Skip to main content
All Industries

EU Industry Benchmark

Travel

Anonymized security posture data for the travel sector across the EU. Based on 227 monitored sites.

52.0

Avg. Score /100

D

Avg. Grade

227

Sites Tracked

-2.0

vs. EU Average

Critical findings in this industry

17 of 227 without HTTPS redirect

7.0%

7 of 227 with unencrypted email (no STARTTLS)

3.0%

24 of 227 without DMARC protection (spoofable)

11.0%

144 of 227 missing 3+ critical security headers

63.0%

41 of 227 without DNSSEC (vulnerable to DNS spoofing)

18.0%

46 of 227 without CAA records (unrestricted certificate issuance)

20.0%

49 of 227 without MTA-STS (email downgrade attacks possible)

22.0%

Grade Distribution

A
2 (1.0%)
B
33 (15.0%)
C
42 (19.0%)
D
85 (37.0%)
F
65 (29.0%)

Score by Country

🇦🇹 Austria
64.7 6 🇧🇪 Belgium
54.8 5 🇧🇬 Bulgaria
37.8 4 🇭🇷 Croatia
41.0 3 🇨🇾 Cyprus
12.0 2 🇨🇿 Czech Republic
44.7 7 🇩🇰 Denmark
57.3 11 🇪🇪 Estonia
54.7 3 🇫🇮 Finland
56.0 1 🇫🇷 France
48.3 19 🇩🇪 Germany
53.8 28 🇬🇷 Greece
41.2 5 HK
30.0 1 🇭🇺 Hungary
47.7 7 🇮🇸 Iceland
52.5 2 🇮🇪 Ireland
66.7 6 🇮🇹 Italy
38.0 6 🇱🇻 Latvia
48.0 2 🇱🇹 Lithuania
51.5 4 🇱🇺 Luxembourg
49.5 2 🇲🇹 Malta
41.5 2 🇳🇱 Netherlands
63.7 9 🇳🇴 Norway
51.9 7 🇵🇱 Poland
43.0 7 🇵🇹 Portugal
54.5 2 RS
59.0 1 🇷🇴 Romania
32.2 4 SG
66.0 1 🇸🇰 Slovakia
40.8 5 🇸🇮 Slovenia
46.3 3 🇪🇸 Spain
48.2 13 🇸🇪 Sweden
59.0 11 🇨🇭 Switzerland
53.5 6 TR
79.0 1 US
64.0 9 🇬🇧 United Kingdom
57.8 22

Hosting & Data Residency

14%

EU-headquartered provider

86%

Non-EU provider (CLOUD Act / Schrems II)

Amazon Web Services (US) 49 31.4%
Cloudflare (US) 37 23.7%
Google Cloud (US) 17 10.9%
Microsoft Azure (US) 12 7.7%
Akamai (US) 12 7.7%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.