“According to new research, 98% of leading companies across the U.S. and Europe are vulnerable to cybercriminals through their web applications. While this figure may seem high, it will surprise neither the companies themselves nor independent security experts. Most large companies readily admit that they have shadow IT and legacy applications they do not know, and that this at least theoretically makes them vulnerable. It is generally considered to be an acceptable risk. The purpose of this research from High-Tech Bridge (HTB) is designed to show that the problem is far bigger and less acceptable than most companies imagine.”
Source: 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report | SecurityWeek.Com