Skip to main content
All Industries

EU Industry Benchmark

Hospitality

Anonymized security posture data for the hospitality sector across the EU. Based on 512 monitored sites.

43.1

Avg. Score /100

D

Avg. Grade

512

Sites Tracked

-11.0

vs. EU Average

Critical findings in this industry

73 of 512 without HTTPS redirect

14.0%

30 of 512 with unencrypted email (no STARTTLS)

6.0%

108 of 512 without DMARC protection (spoofable)

21.0%

378 of 512 missing 3+ critical security headers

74.0%

149 of 512 without DNSSEC (vulnerable to DNS spoofing)

29.0%

156 of 512 without CAA records (unrestricted certificate issuance)

30.0%

160 of 512 without MTA-STS (email downgrade attacks possible)

31.0%

Grade Distribution

A
8 (2.0%)
B
22 (4.0%)
C
77 (15.0%)
D
199 (39.0%)
F
206 (40.0%)

Score by Country

🇦🇹 Austria
39.3 31 🇧🇪 Belgium
40.8 10 🇧🇬 Bulgaria
41.2 4 🇭🇷 Croatia
39.7 19 🇨🇾 Cyprus
45.3 10 🇨🇿 Czech Republic
33.1 17 🇩🇰 Denmark
37.7 16 🇪🇪 Estonia
25.7 7 🇫🇮 Finland
50.6 11 🇫🇷 France
50.9 36 🇩🇪 Germany
46.8 49 🇬🇷 Greece
37.4 26 🇭🇺 Hungary
34.4 11 🇮🇸 Iceland
54.7 7 🇮🇪 Ireland
47.8 17 🇮🇹 Italy
35.8 33 🇱🇻 Latvia
36.0 8 🇱🇮 Liechtenstein
23.7 3 🇱🇹 Lithuania
32.0 7 🇱🇺 Luxembourg
38.3 3 🇲🇹 Malta
33.2 4 🇳🇱 Netherlands
46.9 22 🇳🇴 Norway
65.0 16 🇵🇱 Poland
32.4 12 🇵🇹 Portugal
43.8 23 🇷🇴 Romania
37.6 10 🇸🇰 Slovakia
42.0 6 🇸🇮 Slovenia
36.7 12 🇪🇸 Spain
42.6 41 🇸🇪 Sweden
56.1 11 🇨🇭 Switzerland
46.9 12 🇬🇧 United Kingdom
55.6 18

Hosting & Data Residency

30%

EU-headquartered provider

70%

Non-EU provider (CLOUD Act / Schrems II)

Amazon Web Services (US) 92 32.7%
Cloudflare (US) 60 21.4%
Hetzner (DE) 23 8.2%
Microsoft Azure (US) 22 7.8%
OVHcloud (FR) 20 7.1%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.