Skip to main content
All Industries

EU Industry Benchmark

Professional Services

Anonymized security posture data for the professional services sector across the EU. Based on 15420 monitored sites.

43.8

Avg. Score /100

D

Avg. Grade

15420

Sites Tracked

+1.0

vs. EU Average

Critical findings in this industry

7777 of 15420 without HTTPS redirect

50.0%

13992 of 15420 with unencrypted email (no STARTTLS)

91.0%

15150 of 15420 without DMARC protection (spoofable)

98.0%

9204 of 15420 missing 3+ critical security headers

60.0%

13247 of 15420 without DNSSEC (vulnerable to DNS spoofing)

86.0%

14990 of 15420 without CAA records (unrestricted certificate issuance)

97.0%

15187 of 15420 without MTA-STS (email downgrade attacks possible)

98.0%

Grade Distribution

A
0 (0.0%)
B
14 (0.0%)
C
756 (5.0%)
D
10121 (66.0%)
F
4529 (29.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Hosting & Data Residency

64%

EU-headquartered provider

36%

Non-EU provider (CLOUD Act / Schrems II)

IONOS (1&1) (DE) 1799 22.4%
Cloudflare (US) 1097 13.7%
Hetzner (DE) 920 11.5%
OVHcloud (FR) 905 11.3%
Strato (DE) 839 10.5%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.