75% of major systems are still vulnerable to Heartbleed. This deserves a rating of "liar liar pants on fire".
The issue isn't patches but certificates. Systems are patched, but while they were still vulnerable to Heartbleed, hackers may have stolen the certificates. Therefore, the certificates need to be replaced. Not everyone has replaced their certificates, and those that have may have done so incorrectly (using the same keys, not revoking previous).
Thus, what the report is saying is that 75% haven't properly updated their certificates correctly. Naturally, they sell a solution for that problem.
However, even this claim isn't accurate. Only a small percentage of systems were vulnerable to Heartbleed in the first place, and it's hard to say which certificates actually needed to be replaced.
That's why you have the weasely marketing language above. It's not saying 3 out of 4 of all systems, but only those that were vulnerable to begin with (a minority). They aren't saying they are still vulnerable to Heartbleed itself, but only that they are vulnerable to breach -- due to the certificates having been stolen.
The entire report is so full of this same language that I cannot figure out what they are claiming to any technical detail.
The fact is this: most companies patched their systems before their certificates were stolen. For those who did get certificates stolen, it's unlikely that their servers can be breached with that information. Sure, some user accounts may get compromised by hackers doing man-in-the-middle at Starbucks, but the servers themselves are safe. Even if you did everything wrong updating your certificates, you probably aren't in danger. Sure, some of you are, but most of you aren't.
All such glossy marketing PDFs are full of FUD, this one worse than most. I give it a "liar liar pants on fire" rating.