Security Directory

V

Valeo

valeo.com

54

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

M

Merkle

merkleinc.com

49

The website exhibits a poor overall security posture with critical vulnerabilities that expose it to significant risks. The absence of HTTPS encryption is the most alarming issue, affecting GDPR compliance, NIS2 regulations, and user data confidentiality. Key security headers are missing, increasing susceptibility to common web attacks such as cross-site scripting and data leakage. The lack of essential GDPR components, including a cookie consent banner and compliant privacy policy, poses legal and reputational risks. Organizational security maturity is low, with no documented security policies, incident response plans, or vulnerability disclosure processes, indicating weak governance. Email security is moderate but requires improvements to prevent phishing and spoofing attacks. DNS security is relatively strong, while network security demonstrates a good posture. Immediate remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

B

Balt Group

balt.fr

50

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

M

MARK

meyerbergman.com

53

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and regulatory compliance. Key security headers are partially missing, reducing protection against common web attacks. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, and insufficient privacy documentation, risking legal penalties and reputational damage. The NIS2-related controls are almost entirely absent, indicating a lack of fundamental security governance, incident response, and business continuity planning. While email and network security are strong, the critical gaps in encryption and governance overshadow these strengths. DNS security is moderate but could be improved to further harden the domain against tampering. Immediate remediation is necessary to protect customer data, comply with regulations, and maintain business continuity and trust.

The website's overall security posture is currently poor, with multiple critical and high-severity vulnerabilities that expose the business to significant risks. The absence of HTTPS encryption is the most critical issue, compromising data confidentiality and user trust, and violating GDPR and NIS2 regulations. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing susceptibility to common web attacks such as man-in-the-middle and cross-site scripting. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms, risking regulatory fines and reputational damage. The organization also lacks essential information security frameworks, incident response plans, and security documentation, undermining its ability to manage and respond to security incidents effectively. Email security and network security show relatively better posture but still require improvements. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold customer trust. Without addressing these critical gaps, the business faces elevated risks of data breaches, legal penalties, and operational disruptions.

S

SIPCAM OXON

sipcam-oxon.com

52

The website's overall security posture is currently poor, with multiple critical and high-severity issues exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and integrity while violating GDPR and NIS2 regulations. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. GDPR compliance is weak due to missing cookie consent mechanisms and incomplete privacy policies, risking legal penalties and reputational damage. The organization's information security governance is insufficient, lacking documented policies, incident response procedures, and vulnerability disclosure protocols. While email security and network security show strengths, foundational web security and regulatory compliance must be urgently addressed to safeguard customer data and maintain business continuity. Immediate remediation is essential to avoid potential data loss, regulatory fines, and erosion of customer trust.

M

Mercedes-AMG PETRONAS F1 Team

mercedesamgf1.com

54

The website's overall security posture is critically weak, with significant gaps in encryption, regulatory compliance, and security governance. The absence of HTTPS encryption represents a major vulnerability, exposing user data to interception and undermining trust. GDPR compliance is severely lacking, with missing privacy policies, cookie consent mechanisms, and inadequate third-party data handling disclosures, risking legal penalties and reputational damage. The organization also lacks fundamental security frameworks required under NIS2 regulations, such as incident response plans and security policies, which exposes it to operational risks and regulatory sanctions. While some network and email security measures are robust, critical areas like SSL/TLS encryption and security headers need urgent attention. DNS security is moderate but can be improved to further reduce attack surface. Immediate remediation is essential to protect business operations, customer trust, and ensure compliance with legal requirements.

P

ProTech Monte-Carlo

protech.mc

42

The website's overall security posture is critically weak, with major deficiencies in foundational security controls such as HTTPS encryption and essential security headers. Lack of HTTPS exposes user data to interception and undermines trust, while missing security headers increase vulnerability to common web attacks like clickjacking and XSS. Additionally, the absence of GDPR compliance elements such as Privacy and Cookie Policies and consent mechanisms risks regulatory penalties and damages customer trust. The site also lacks critical NIS2 framework components including incident response, security policies, and business continuity plans, which could impair the organization's ability to respond to and recover from cyber incidents. While email security and network security show relatively strong scores, the critical gaps in encryption and policy documentation represent immediate threats to business continuity and reputation. Overall, urgent remediation is needed to secure customer data, ensure regulatory compliance, and protect the business from reputational and financial harm. Failure to act promptly may result in data breaches, legal consequences, and loss of customer confidence.

