Skip to main content
All Industries

EU Industry Benchmark

Government

Anonymized security posture data for the government sector across the EU. Based on 1616 monitored sites.

44.0

Avg. Score /100

D

Avg. Grade

1616

Sites Tracked

+4.0

vs. EU Average

Critical findings in this industry

1400 of 1616 without HTTPS redirect

87.0%

1585 of 1616 with unencrypted email (no STARTTLS)

98.0%

1605 of 1616 without DMARC protection (spoofable)

99.0%

367 of 1616 missing 3+ critical security headers

23.0%

1193 of 1616 without DNSSEC (vulnerable to DNS spoofing)

74.0%

1368 of 1616 without CAA records (unrestricted certificate issuance)

85.0%

1511 of 1616 without MTA-STS (email downgrade attacks possible)

94.0%

Grade Distribution

A
0 (0.0%)
B
2 (0.0%)
C
133 (8.0%)
D
951 (59.0%)
F
530 (33.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Hosting & Data Residency

38%

EU-headquartered provider

62%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 198 33.6%
Amazon Web Services (US) 93 15.8%
Microsoft Azure (US) 92 15.6%
Hetzner (DE) 51 8.7%
OVHcloud (FR) 39 6.6%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.