Skip to main content
All Industries

EU Industry Benchmark

Pharma

Anonymized security posture data for the pharma sector across the EU. Based on 13679 monitored sites.

45.2

Avg. Score /100

D

Avg. Grade

13679

Sites Tracked

+2.0

vs. EU Average

Critical findings in this industry

7358 of 13679 without HTTPS redirect

54.0%

7986 of 13679 with unencrypted email (no STARTTLS)

58.0%

11205 of 13679 without DMARC protection (spoofable)

82.0%

6937 of 13679 missing 3+ critical security headers

51.0%

12328 of 13679 without DNSSEC (vulnerable to DNS spoofing)

90.0%

13418 of 13679 without CAA records (unrestricted certificate issuance)

98.0%

13636 of 13679 without MTA-STS (email downgrade attacks possible)

100.0%

Grade Distribution

A
0 (0.0%)
B
63 (0.0%)
C
1238 (9.0%)
D
8180 (60.0%)
F
4198 (31.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 43.2/100 (651 sites) Belgium: 48.4/100 (638 sites) Bulgaria: 43.0/100 (44 sites) Croatia: 42.2/100 (49 sites) Cyprus: 43.2/100 (8 sites) Czech Republic: 43.7/100 (169 sites) Denmark: 47.0/100 (92 sites) Estonia: 44.2/100 (9 sites) Finland: 43.2/100 (583 sites) France: 42.0/100 (1821 sites) Germany: 47.1/100 (5994 sites) Greece: 43.8/100 (42 sites) Hungary: 43.4/100 (81 sites) Ireland: 45.0/100 (122 sites) Italy: 41.2/100 (1000 sites) Latvia: 45.7/100 (23 sites) Lithuania: 48.2/100 (19 sites) Luxembourg: 43.2/100 (16 sites) Netherlands: 49.8/100 (426 sites) Norway: 57.2/100 (19 sites) Poland: 42.4/100 (217 sites) Portugal: 44.8/100 (75 sites) Romania: 47.2/100 (54 sites) Slovakia: 46.1/100 (82 sites) Slovenia: 46.3/100 (36 sites) Spain: 41.9/100 (502 sites) Sweden: 49.5/100 (38 sites) Switzerland: 47.3/100 (338 sites) United Kingdom: 42.0/100 (504 sites)
Worse
Better

Score by Country

🇦🇹 Austria
43.2 651 🇧🇪 Belgium
48.4 638 🇧🇬 Bulgaria
43.0 44 🇭🇷 Croatia
42.2 49 🇨🇾 Cyprus
43.2 8 🇨🇿 Czech Republic
43.7 169 🇩🇰 Denmark
47.0 92 🇪🇪 Estonia
44.2 9 🇪🇺 European Union
60.0 1 🇫🇮 Finland
43.2 583 🇫🇷 France
42.0 1821 🇩🇪 Germany
47.1 5994 🇬🇷 Greece
43.8 42 🇭🇺 Hungary
43.4 81 🇮🇸 Iceland
52.7 9 🇮🇪 Ireland
45.0 122 🇮🇹 Italy
41.2 1000 🇱🇻 Latvia
45.7 23 🇱🇮 Liechtenstein
53.5 4 🇱🇹 Lithuania
48.2 19 🇱🇺 Luxembourg
43.2 16 🇲🇹 Malta
45.5 13 🇳🇱 Netherlands
49.8 426 🇳🇴 Norway
57.2 19 🇵🇱 Poland
42.4 217 🇵🇹 Portugal
44.8 75 🇷🇴 Romania
47.2 54 🇸🇰 Slovakia
46.1 82 🇸🇮 Slovenia
46.3 36 🇪🇸 Spain
41.9 502 🇸🇪 Sweden
49.5 38 🇨🇭 Switzerland
47.3 338 🇬🇧 United Kingdom
42.0 504

Hosting & Data Residency

52%

EU-headquartered provider

48%

Non-EU provider (CLOUD Act / Schrems II)

Amazon Web Services (US) 2011 27.7%
Cloudflare (US) 833 11.5%
Hetzner (DE) 805 11.1%
OVHcloud (FR) 801 11.0%
IONOS (1&1) (DE) 762 10.5%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.