EU Industry Benchmark

Sports

Anonymized security posture data for the sports sector across the EU. Based on 394 monitored sites.

41.5

Avg. Score /100

D

Avg. Grade

394

Sites Tracked

-12.0

vs. EU Average

Critical findings in this industry

47 of 394 without HTTPS redirect

12.0%

12 of 394 with unencrypted email (no STARTTLS)

3.0%

72 of 394 without DMARC protection (spoofable)

18.0%

311 of 394 missing 3+ critical security headers

79.0%

90 of 394 without DNSSEC (vulnerable to DNS spoofing)

23.0%

106 of 394 without CAA records (unrestricted certificate issuance)

27.0%

106 of 394 without MTA-STS (email downgrade attacks possible)

27.0%

Grade Distribution

A

0 (0.0%)

B

19 (5.0%)

C

47 (12.0%)

D

144 (37.0%)

F

184 (47.0%)

Score by Country

🇦🇹 Austria

42.8 11 🇧🇪 Belgium

41.9 18 🇧🇬 Bulgaria

35.3 3 🇭🇷 Croatia

34.2 5 🇨🇿 Czech Republic

36.4 10 🇩🇰 Denmark

41.6 11 🇪🇺 European Union

30.0 1 🇫🇮 Finland

49.9 10 🇫🇷 France

43.1 34 🇩🇪 Germany

39.0 49 🇬🇷 Greece

37.7 9 🇭🇺 Hungary

28.5 4 🇮🇪 Ireland

44.6 7 🇮🇹 Italy

39.5 28 🇱🇹 Lithuania

33.0 1 🇳🇱 Netherlands

55.7 20 🇳🇴 Norway

44.2 11 🇵🇱 Poland

42.1 12 🇵🇹 Portugal

26.5 6 🇷🇴 Romania

34.9 8 🇸🇰 Slovakia

47.5 2 🇸🇮 Slovenia

30.0 1 🇪🇸 Spain

45.2 27 🇸🇪 Sweden

41.6 22 🇨🇭 Switzerland

49.3 3 🇬🇧 United Kingdom

Hosting & Data Residency

27%

EU-headquartered provider

73%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 77 31.8%

Amazon Web Services (US) 73 30.2%

Microsoft Azure (US) 30 12.4%

Hetzner (DE) 18 7.4%

OVHcloud (FR) 14 5.8%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

All data is anonymized. No individual sites are identified. Statistics updated weekly.