Skip to main content
All Industries

EU Industry Benchmark

Construction

Anonymized security posture data for the construction sector across the EU. Based on 13325 monitored sites.

42.8

Avg. Score /100

D

Avg. Grade

13325

Sites Tracked

-0.0

vs. EU Average

Critical findings in this industry

6903 of 13325 without HTTPS redirect

52.0%

12169 of 13325 with unencrypted email (no STARTTLS)

91.0%

13113 of 13325 without DMARC protection (spoofable)

98.0%

8272 of 13325 missing 3+ critical security headers

62.0%

11612 of 13325 without DNSSEC (vulnerable to DNS spoofing)

87.0%

13060 of 13325 without CAA records (unrestricted certificate issuance)

98.0%

13264 of 13325 without MTA-STS (email downgrade attacks possible)

100.0%

Grade Distribution

A
0 (0.0%)
B
7 (0.0%)
C
433 (3.0%)
D
8473 (64.0%)
F
4412 (33.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 41.9/100 (993 sites) Belgium: 42.5/100 (325 sites) Bulgaria: 41.5/100 (41 sites) Croatia: 42.7/100 (23 sites) Cyprus: 38.8/100 (4 sites) Czech Republic: 42.7/100 (117 sites) Denmark: 44.5/100 (162 sites) Estonia: 45.5/100 (22 sites) Finland: 44.4/100 (169 sites) France: 41.3/100 (1552 sites) Germany: 43.1/100 (6476 sites) Greece: 42.0/100 (29 sites) Hungary: 40.5/100 (31 sites) Ireland: 42.1/100 (81 sites) Italy: 41.5/100 (414 sites) Latvia: 41.0/100 (12 sites) Lithuania: 41.7/100 (15 sites) Luxembourg: 43.6/100 (54 sites) Netherlands: 44.4/100 (387 sites) Norway: 46.5/100 (239 sites) Poland: 40.1/100 (348 sites) Portugal: 42.1/100 (51 sites) Romania: 40.8/100 (33 sites) Slovakia: 42.9/100 (134 sites) Slovenia: 40.1/100 (61 sites) Spain: 42.4/100 (294 sites) Sweden: 43.6/100 (76 sites) Switzerland: 46.3/100 (584 sites) United Kingdom: 42.4/100 (589 sites)
Worse
Better

Score by Country

🇦🇹 Austria
41.9 993 🇧🇪 Belgium
42.5 325 🇧🇬 Bulgaria
41.5 41 🇭🇷 Croatia
42.7 23 🇨🇾 Cyprus
38.8 4 🇨🇿 Czech Republic
42.7 117 🇩🇰 Denmark
44.5 162 🇪🇪 Estonia
45.5 22 🇫🇮 Finland
44.4 169 🇫🇷 France
41.3 1552 🇩🇪 Germany
43.1 6476 🇬🇷 Greece
42.0 29 🇭🇺 Hungary
40.5 31 🇮🇸 Iceland
48.3 3 🇮🇪 Ireland
42.1 81 🇮🇹 Italy
41.5 414 🇱🇻 Latvia
41.0 12 🇱🇹 Lithuania
41.7 15 🇱🇺 Luxembourg
43.6 54 🇲🇹 Malta
39.7 6 🇳🇱 Netherlands
44.4 387 🇳🇴 Norway
46.5 239 🇵🇱 Poland
40.1 348 🇵🇹 Portugal
42.1 51 🇷🇴 Romania
40.8 33 🇸🇰 Slovakia
42.9 134 🇸🇮 Slovenia
40.1 61 🇪🇸 Spain
42.4 294 🇸🇪 Sweden
43.6 76 🇨🇭 Switzerland
46.3 584 🇬🇧 United Kingdom
42.4 589

Hosting & Data Residency

72%

EU-headquartered provider

28%

Non-EU provider (CLOUD Act / Schrems II)

IONOS (1&1) (DE) 1757 24.4%
Hetzner (DE) 1022 14.2%
Strato (DE) 896 12.4%
OVHcloud (FR) 840 11.7%
Cloudflare (US) 716 9.9%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.