R

RG Capital | Allworth Financial

rgcapital.net

66

The website's security posture presents significant risks, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. While network security is strong, several medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DNSSEC, and incomplete email authentication (no DKIM) indicate gaps in regulatory adherence and protection against common attack vectors. The failure to implement GDPR and NIS2 requirements could lead to legal and financial penalties, impacting business reputation and operations. DNS configuration weaknesses further increase susceptibility to domain spoofing and DNS attacks. Although some areas like network security and CAA records show positive scores, these do not compensate for the critical encryption flaw. Immediate remediation is essential to safeguard customer data, ensure compliance, and maintain trust. A structured approach focusing on encryption, compliance, and authentication will mitigate the most significant risks effectively.

N

Nyetimber Limited

nyetimber.com

45

The website exhibits a critically weak security posture with multiple severe vulnerabilities that expose it to significant risks including data breaches, compliance violations, and service interruptions. The absence of HTTPS encryption, flagged as critical across SSL/TLS, GDPR, and NIS2 compliance areas, is the most alarming issue, leaving all data transmissions vulnerable to interception and manipulation. Key security headers critical for protecting against common web attacks are missing, increasing the risk of clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is poor, notably lacking a cookie consent mechanism and potentially non-compliant privacy policies, which could result in regulatory penalties and damage to customer trust. NIS2 directives are largely unmet, with no documented security policies, incident response plans, or information security frameworks, exposing the business to operational risks and regulatory enforcement. Email security is moderately better but still incomplete, with missing DKIM records and weak DMARC enforcement that could facilitate phishing attacks. DNS security is fairly strong, but the absence of DNSSEC and CAA records leaves some attack vectors open. Network security within the infrastructure is solid, providing a good foundation to build upon. Immediate attention is required to address critical encryption and compliance gaps to protect the business, customers, and reputation.

T

Tyrus Capital

tyruscap.com

55

The website's overall security posture exhibits significant critical weaknesses, particularly the complete absence of HTTPS encryption, which exposes all transmitted data to interception and undermines regulatory compliance. Governance frameworks such as GDPR and NIS2 are poorly implemented, reflected in low scores and missing key elements including cookie consent, security policies, and incident response plans. While network security and email security show relative strength, critical gaps in secure communications and policy frameworks present substantial operational and reputational risks. The lack of GDPR-compliant privacy practices further increases the risk of regulatory penalties and customer trust erosion. Security headers are moderately implemented but missing important controls like the Permissions-Policy header. DNS security is partially addressed but lacks DNSSEC and CAA records, which could expose domain-related attacks. Immediate remediation is required to ensure data confidentiality, regulatory compliance, and resilience against cyber threats.

E

Euro Events

euro-events.nl

45

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Key security headers like Strict-Transport-Security and Content-Security-Policy are missing, increasing vulnerability to web-based attacks. Compliance with GDPR and NIS2 regulations is insufficient, notably with no privacy or cookie policies, lack of incident response plans, and missing security documentation. Although email security and network security show relatively strong postures, critical gaps in core web security and legal compliance overshadow these strengths. Immediate remediation is essential to protect customer data, meet regulatory obligations, and maintain business continuity. Without urgent action, the business risks legal penalties, customer trust erosion, and potential operational disruptions. Investment in a comprehensive security framework and governance is urgently needed to elevate the security maturity level.

E

Energy Intelligence Group, Inc.

energyintel.com

54

The website's overall security posture is currently poor, with multiple critical and high-severity issues that pose significant risks to both data protection and regulatory compliance. The absence of HTTPS encryption is the most critical vulnerability, exposing user data to interception and undermining trust. Compliance with GDPR and NIS2 regulations is severely lacking, including missing cookie policies, consent mechanisms, and essential security governance documentation. While email security and network security appear strong, fundamental web security headers and DNS configurations require improvement. The failure to implement proper incident response and business continuity plans further increases operational risk. Immediate remediation is essential to protect sensitive customer information, maintain regulatory compliance, and safeguard the organization's reputation. Without urgent action, the business risks data breaches, legal penalties, and loss of customer confidence.

