Construction

Anonymized security posture data for the construction sector across the EU. Based on 15 monitored sites.

40.9

Avg. Score /100

Avg. Grade

Sites Tracked

-7.0

vs. EU Average

Critical findings in this industry

6 of 15 without DMARC protection (spoofable)

40.0%

13 of 15 missing 3+ critical security headers

87.0%

10 of 15 without DNSSEC (vulnerable to DNS spoofing)

67.0%

10 of 15 without CAA records (unrestricted certificate issuance)

67.0%

10 of 15 without MTA-STS (email downgrade attacks possible)

67.0%

Grade Distribution

0 (0.0%)

9 (60.0%)

6 (40.0%)

Hosting & Data Residency

82%

EU-headquartered provider

18%

Non-EU provider (CLOUD Act / Schrems II)

Hetzner (DE) 4 36.4%

IONOS (1&1) (DE) 2 18.2%

Mittwald (DE) 1 9.1%

Amazon Web Services (US) 1 9.1%

Netcup (DE) 1 9.1%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.

Construction

Critical findings in this industry

Grade Distribution

Hosting & Data Residency

How does your site compare?

Are you sure?