Skip to main content
All Industries

EU Industry Benchmark

Government

Anonymized security posture data for the government sector across the EU. Based on 1607 monitored sites.

52.9

Avg. Score /100

D

Avg. Grade

1607

Sites Tracked

+9.0

vs. EU Average

Critical findings in this industry

776 of 1607 without HTTPS redirect

48.0%

1032 of 1607 with unencrypted email (no STARTTLS)

64.0%

969 of 1607 without DMARC protection (spoofable)

60.0%

572 of 1607 missing 3+ critical security headers

36.0%

1196 of 1607 without DNSSEC (vulnerable to DNS spoofing)

74.0%

1368 of 1607 without CAA records (unrestricted certificate issuance)

85.0%

1505 of 1607 without MTA-STS (email downgrade attacks possible)

94.0%

Grade Distribution

A
3 (0.0%)
B
104 (6.0%)
C
395 (25.0%)
D
843 (52.0%)
F
262 (16.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 51.9/100 (49 sites) Belgium: 52.6/100 (34 sites) Bulgaria: 53.2/100 (35 sites) Croatia: 40.6/100 (35 sites) Cyprus: 37.9/100 (15 sites) Czech Republic: 53.7/100 (50 sites) Denmark: 60.1/100 (39 sites) Estonia: 54.7/100 (40 sites) Finland: 53.5/100 (37 sites) France: 54.3/100 (121 sites) Germany: 54.3/100 (168 sites) Greece: 43.1/100 (42 sites) Hungary: 45.5/100 (32 sites) Ireland: 48.9/100 (36 sites) Italy: 50.2/100 (81 sites) Latvia: 49.3/100 (37 sites) Lithuania: 50.1/100 (41 sites) Luxembourg: 51.5/100 (38 sites) Netherlands: 67.9/100 (50 sites) Norway: 57.9/100 (33 sites) Poland: 53.6/100 (64 sites) Portugal: 51.5/100 (30 sites) Romania: 46.9/100 (29 sites) Slovakia: 48.4/100 (32 sites) Slovenia: 44.2/100 (20 sites) Spain: 47.6/100 (91 sites) Sweden: 61.9/100 (52 sites) Switzerland: 50.5/100 (58 sites) United Kingdom: 60.9/100 (140 sites)
Worse
Better

Score by Country

🇦🇹 Austria
51.9 49 🇧🇪 Belgium
52.6 34 🇧🇬 Bulgaria
53.2 35 🇭🇷 Croatia
40.6 35 🇨🇾 Cyprus
37.9 15 🇨🇿 Czech Republic
53.7 50 🇩🇰 Denmark
60.1 39 🇪🇪 Estonia
54.7 40 🇪🇺 European Union
53.9 14 🇫🇮 Finland
53.5 37 🇫🇷 France
54.3 121 🇩🇪 Germany
54.3 168 🇬🇷 Greece
43.1 42 🇭🇺 Hungary
45.5 32 🇮🇸 Iceland
51.2 29 🇮🇪 Ireland
48.9 36 🇮🇹 Italy
50.2 81 🇱🇻 Latvia
49.3 37 🇱🇮 Liechtenstein
49.0 9 🇱🇹 Lithuania
50.1 41 🇱🇺 Luxembourg
51.5 38 🇲🇹 Malta
48.1 26 🇳🇱 Netherlands
67.9 50 🇳🇴 Norway
57.9 33 🇵🇱 Poland
53.6 64 🇵🇹 Portugal
51.5 30 🇷🇴 Romania
46.9 29 🇸🇰 Slovakia
48.4 32 🇸🇮 Slovenia
44.2 20 🇪🇸 Spain
47.6 91 🇸🇪 Sweden
61.9 52 🇨🇭 Switzerland
50.5 58 🇬🇧 United Kingdom
60.9 140

Hosting & Data Residency

38%

EU-headquartered provider

62%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 198 33.7%
Amazon Web Services (US) 93 15.8%
Microsoft Azure (US) 91 15.5%
Hetzner (DE) 51 8.7%
OVHcloud (FR) 39 6.6%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.