M

Maison Goyard

goyard.com

52

The website's overall security posture reveals significant critical vulnerabilities, notably the complete lack of HTTPS encryption, which poses immediate risks to data confidentiality and user trust. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanisms, exposing the business to regulatory penalties and reputational damage. The absence of fundamental information security frameworks and incident response procedures further increases operational risk and potential downtime from security incidents. While network security and DNS health show relatively strong scores, critical gaps in TLS/SSL and email security configurations undermine these strengths. Security headers are partially implemented but missing key policies that help mitigate common web-based attacks. Immediate remediation is necessary to safeguard customer data, comply with regulations, and protect business continuity. Addressing these issues will also enhance customer confidence and reduce legal and financial exposure.

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Multiple high and critical issues indicate significant gaps in compliance with GDPR and NIS2 regulations, risking legal penalties and reputational damage. The lack of privacy and cookie policies, as well as no cookie consent mechanism, further exacerbates regulatory non-compliance. Security headers are inadequately configured, increasing vulnerability to common web attacks like clickjacking and cross-site scripting. Incident response, security policies, and business continuity planning are either missing or insufficient, leaving the organization unprepared for cyber incidents. Although email security and network security show strong scores, these strengths are overshadowed by critical website and data protection failures. DNS health is moderately good but can be improved with DNSSEC and proper CAA records. Immediate remediation is essential to safeguard sensitive information, maintain customer trust, and ensure regulatory adherence.

P

Philips

philips.com

52

The website's overall security posture is concerning, with critical vulnerabilities related to the absence of HTTPS encryption, exposing all data transmissions to interception and manipulation. Compliance with GDPR and NIS2 regulations is severely lacking, including missing privacy and cookie policies, no cookie consent banner, and inadequate information security governance. While email and network security are strong, foundational security controls such as security headers and DNS health need improvement. The absence of incident response and business continuity plans further increases operational risk. Failure to comply with GDPR can result in significant legal penalties and reputational damage, while NIS2 non-compliance may affect business continuity and regulatory standing. Immediate remediation is essential to protect customer data, maintain trust, and avoid regulatory fines. The website is currently vulnerable to data breaches, regulatory penalties, and potential service disruptions due to these gaps.

O

One Partners

onepartners.com.br

42

The website's overall security posture is critically weak, exposing the business to significant cyber risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability impacting data confidentiality and user trust, with cascading effects on GDPR and NIS2 compliance. Multiple missing security headers increase susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. The exposure of critical services like MySQL and FTP without adequate protections further elevates the risk of data breaches and unauthorized access. Additionally, the lack of essential documentation and policies—including privacy, cookie, security, and incident response—exposes the organization to legal and operational risks. Although email security and DNS health scores are relatively strong, they do not compensate for the critical infrastructure and governance gaps. Immediate remediation is necessary to protect sensitive data, maintain customer confidence, and ensure regulatory compliance. Failure to act could result in financial losses, reputational damage, and potential regulatory penalties.

V

VENUS

venus.com

51

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trustworthiness. Compliance with GDPR and NIS2 regulations is severely lacking, with no cookie policies, consent mechanisms, or documented security frameworks in place, putting the business at significant legal and operational risk. While network security and DNS health scores are relatively strong, critical gaps in encryption and incident response capabilities overshadow these strengths. Security headers and email security have moderate scores but require improvements to reduce attack surface and phishing risks. The lack of HTTPS also negatively impacts SEO and customer confidence. Immediate remediation is necessary to protect sensitive information, ensure regulatory compliance, and maintain business continuity. Failure to address these issues could result in data breaches, regulatory penalties, and reputational damage. The current state indicates an urgent need for a strategic security overhaul aligned with industry standards and legal requirements.

