Skip to main content
All Industries

EU Industry Benchmark

Hospitality

Anonymized security posture data for the hospitality sector across the EU. Based on 109653 monitored sites.

41.6

Avg. Score /100

D

Avg. Grade

109653

Sites Tracked

-1.0

vs. EU Average

Critical findings in this industry

62195 of 109653 without HTTPS redirect

57.0%

102517 of 109653 with unencrypted email (no STARTTLS)

93.0%

108483 of 109653 without DMARC protection (spoofable)

99.0%

63486 of 109653 missing 3+ critical security headers

58.0%

94418 of 109653 without DNSSEC (vulnerable to DNS spoofing)

86.0%

106949 of 109653 without CAA records (unrestricted certificate issuance)

98.0%

109492 of 109653 without MTA-STS (email downgrade attacks possible)

100.0%

Grade Distribution

A
0 (0.0%)
B
26 (0.0%)
C
2725 (2.0%)
D
63447 (58.0%)
F
43455 (40.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 41.8/100 (7140 sites) Belgium: 42.9/100 (1723 sites) Bulgaria: 40.8/100 (769 sites) Croatia: 41.1/100 (993 sites) Cyprus: 41.3/100 (197 sites) Czech Republic: 41.5/100 (3077 sites) Denmark: 43.6/100 (1224 sites) Estonia: 43.0/100 (348 sites) Finland: 42.1/100 (883 sites) France: 40.1/100 (13474 sites) Germany: 42.2/100 (25127 sites) Greece: 41.3/100 (2597 sites) Hungary: 40.2/100 (1260 sites) Ireland: 43.1/100 (1033 sites) Italy: 40.9/100 (14460 sites) Latvia: 40.9/100 (228 sites) Lithuania: 40.4/100 (468 sites) Luxembourg: 41.4/100 (121 sites) Netherlands: 45.2/100 (4609 sites) Norway: 44.2/100 (1357 sites) Poland: 38.2/100 (6311 sites) Portugal: 42.3/100 (1409 sites) Romania: 41.4/100 (1217 sites) Slovakia: 41.7/100 (1518 sites) Slovenia: 39.8/100 (515 sites) Spain: 41.7/100 (7001 sites) Sweden: 43.2/100 (1510 sites) Switzerland: 44.4/100 (2771 sites) United Kingdom: 41.5/100 (5899 sites)
Worse
Better

Score by Country

🇦🇹 Austria
41.8 7140 🇧🇪 Belgium
42.9 1723 🇧🇬 Bulgaria
40.8 769 🇭🇷 Croatia
41.1 993 🇨🇾 Cyprus
41.3 197 🇨🇿 Czech Republic
41.5 3077 🇩🇰 Denmark
43.6 1224 🇪🇪 Estonia
43.0 348 🇫🇮 Finland
42.1 883 🇫🇷 France
40.1 13474 🇩🇪 Germany
42.2 25127 🇬🇷 Greece
41.3 2597 🇭🇺 Hungary
40.2 1260 🇮🇸 Iceland
42.9 275 🇮🇪 Ireland
43.1 1033 🇮🇹 Italy
40.9 14460 🇱🇻 Latvia
40.9 228 🇱🇮 Liechtenstein
41.1 13 🇱🇹 Lithuania
40.4 468 🇱🇺 Luxembourg
41.4 121 🇲🇹 Malta
41.3 126 🇳🇱 Netherlands
45.2 4609 🇳🇴 Norway
44.2 1357 🇵🇱 Poland
38.2 6311 🇵🇹 Portugal
42.3 1409 🇷🇴 Romania
41.4 1217 🇸🇰 Slovakia
41.7 1518 🇸🇮 Slovenia
39.8 515 🇪🇸 Spain
41.7 7001 🇸🇪 Sweden
43.2 1510 🇨🇭 Switzerland
44.4 2771 🇬🇧 United Kingdom
41.5 5899

Hosting & Data Residency

62%

EU-headquartered provider

38%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 9315 17.0%
IONOS (1&1) (DE) 8463 15.5%
OVHcloud (FR) 7192 13.2%
Hetzner (DE) 7150 13.1%
Amazon Web Services (US) 5955 10.9%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.