Skip to main content
All Industries

EU Industry Benchmark

Transport

Anonymized security posture data for the transport sector across the EU. Based on 488 monitored sites.

51.1

Avg. Score /100

D

Avg. Grade

488

Sites Tracked

+8.0

vs. EU Average

Critical findings in this industry

269 of 488 without HTTPS redirect

55.0%

315 of 488 with unencrypted email (no STARTTLS)

65.0%

291 of 488 without DMARC protection (spoofable)

60.0%

175 of 488 missing 3+ critical security headers

36.0%

405 of 488 without DNSSEC (vulnerable to DNS spoofing)

83.0%

428 of 488 without CAA records (unrestricted certificate issuance)

88.0%

473 of 488 without MTA-STS (email downgrade attacks possible)

97.0%

Grade Distribution

A
0 (0.0%)
B
21 (4.0%)
C
95 (19.0%)
D
292 (60.0%)
F
80 (16.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 51.3/100 (9 sites) Belgium: 58.2/100 (17 sites) Bulgaria: 42.7/100 (7 sites) Croatia: 48.8/100 (5 sites) Cyprus: 47.0/100 (6 sites) Czech Republic: 50.9/100 (11 sites) Denmark: 46.8/100 (17 sites) Estonia: 48.8/100 (9 sites) Finland: 52.1/100 (8 sites) France: 51.5/100 (28 sites) Germany: 53.7/100 (57 sites) Greece: 46.3/100 (9 sites) Hungary: 46.8/100 (6 sites) Ireland: 55.2/100 (9 sites) Italy: 50.4/100 (30 sites) Latvia: 51.2/100 (8 sites) Lithuania: 52.3/100 (7 sites) Luxembourg: 46.0/100 (12 sites) Netherlands: 57.7/100 (13 sites) Norway: 54.5/100 (15 sites) Poland: 51.8/100 (27 sites) Portugal: 52.6/100 (12 sites) Romania: 51.0/100 (8 sites) Slovakia: 45.3/100 (10 sites) Slovenia: 43.2/100 (13 sites) Spain: 49.3/100 (42 sites) Sweden: 56.8/100 (13 sites) Switzerland: 54.0/100 (20 sites) United Kingdom: 49.7/100 (39 sites)
Worse
Better

Score by Country

🇦🇹 Austria
51.3 9 🇧🇪 Belgium
58.2 17 🇧🇬 Bulgaria
42.7 7 🇭🇷 Croatia
48.8 5 🇨🇾 Cyprus
47.0 6 🇨🇿 Czech Republic
50.9 11 🇩🇰 Denmark
46.8 17 🇪🇪 Estonia
48.8 9 🇪🇺 European Union
46.8 6 🇫🇮 Finland
52.1 8 🇫🇷 France
51.5 28 🇩🇪 Germany
53.7 57 🇬🇷 Greece
46.3 9 🇭🇺 Hungary
46.8 6 🇮🇸 Iceland
49.7 7 🇮🇪 Ireland
55.2 9 🇮🇹 Italy
50.4 30 🇱🇻 Latvia
51.2 8 🇱🇮 Liechtenstein
62.0 3 🇱🇹 Lithuania
52.3 7 🇱🇺 Luxembourg
46.0 12 🇲🇹 Malta
52.4 5 🇳🇱 Netherlands
57.7 13 🇳🇴 Norway
54.5 15 🇵🇱 Poland
51.8 27 🇵🇹 Portugal
52.6 12 🇷🇴 Romania
51.0 8 🇸🇰 Slovakia
45.3 10 🇸🇮 Slovenia
43.2 13 🇪🇸 Spain
49.3 42 🇸🇪 Sweden
56.8 13 🇨🇭 Switzerland
54.0 20 🇬🇧 United Kingdom
49.7 39

Hosting & Data Residency

15%

EU-headquartered provider

85%

Non-EU provider (CLOUD Act / Schrems II)

Cloudflare (US) 116 39.2%
Amazon Web Services (US) 72 24.3%
Microsoft Azure (US) 35 11.8%
Akamai (US) 30 10.1%
OVHcloud (FR) 9 3.0%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.