Skip to main content
All Industries

EU Industry Benchmark

Banking

Anonymized security posture data for the banking sector across the EU. Based on 2970 monitored sites.

53.4

Avg. Score /100

D

Avg. Grade

2970

Sites Tracked

+10.0

vs. EU Average

Critical findings in this industry

1566 of 2970 without HTTPS redirect

53.0%

1319 of 2970 with unencrypted email (no STARTTLS)

44.0%

1945 of 2970 without DMARC protection (spoofable)

65.0%

697 of 2970 missing 3+ critical security headers

23.0%

2544 of 2970 without DNSSEC (vulnerable to DNS spoofing)

86.0%

2611 of 2970 without CAA records (unrestricted certificate issuance)

88.0%

2905 of 2970 without MTA-STS (email downgrade attacks possible)

98.0%

Grade Distribution

A
4 (0.0%)
B
175 (6.0%)
C
856 (29.0%)
D
1415 (48.0%)
F
520 (18.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 50.3/100 (126 sites) Belgium: 49.7/100 (59 sites) Bulgaria: 48.9/100 (28 sites) Croatia: 44.8/100 (24 sites) Cyprus: 48.3/100 (25 sites) Czech Republic: 48.1/100 (53 sites) Denmark: 56.2/100 (45 sites) Estonia: 47.6/100 (17 sites) Finland: 56.3/100 (18 sites) France: 49.7/100 (174 sites) Germany: 56.1/100 (1102 sites) Greece: 46.6/100 (17 sites) Hungary: 50.6/100 (39 sites) Ireland: 56.7/100 (109 sites) Italy: 50.0/100 (176 sites) Latvia: 50.8/100 (20 sites) Lithuania: 49.0/100 (26 sites) Luxembourg: 54.1/100 (14 sites) Netherlands: 59.2/100 (37 sites) Norway: 62.1/100 (56 sites) Poland: 49.7/100 (285 sites) Portugal: 54.7/100 (29 sites) Romania: 51.5/100 (35 sites) Slovakia: 55.3/100 (29 sites) Slovenia: 59.1/100 (14 sites) Spain: 48.5/100 (83 sites) Sweden: 60.4/100 (29 sites) Switzerland: 53.4/100 (103 sites) United Kingdom: 53.6/100 (167 sites)
Worse
Better

Score by Country

🇦🇹 Austria
50.3 126 🇧🇪 Belgium
49.7 59 🇧🇬 Bulgaria
48.9 28 🇭🇷 Croatia
44.8 24 🇨🇾 Cyprus
48.3 25 🇨🇿 Czech Republic
48.1 53 🇩🇰 Denmark
56.2 45 🇪🇪 Estonia
47.6 17 🇪🇺 European Union
48.0 4 🇫🇮 Finland
56.3 18 🇫🇷 France
49.7 174 🇩🇪 Germany
56.1 1102 🇬🇷 Greece
46.6 17 🇭🇺 Hungary
50.6 39 🇮🇸 Iceland
64.7 7 🇮🇪 Ireland
56.7 109 🇮🇹 Italy
50.0 176 🇱🇻 Latvia
50.8 20 🇱🇮 Liechtenstein
47.2 11 🇱🇹 Lithuania
49.0 26 🇱🇺 Luxembourg
54.1 14 🇲🇹 Malta
51.1 9 🇳🇱 Netherlands
59.2 37 🇳🇴 Norway
62.1 56 🇵🇱 Poland
49.7 285 🇵🇹 Portugal
54.7 29 🇷🇴 Romania
51.5 35 🇸🇰 Slovakia
55.3 29 🇸🇮 Slovenia
59.1 14 🇪🇸 Spain
48.5 83 🇸🇪 Sweden
60.4 29 🇨🇭 Switzerland
53.4 103 🇬🇧 United Kingdom
53.6 167

Hosting & Data Residency

30%

EU-headquartered provider

70%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 233 22.7%
Microsoft Azure (US) 200 19.5%
Amazon Web Services (US) 162 15.8%
Akamai (US) 121 11.8%
OVHcloud (FR) 101 9.8%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.