I

Indigo Books & Music Inc.

indigo.ca

54

The website's overall security posture reveals significant critical vulnerabilities, notably the complete absence of HTTPS encryption, which exposes data in transit to interception and compromises user trust. Compliance-related deficiencies are severe, with extremely low GDPR and NIS2 scores indicating non-compliance risks that could result in substantial regulatory penalties and reputational damage. While network security and email security are relatively strong, foundational security controls such as security headers are only moderately implemented and require improvement. The lack of formal security policies, incident response procedures, and vulnerability disclosure mechanisms further amplifies the organization's risk exposure. Additionally, missing cookie consent mechanisms and privacy policy issues threaten legal compliance with data protection laws. DNS health is good but can be enhanced by enabling DNSSEC to prevent DNS spoofing attacks. Immediate remediation is essential to protect sensitive user data, ensure regulatory compliance, and maintain business continuity.

T

TB Events

tbevents.nl

38

The website exhibits a severely deficient security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most critical flaw, leaving all data transmissions unprotected and violating EU GDPR and NIS2 regulations. Key security headers are missing, increasing the risk of clickjacking, cross-site scripting, and content injection attacks. The lack of privacy policies and cookie consent mechanisms further exposes the business to legal and compliance penalties under GDPR. Critical gaps in information security frameworks, incident response, and business continuity planning indicate immature security governance. Email security mechanisms like DMARC and DKIM are partially implemented but need enforcement and reporting improvements. DNS security is moderate but can be enhanced by enabling DNSSEC and configuring CAA records. Overall, urgent remediation of encryption, privacy compliance, and security policy documentation is essential to safeguard business operations and customer trust.

D

Deloitte

deloitte.be

50

The website exhibits significant security and compliance deficiencies that present substantial business risks. Critical issues such as lack of HTTPS encryption and inadequate privacy measures expose the organization to data breaches, regulatory penalties, and reputational damage, especially under GDPR and NIS2 regulations. The absence of a privacy policy, cookie consent mechanisms, and security framework further threatens legal compliance and customer trust. While network security and email configurations are relatively strong, key foundational controls like security headers and DNS protections need improvement. Overall, the current posture is high risk and requires immediate remediation to safeguard sensitive data, ensure regulatory compliance, and maintain business continuity. Addressing these issues promptly will protect the organization from financial losses and operational disruptions. Failure to act could result in severe fines, loss of customer confidence, and increased vulnerability to cyber attacks.

G

Gucci

gucci.com

53

The website's overall security posture is currently poor, primarily due to critical gaps in fundamental security controls such as the absence of HTTPS encryption and essential security headers. This exposes the business to significant risks including data interception, non-compliance with GDPR and NIS2 regulations, and reputational damage. The lack of a cookie consent banner and GDPR-compliant privacy policies further amplify legal exposure. Additionally, key governance elements like incident response, security policies, and vulnerability disclosure are missing, indicating immature security management. While network security and email configurations are relatively strong, they cannot compensate for the critical deficiencies in encryption and compliance. Immediate remediation is necessary to protect sensitive user data, ensure regulatory compliance, and maintain customer trust. Addressing these issues will also reduce potential financial liabilities stemming from data breaches or regulatory penalties.

T

Tur Assist

turassist.com

47

The website's overall security posture is critically weak, with multiple severe vulnerabilities primarily due to the absence of HTTPS encryption and inadequate security headers. The lack of HTTPS not only exposes sensitive data in transit but also results in non-compliance with GDPR and NIS2 regulations, posing significant legal and reputational risks. Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to cross-site scripting and clickjacking attacks. Additionally, the absence of a privacy policy, cookie policy, and consent mechanisms indicates poor GDPR adherence, further risking regulatory penalties. The organization lacks foundational information security documentation, incident response procedures, and business continuity planning, undermining its ability to effectively manage and recover from security incidents. While email and network security appear strong, these do not compensate for the critical gaps in web and data protection. Immediate remediation is essential to protect customer data, maintain trust, and ensure compliance with legal frameworks. Overall, the current security posture exposes the business to high risk of data breaches, regulatory fines, and operational disruptions.

