A new report shows that even in industries that are heavily regulated like healthcare, 14 percent of sites had a serious vulnerability throughout the year.

The report, by WhiteHat Security, a provider of website risk management solutions, found the average website falls into the "always" and "frequently" vulnerable categories – meaning they were exposed more than 270 days of the year. When looking at "window of exposure" across industries, researchers said it becomes apparent there's a vast difference in the approach to website security.

Researchers reviewed 3,000 websites across 400 organizations and found that the average website has serious vulnerabilities more than nine months of the year and data leakage has overtaken cross-site scripting as the most common website vulnerability.

Researchers said that, next to social networking and retail, which have two of the largest windows of exposure (58 and 51 percent, respectively), healthcare websites have one of the lowest exposure rates. They suggest that social networking sites' vulnerability may be a reflection of the rate at which they update sites and introduce new code.

Although healthcare industries lead in the new window of exposure metric, they still fall far short of rigorous security processes researchers conclude.