Some of the most egregious findings were:

97 percent of the websites contain outdated web software.

24 percent of the websites contain known and exploitable vulnerabilities.

76 percent and 73 percent of the websites are not compliant with GDPR and PCI DSS, respectively.

100 percent of the mobile apps contain at least five external software frameworks.

100 percent of the mobile apps contain at least two vulnerabilities.

This translated into 47 percent of the airports studied receiving a C grade, meaning there were security vulnerabilities or several serious misconfigurations found; 11 percent got a B, several minor issues or insufficient security hardening; 14 topped out with an A or A+ with the latter meaning there were no issues and the former only a few minor problems discovered.