As a thumb rule, SSL is essential for all websites where there is any exchange of data between visitors and servers.

The kinds of websites where high-level SSL security is absolutely mandatory include banks, financial institutions, governmental and public database containing websites. Even for commercial websites, educational institutions, information portals, email providers, SSL is vital for the following functions:

• Enhancing Customers’ Confidence in your Website.
• To gain global acceptance and recognition – thus expanding clientele base from all over the world.
• SSL is mandatory by law for websites collecting personal or financial information from their customers. Even sites linked to pre-existing public databases are required to implement SSL for fear of compromising such data.
• All consumers now expect safety & security to the part of online services they use, some customers insist on the highest possible level of SSL security.
• We all value privacy and expect others to trust us with their information. Customers all expect their information not to be passed to third parties, and hackers can still obtain information from sites which do not implement security.
• Banks and investment companies need to comply with privacy and online security requirements not only by law, but also for their own security.
• SSL is an absolute necessity if you have offices that share confidential information over an intranet, as several data breakouts have happened over less secure intranets, when least expected.
• The most important step to secure confidence is to protect your customer's transactions and display visitors with proof of your digital identity. For those banks and institutions who have managed to instill confidence in their online system, there are significant cost-savings in terms of less expenditure on manual processing.

If a bank or other institution handling sensitive data does not use SSL, the risks involved are:

• Customers may refuse to divulge any personal or financial details over the Internet.
• Hackers and criminals may track the valuable information, they do – predictably so.
• You can lose a lot of potential customers, as a site without SSL may tarnish the company's reputation for not taking security seriously.

Looking back over recent history of hackers attacking sites, almost no site is safe from attackers.  Unlikely targets in recent years have been:
Educational institutions
Newspapers and news portals
Celebrity websites and online magazines
Community websites
Search engines.
It might be therefore necessary for most websites these days to implement SSL, at any level it can afford to not only enhance its image, but also prevent intrusions, which are not that uncommon any more with the proliferation of the internet underworld.
The only websites who can do without SSL are:
No personal information transmitted – blogs, family sites and personal sites.
Very small companies who just put up commercial information on their websites, for any online purchases, customers are referred to a third part secure payment service with SSL e.g. PayPal etc.

Pubic archives like the Gutenberg project, where the aim is to distribute files as much as possible.