loophole. You will thank yourself later.

Written by kamran · Categorized: Cyber security news, Cyber security threats, Cyber security tips

Primary Sidebar

Recents post

US Healthcare Sector Under Siege: What 2025’s Cyberattacks Reveal About Healthcare Security

From ransomware hitting … [Read More...] about US Healthcare Sector Under Siege: What 2025’s Cyberattacks Reveal About Healthcare Security

Is Your Law Firm Overlooking These 3 Critical Cyber Risks?

From juggling client deadlines … [Read More...] about Is Your Law Firm Overlooking These 3 Critical Cyber Risks?

Healthcare Cybersecurity Updates: Ransomware, Data Breaches & AI Risks

Cyberattacks targeting … [Read More...] about Healthcare Cybersecurity Updates: Ransomware, Data Breaches & AI Risks

Categories

  • AI and cybersecurity (2)
  • blockchain (1)
  • Cloud security (29)
  • Compliance (25)
  • Cyber security news (108)
  • Cyber security threats (376)
  • Cyber security tips (370)
  • Data Security (3)
  • E-Commerce cyber security (3)
  • Education cyber security (1)
  • Enterprise cyber security (7)
  • Financial organizations cyber security (4)
  • General (22)
  • Government cyber security (4)
  • Healthcare cyber security (19)
  • Information Security (2)
  • Law Firms Cyber Security (9)
  • Network security (9)
  • Newsletter (1)
  • Privacy (1)
  • Ransomware (14)
  • remote work (1)
  • Risk assessment and management (6)
  • Security management and governance (9)
  • SME Cybersecurity (2)
  • Software Security (2)
  • Supply Chain Attacks (5)
  • System security (3)
  • Uncategorized (25)
  • Vendor security (14)

Archives

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • US Healthcare Sector Under Siege: What 2025’s Cyberattacks Reveal About Healthcare Security
  • Is Your Law Firm Overlooking These 3 Critical Cyber Risks?
  • Healthcare Cybersecurity Updates: Ransomware, Data Breaches & AI Risks

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Privacy Policy Terms of Use Acceptable Use

Copyright © 2025 | All right reserved