Websense has published the Websense Security Labs 2014 Threat Report. The report details the threats and trends that marked last year.
The figures in the report show that 85% of the malicious links spotted in email or Web attacks last year pointed to legitimate websites that were hijacked by cybercriminals. Hackers mostly targeted business and economy, IT, shopping and travel websites.
Malicious links and other malicious content was spotted in 3.3 % of all spam messages.
As far as malicious redirects are concerned, Websense stopped 1.8 billion of them in 2013. The average number of redirects per attack recorded by the company was four, but the maximum number of redirects in a single attack was 20.
Microsoft® Windows Insider MVP - Windows Security
The report indirectly proves how a large percentage of websites was hijacked by cybercriminals.
It's also a bit more challenge for AVs manufacturers because marking a website with a well-known address (hijacked by cybercriminals) as a harmfull is a lot harder than protecting users from unknown and potentially dangerous ones.
WEBROOT® SecureAnywhere™ Internet Security Complete Beta
macOS Sierra & Windows 10 Pro 64
I do not think that is what the article says...as the vast majority of websites are in fact safe...otherwise there would be no Internet or it would not be used by people. What the article is in fact saying or so I believe is...in the case of compromised websites 85% of these pointed at legitimate sites rather than 85% of sites per se are compromised in this way...a very subtle but important difference would you not agree?
But overall you are correct in terms that far too many legitimete sites are compronised by cybercrimminals.
Webroot SecureAnywhere Complete Beta Tester v22.214.171.124, imaged by Macrium Reflect v7.1