One reason sites are so vulnerable is that companies are pulling out the stops and scrambling at Internet speed to get online. As a result, designers leave behind files and tools that hackers can use to break in.
Another reason is plain ignorance, says Pescatore. "There's a lot of stupidity built into the CGI code [used to transfer content to] Web sites." But even the best security measures may not thwart all attacks.
"Security is not about absolutes, it's always about how many layers [hackers] have to go through to get to some-thing," says Elias Levy, chief technology officer for Securityfocus.com. Levy says most companies are just not doing enough.
"A hacker only has to be lucky once," agrees Nigel Tranter, vice president for Perfecto. "[Sites] have to be lucky all the time." These days, the same could be said for consumers.