B

Besins Healthcare

besins-healthcare.com

53

The website's overall security posture is currently weak and poses significant risks to both business operations and customer trust. A critical failure to implement HTTPS encryption exposes all data exchanges to interception and undermines compliance with GDPR and NIS2 regulations. The absence of fundamental security policies and incident response procedures further increases vulnerability to cyber threats and regulatory penalties. Weak security headers and missing cookie consent mechanisms exacerbate privacy risks, potentially damaging the company’s reputation. While email security and network security show relatively stronger performance, critical gaps remain in governance and data protection frameworks. Immediate remediation is essential to prevent data breaches, ensure legal compliance, and maintain stakeholder confidence. Without urgent action, the business risks financial loss, regulatory fines, and erosion of customer trust. Strengthening encryption, policies, and compliance measures must be prioritized to safeguard the organization’s digital presence.

C

Christofle

christofle.com

53

The website's overall security posture is currently weak, with critical deficiencies severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical vulnerability affecting user data security, regulatory compliance (GDPR, NIS2), and trustworthiness, exposing the business to legal and reputational risks. Governance around security policies, incident response, and vulnerability management is largely missing, indicating immature cybersecurity processes. GDPR compliance is particularly poor, lacking cookie consent mechanisms and compliant privacy disclosures, which risks regulatory penalties. While email security and network security show reasonably strong implementations, foundational web security headers are incomplete, increasing exposure to content injection and data leakage attacks. DNS security is moderate but could be improved with DNSSEC and CAA records. Immediate remediation of critical issues is required to protect customer data, ensure regulatory compliance, and maintain business continuity.

L

Lorenza Von Stein Luxury Real Estate

lorenzavonstein.com

42

The website's security posture is currently weak and exposes significant risks to both business operations and customer trust. Critical vulnerabilities include the absence of HTTPS encryption, lack of essential email authentication, and missing critical security headers, which collectively leave the site highly susceptible to data interception, phishing, and content injection attacks. Additionally, the absence of GDPR compliance elements such as privacy and cookie policies, along with no cookie consent mechanism, exposes the business to regulatory penalties and reputational damage. The lack of documented information security policies, incident response, and business continuity plans indicates unpreparedness for managing security incidents effectively. While network security and DNS health show relatively better scores, the overall security framework is insufficient for protecting sensitive customer data and ensuring legal compliance. Immediate remediation is necessary to safeguard business continuity, customer trust, and comply with legal requirements. Without urgent action, the business faces increased risks of data breaches, regulatory fines, and operational disruptions.

O

Oceanco

builtbyoceanco.com

50

The website's overall security posture presents significant risks, primarily due to the complete lack of HTTPS encryption, which is flagged as a critical issue across multiple security domains (GDPR, NIS2, SSL/TLS). This exposes the website and its users to data interception and undermines user trust. Additionally, there are severe compliance gaps with GDPR and NIS2 regulations, including missing privacy and cookie policies, lack of cookie consent mechanisms, and absence of essential security governance documents such as incident response and security policies. While network security and security headers are relatively strong, critical foundational elements like encryption and governance are missing, which could lead to regulatory penalties, reputational damage, and increased vulnerability to cyberattacks. The absence of a vulnerability disclosure policy and business continuity planning further exacerbates risks. On a positive note, email security and DNS health receive moderate scores but still require improvements to fully mitigate risks. Immediate remediation is imperative to protect the business, comply with regulations, and maintain customer trust.

M

Multinational Force and Observers

mfo.org

45

The website currently exhibits critical vulnerabilities that severely compromise its security posture, most notably the complete absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. The lack of fundamental security headers such as Content-Security-Policy further increases the risk of cross-site scripting and other client-side attacks. Additionally, non-compliance with GDPR regulations due to missing privacy and cookie policies, as well as absence of cookie consent mechanisms, presents significant legal and reputational risks. Deficiencies in security governance, including missing information security frameworks, incident response procedures, and vulnerability disclosure policies, weaken the organization's ability to detect and respond to cyber threats effectively. Email security measures are partially implemented but require enforcement improvements to prevent phishing and spoofing attacks. DNS configurations lack advanced protections like DNSSEC, which could lead to domain hijacking risks. Overall, the combined technical and compliance gaps place the business at high risk of data breaches, regulatory penalties, and operational disruption.

