Skip to main content
All Industries

EU Industry Benchmark

NGO & Nonprofit

Anonymized security posture data for the ngo & nonprofit sector across the EU. Based on 11774 monitored sites.

42.6

Avg. Score /100

D

Avg. Grade

11774

Sites Tracked

-0.0

vs. EU Average

Critical findings in this industry

6247 of 11774 without HTTPS redirect

53.0%

10970 of 11774 with unencrypted email (no STARTTLS)

93.0%

11596 of 11774 without DMARC protection (spoofable)

98.0%

6650 of 11774 missing 3+ critical security headers

56.0%

10235 of 11774 without DNSSEC (vulnerable to DNS spoofing)

87.0%

11377 of 11774 without CAA records (unrestricted certificate issuance)

97.0%

11631 of 11774 without MTA-STS (email downgrade attacks possible)

99.0%

Grade Distribution

A
0 (0.0%)
B
7 (0.0%)
C
530 (5.0%)
D
6854 (58.0%)
F
4383 (37.0%)

Security across Europe

Average security score by country — hover for details, click to explore.

Austria: 43.6/100 (268 sites) Belgia: 43.0/100 (191 sites) Bułgaria: 41.2/100 (32 sites) Chorwacja: 40.6/100 (78 sites) Cypr: 42.3/100 (15 sites) Czechy: 44.1/100 (96 sites) Dania: 46.7/100 (162 sites) Estonia: 43.2/100 (13 sites) Finlandia: 44.3/100 (266 sites) Francja: 40.2/100 (2135 sites) Grecja: 41.2/100 (73 sites) Hiszpania: 41.5/100 (815 sites) Holandia: 48.5/100 (383 sites) Irlandia: 43.7/100 (157 sites) Litwa: 39.7/100 (29 sites) Luksemburg: 42.3/100 (27 sites) Niemcy: 44.1/100 (3643 sites) Norwegia: 46.2/100 (63 sites) Polska: 40.2/100 (517 sites) Portugalia: 41.5/100 (142 sites) Rumunia: 40.4/100 (66 sites) Szwajcaria: 45.7/100 (364 sites) Szwecja: 43.4/100 (118 sites) Słowacja: 41.4/100 (67 sites) Słowenia: 39.5/100 (75 sites) Wielka Brytania: 43.5/100 (713 sites) Węgry: 38.8/100 (78 sites) Włochy: 40.5/100 (1154 sites) Łotwa: 40.1/100 (14 sites)
Worse
Better

Score by Country

🇦🇹 Austria
43.6 268 🇧🇪 Belgia
43.0 191 🇧🇬 Bułgaria
41.2 32 🇭🇷 Chorwacja
40.6 78 🇨🇾 Cypr
42.3 15 🇨🇿 Czechy
44.1 96 🇩🇰 Dania
46.7 162 🇪🇪 Estonia
43.2 13 🇫🇮 Finlandia
44.3 266 🇫🇷 Francja
40.2 2135 🇬🇷 Grecja
41.2 73 🇪🇸 Hiszpania
41.5 815 🇳🇱 Holandia
48.5 383 🇮🇪 Irlandia
43.7 157 🇮🇸 Islandia
42.8 6 🇱🇮 Liechtenstein
42.0 5 🇱🇹 Litwa
39.7 29 🇱🇺 Luksemburg
42.3 27 🇲🇹 Malta
40.9 9 🇩🇪 Niemcy
44.1 3643 🇳🇴 Norwegia
46.2 63 🇵🇱 Polska
40.2 517 🇵🇹 Portugalia
41.5 142 🇷🇴 Rumunia
40.4 66 🇨🇭 Szwajcaria
45.7 364 🇸🇪 Szwecja
43.4 118 🇸🇰 Słowacja
41.4 67 🇸🇮 Słowenia
39.5 75 🇬🇧 Wielka Brytania
43.5 713 🇭🇺 Węgry
38.8 78 🇮🇹 Włochy
40.5 1154 🇱🇻 Łotwa
40.1 14

Hosting & Data Residency

66%

EU-headquartered provider

34%

Non-EU provider (CLOUD Act / Schrems II)

OVHcloud (FR) 1091 19.0%
Cloudflare (US) 983 17.2%
Hetzner (DE) 930 16.2%
IONOS (1&1) (DE) 740 12.9%
Aruba S.p.A. (IT) 480 8.4%

Server location via IP geolocation (MaxMind GeoLite2). Company HQ from ASN registry. A site may be physically hosted in the EU but use a US-headquartered provider subject to the CLOUD Act — per Schrems II (CJEU C-311/18), this requires SCCs with supplementary measures. · GDPR Art. 44–49

How does your site compare?

Run a free security scan and see your grade instantly.

Scan your site

All data is anonymized. No individual sites are identified. Statistics updated weekly.