EU Industry Benchmark
Government
Anonymized security posture data for the government sector across the EU. Based on 1616 monitored sites.
44.0
Avg. Score /100
D
Avg. Grade
1616
Sites Tracked
+4.0
vs. EU Average
Critical findings in this industry
1400 of 1616 without HTTPS redirect
1585 of 1616 with unencrypted email (no STARTTLS)
1605 of 1616 without DMARC protection (spoofable)
367 of 1616 missing 3+ critical security headers
1193 of 1616 without DNSSEC (vulnerable to DNS spoofing)
1368 of 1616 without CAA records (unrestricted certificate issuance)
1511 of 1616 without MTA-STS (email downgrade attacks possible)
Grade Distribution
Security across Europe
Average security score by country — hover for details, click to explore.
/100 · sites
Score by Country
Hosting & Data Residency
38%
EU-headquartered provider
62%
Non-EU provider (CLOUD Act / Schrems II)
Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49
All data is anonymized. No individual sites are identified. Statistics updated weekly.