T

Temenos

avoka.com

49

The website exhibits a severely weak security posture, primarily due to the absence of HTTPS encryption, which is classified as critical across multiple standards including GDPR, NIS2, and SSL/TLS assessments. Key security headers are largely missing, leaving the site vulnerable to attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is notably deficient, with no cookie consent banner, inadequate privacy policies, and lack of documented security and incident response procedures. While network security and DNS health show some strengths, critical email security measures like SPF records are missing, increasing the risk of email spoofing. The overall risk profile exposes the business to regulatory penalties, reputational damage, and potential data breaches. Immediate remediation is necessary to protect customer data, ensure legal compliance, and maintain trust. Without urgent action, the business faces significant operational and financial risks.

P

Peugeot

peugeot.com

47

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, exposing all data in transit to interception and undermining user trust and regulatory compliance. Multiple critical and high-severity issues related to missing essential security headers such as Content-Security-Policy and X-Frame-Options further increase the risk of cross-site scripting and clickjacking attacks. The lack of GDPR compliance artifacts, including privacy policies, cookie consent mechanisms, and third-party privacy transparency, poses significant legal and reputational risks. From a regulatory perspective, the absence of a structured information security framework, incident response, and business continuity plans indicates unpreparedness for security incidents, risking operational disruptions. While network security and email security controls are strong, these positives do not offset fundamental web security deficiencies. DNS security is moderately addressed but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is necessary to protect customer data, maintain compliance, and secure business operations. Without urgent action, the organization faces elevated risks of data breaches, regulatory penalties, and customer trust erosion.

The website's overall security posture is currently poor, with critical vulnerabilities severely impacting confidentiality, integrity, and compliance. The most alarming issue is the complete lack of HTTPS encryption, exposing all data transmissions to interception and manipulation, which also violates GDPR and NIS2 regulatory requirements. The absence of a privacy policy and cookie consent mechanisms further exposes the business to legal and reputational risks under data protection laws. Security headers are partially implemented but miss key protections against common web attacks. Email security configurations like DMARC and DKIM are incomplete, increasing the risk of phishing and spoofing. Although network security and DNS health are relatively strong, foundational web security controls and compliance frameworks are lacking. Immediate remediation is necessary to protect customers, maintain trust, and avoid regulatory penalties. This assessment highlights critical gaps in both technical defenses and governance policies that must be addressed promptly.

H

Hazera

hazera.com

50

The website's overall security posture is currently at significant risk, primarily due to the complete lack of HTTPS encryption, which is critical for protecting data in transit and maintaining user trust. Multiple critical and high-severity issues indicate gaps in compliance with GDPR and NIS2 regulations, including missing privacy and cookie policies, absence of a cookie consent banner, and lack of security documentation and incident response procedures. While email security and network security show strong scores, foundational web security controls such as Content-Security-Policy headers and security frameworks are missing or weak. The absence of HTTPS not only affects security but also business credibility, search engine rankings, and regulatory compliance. Additionally, DNS security enhancements like DNSSEC are not enabled, increasing exposure to DNS-based attacks. The lack of clear privacy policies and consent mechanisms also poses legal and reputational risks. Immediate remediation is essential to safeguard customer data, ensure compliance, and protect the business from cyber threats and regulatory penalties.

W

Wyser

wyser-search.com

47

The website's current security posture is critically weak, with multiple severe vulnerabilities exposing it to significant risk. The absence of HTTPS encryption is a fundamental flaw, affecting data confidentiality and trust, and violates GDPR and NIS2 requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing exposure to common web attacks like XSS and protocol downgrade attacks. GDPR compliance is notably poor, lacking essential elements like a cookie policy and consent mechanisms, which can lead to regulatory fines and reputational damage. The absence of documented information security frameworks, security policies, and incident response procedures indicates immature organizational security governance. While email security and network security are relatively strong, this does not compensate for the critical gaps in web application and data protection. Immediate remediation is necessary to protect customer data, maintain regulatory compliance, and preserve business reputation. Without swift action, the organization risks data breaches, regulatory penalties, and loss of customer trust.

