Finally, 3 percent of sites had experienced a recent security incident.
Guruswamy suggested that enterprises look beyond simple website categorization strategies to protect their users from phishing attacks since the bad guys have, in effect, half the Internet at their disposal.
Enterprises that host websites should also step up and do more to protect their visitors, including making sure that all their software is up to date, and the sites that they embed content from also are current.
For example, nearly 70,000 of the top million websites run the vulnerable nginx 1.8.0 server software. The next most dangerous software is Microsoft's IIX 7.6 web server, which dates back to 2009. 2010's PHP 5.3.29 is in third place, with nearly 32,000 websites.
Sign up for CIO Asia eNewsletters.