Skip to main content
All Industries

EU Industry Benchmark

Real Estate

Anonymized security posture data for the real estate sector across the EU. Based on 11929 monitored sites.

42.8

Avg. Score /100

D

Avg. Grade

11929

Sites Tracked

-1.0

vs. EU Average

Critical findings in this industry

6703 of 11929 without HTTPS redirect

56.0%

8057 of 11929 with unencrypted email (no STARTTLS)

68.0%

10177 of 11929 without DMARC protection (spoofable)

85.0%

6555 of 11929 missing 3+ critical security headers

55.0%

10516 of 11929 without DNSSEC (vulnerable to DNS spoofing)

88.0%

11605 of 11929 without CAA records (unrestricted certificate issuance)

97.0%

11871 of 11929 without MTA-STS (email downgrade attacks possible)

100.0%

Grade Distribution

A
0 (0.0%)
B
34 (0.0%)
C
686 (6.0%)
D
6525 (55.0%)
F
4684 (39.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 43.7/100 (162 sites) Belgium: 46.7/100 (353 sites) Bulgaria: 42.7/100 (47 sites) Croatia: 43.0/100 (24 sites) Cyprus: 41.4/100 (49 sites) Czech Republic: 45.7/100 (94 sites) Denmark: 49.1/100 (46 sites) Estonia: 46.3/100 (24 sites) Finland: 46.9/100 (127 sites) France: 40.5/100 (3785 sites) Germany: 42.7/100 (1801 sites) Greece: 43.6/100 (36 sites) Hungary: 43.9/100 (47 sites) Ireland: 46.3/100 (175 sites) Italy: 40.7/100 (745 sites) Latvia: 43.1/100 (18 sites) Lithuania: 46.3/100 (15 sites) Luxembourg: 44.1/100 (35 sites) Netherlands: 46.7/100 (660 sites) Norway: 51.5/100 (28 sites) Poland: 43.1/100 (416 sites) Portugal: 46.3/100 (168 sites) Romania: 45.7/100 (46 sites) Slovakia: 45.8/100 (137 sites) Slovenia: 42.8/100 (24 sites) Spain: 42.8/100 (618 sites) Sweden: 47.3/100 (84 sites) Switzerland: 47.7/100 (189 sites) United Kingdom: 43.7/100 (1945 sites)
Worse
Better

Score by Country

🇦🇹 Austria
43.7 162 🇧🇪 Belgium
46.7 353 🇧🇬 Bulgaria
42.7 47 🇭🇷 Croatia
43.0 24 🇨🇾 Cyprus
41.4 49 🇨🇿 Czech Republic
45.7 94 🇩🇰 Denmark
49.1 46 🇪🇪 Estonia
46.3 24 🇫🇮 Finland
46.9 127 🇫🇷 France
40.5 3785 🇩🇪 Germany
42.7 1801 🇬🇷 Greece
43.6 36 🇭🇺 Hungary
43.9 47 🇮🇸 Iceland
40.1 11 🇮🇪 Ireland
46.3 175 🇮🇹 Italy
40.7 745 🇱🇻 Latvia
43.1 18 🇱🇮 Liechtenstein
40.2 6 🇱🇹 Lithuania
46.3 15 🇱🇺 Luxembourg
44.1 35 🇲🇹 Malta
41.8 14 🇳🇱 Netherlands
46.7 660 🇳🇴 Norway
51.5 28 🇵🇱 Poland
43.1 416 🇵🇹 Portugal
46.3 168 🇷🇴 Romania
45.7 46 🇸🇰 Slovakia
45.8 137 🇸🇮 Slovenia
42.8 24 🇪🇸 Spain
42.8 618 🇸🇪 Sweden
47.3 84 🇨🇭 Switzerland
47.7 189 🇬🇧 United Kingdom
43.7 1945

Hosting & Data Residency

58%

EU-headquartered provider

42%

Non-EU provider (CLOUD Act / Schrems II)

OVHcloud (FR) 1703 26.2%
Amazon Web Services (US) 1129 17.4%
Cloudflare (US) 1120 17.2%
IONOS (1&1) (DE) 716 11.0%
Hetzner (DE) 543 8.4%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.