I

Inside Systems A/S

insidesystems.com

50

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data in transit to interception and manipulation. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. GDPR compliance is severely lacking, with no cookie policy or consent banner, potentially leading to regulatory penalties and loss of customer trust. The absence of an information security framework, incident response procedures, and security policy documentation further exacerbates the organization's vulnerability to cyber threats and operational disruptions. While email and network security are strong, these isolated strengths do not mitigate the critical risks posed by the core deficiencies. The low scores in NIS2 compliance indicate the organization is unprepared to meet mandatory cybersecurity standards, risking legal and financial consequences. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company's reputation. Failure to address these issues may result in data breaches, regulatory fines, and significant business disruption.

A

AFIMAC Global

afimacglobal.com

45

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. Key deficiencies include the complete lack of HTTPS encryption, absence of essential security headers, and non-compliance with GDPR requirements such as missing cookie policies and consent mechanisms. Furthermore, the organization lacks foundational NIS2 framework elements like incident response procedures and security policy documentation, highlighting immature security governance. While email security and network security show relatively strong scores, critical SSL/TLS and web application security gaps undermine these strengths. Immediate remediation is crucial to protect customer data, ensure regulatory compliance, and maintain trust. Without swift action, the business risks financial loss, legal consequences, and operational disruptions. This assessment clearly indicates the need for urgent investment in web security controls and governance frameworks.

N

NEOFA

neofa.com

35

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical issues include the complete lack of HTTPS encryption, which undermines all data confidentiality and integrity. The absence of essential security headers and policies leaves the site vulnerable to common web attacks such as clickjacking, cross-site scripting, and content injection. Furthermore, the lack of GDPR compliance elements such as privacy and cookie policies, and missing consent mechanisms, poses legal risks and potential fines. Deficiencies in NIS2 compliance and incident response planning highlight gaps in organizational readiness to address and recover from security incidents. While network security is strong, foundational elements like DNS health and email authentication require improvement to prevent domain spoofing and phishing. Immediate remediation is essential to protect customers, maintain trust, and comply with legal obligations.

M

Magtor

magtor.tech

34

The website's security posture is critically weak, exposing the business to significant operational, reputational, and compliance risks. The absence of HTTPS encryption across the site is the most alarming vulnerability, leaving all data transmissions unprotected and potentially interceptable by attackers. Critical gaps exist in compliance with GDPR and NIS2 regulations, including missing privacy policies, cookie consent mechanisms, and essential security documentation, which could result in hefty regulatory penalties. Email systems lack fundamental authentication protocols, increasing the risk of phishing and spoofing attacks that could damage brand trust. The website also exposes high-risk services like FTP, which are known vectors for compromise. Additionally, basic security headers are misconfigured or absent, increasing susceptibility to common web-based attacks. Overall, the current security state undermines customer trust and business continuity. Immediate remediation is essential to protect sensitive data, maintain regulatory compliance, and safeguard the company’s digital assets.

A

AppList Media

applistmedia.com

41

The website exhibits a severely deficient security posture with multiple critical vulnerabilities, most notably the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation. The absence of foundational security headers and policies increases susceptibility to common web attacks such as clickjacking, content sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is substantially lacking, risking legal penalties and reputational damage due to missing privacy policies, cookie consent mechanisms, and security governance documentation. Email security mechanisms like DMARC and DKIM are partially implemented but not enforced, increasing phishing risks. While network security and DNS health appear relatively robust, the critical gaps in secure communication and regulatory adherence overshadow these strengths. Immediate remediation is essential to protect customer data, maintain trust, and ensure regulatory compliance. Failure to act promptly could result in data breaches, regulatory fines, and loss of customer confidence.

F

fortepharmashop-int

fortepharma.com

48

The website's overall security posture reveals significant critical vulnerabilities that pose immediate risks to business operations and compliance. The absence of HTTPS encryption is a critical failure affecting data confidentiality, user trust, and regulatory compliance, notably GDPR and NIS2 requirements. Key governance frameworks, such as information security policies, incident response, and business continuity plans, are missing, undermining the organization's ability to manage and recover from security incidents. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking regulatory penalties and reputational damage. Network security and DNS health are relatively strong, but email security can be improved to reduce phishing and spoofing risks. Security headers are partially implemented but require strengthening to enhance protection against web-based attacks. Immediate remediation efforts should focus on establishing fundamental security controls and compliance documentation to safeguard the business and its customers.

