Skip to main content
All Industries

EU Industry Benchmark

Regulatory

Anonymized security posture data for the regulatory sector across the EU. Based on 347 monitored sites.

45.5

Avg. Score /100

D

Avg. Grade

347

Sites Tracked

+5.0

vs. EU Average

Critical findings in this industry

281 of 347 without HTTPS redirect

81.0%

344 of 347 with unencrypted email (no STARTTLS)

99.0%

347 of 347 without DMARC protection (spoofable)

100.0%

84 of 347 missing 3+ critical security headers

24.0%

249 of 347 without DNSSEC (vulnerable to DNS spoofing)

72.0%

297 of 347 without CAA records (unrestricted certificate issuance)

86.0%

330 of 347 without MTA-STS (email downgrade attacks possible)

95.0%

Grade Distribution

A
0 (0.0%)
B
2 (1.0%)
C
41 (12.0%)
D
205 (59.0%)
F
99 (29.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Hosting & Data Residency

28%

EU-headquartered provider

72%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 49 35.8%
Amazon Web Services (US) 25 18.2%
Microsoft Azure (US) 17 12.4%
Hetzner (DE) 11 8.0%
OVHcloud (FR) 9 6.6%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.