S

SwissBorg

swissborg.com

53

The website exhibits a severely weak security posture with critical deficiencies in fundamental areas such as HTTPS encryption, GDPR compliance, and adherence to NIS2 cybersecurity directives. Absence of HTTPS encryption exposes data in transit to interception, posing significant risks to user privacy and trust. The lack of cookie policy and consent mechanisms highlights potential legal non-compliance risks under GDPR, increasing exposure to regulatory penalties. Security governance is notably inadequate, with missing incident response, vulnerability disclosure, and security policy documentation, creating vulnerabilities to cyber threats and operational disruptions. While network and email security appear strong, critical gaps in security headers and DNS configurations further weaken defenses. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and uphold the organization’s reputation. Without swift action, the business faces increased risk of data breaches, legal liabilities, and loss of customer confidence.

O

OptimaT

optimat.be

46

The website's security posture is currently at high risk, with multiple critical and high-severity issues that directly impact business operations and regulatory compliance. Notably, the absence of HTTPS encryption exposes sensitive data to interception, undermining user trust and violating legal requirements such as GDPR and NIS2. Missing key security headers (Strict-Transport-Security, X-Frame-Options, Content-Security-Policy) increases vulnerability to common web attacks. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially for EU customers. Additionally, the organization lacks foundational information security frameworks, incident response procedures, and business continuity plans, indicating immature security governance. Although email security and network security show moderate to good standing, critical gaps in SSL/TLS and GDPR compliance drastically overshadow these positives. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and secure business operations. The overall security readiness score reflects urgent need for comprehensive security improvements and policy implementations.

C

Capefront Energies

naurexgroup.com

48

The website exhibits a poor overall security posture with critical vulnerabilities significantly impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical failure, exposing user data to interception and undermining trust. Missing key security headers such as Content-Security-Policy and X-Frame-Options increase the risk of cross-site scripting and clickjacking attacks. GDPR compliance is insufficient due to the lack of a cookie consent banner and incomplete privacy policy, risking regulatory penalties and reputational damage. The site also lacks essential NIS2 mandate elements including security policies, incident response procedures, and a vulnerability disclosure policy, indicating immature cybersecurity governance. Email security gaps, notably the missing DMARC record, increase the risk of phishing and email spoofing attacks. DNS security is relatively strong but could be improved with DNSSEC and CAA record implementation. Overall, urgent remediation is needed to protect customer data, ensure regulatory compliance, and maintain business continuity.

I

IFA Paris

ifaparis.com

50

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data-in-transit security and violating GDPR and NIS2 requirements. Key security controls such as Content-Security-Policy and cookie management are missing, increasing the risk of cross-site scripting and privacy violations. Compliance with GDPR and NIS2 frameworks is severely lacking, with no cookie policy, consent mechanisms, or documented security and incident response policies in place. While email security and DNS health show relative strength, critical gaps in foundational network and transport layer security remain. Immediate remediation is needed to protect customer data, meet regulatory obligations, and maintain business continuity. Without urgent action, the organization faces heightened risks of cyberattacks, legal penalties, and loss of customer trust. The current security controls score poorly overall, with especially low marks in GDPR and NIS2 compliance modules, reflecting a need for a comprehensive security and compliance program.

E

Engineering Search Firm

esf.careers

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and missing key security headers leave user data vulnerable to interception and attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including privacy policies and cookie consent mechanisms, further increases legal exposure. Additionally, there is a severe deficiency in adherence to NIS2 requirements, with no security frameworks, incident response plans, or security policies documented. While network security and email security show relatively strong scores, foundational SSL/TLS protections and DNS security features like DNSSEC are inadequate or missing. Immediate remediation is essential to protect sensitive customer information, comply with regulations, and maintain trust. Without swift action, the business risks financial penalties and operational disruptions.

F

FlyPrivate

flyprivate.com

50

The website’s current security posture exhibits significant vulnerabilities that expose the business to substantial risks, particularly due to the absence of HTTPS encryption which is flagged as critical across multiple compliance frameworks including GDPR, NIS2, and SSL/TLS standards. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing the risk of web-based attacks like clickjacking and cross-site scripting. Compliance with GDPR is severely lacking, with no cookie policy or consent mechanism in place, potentially exposing the business to regulatory fines and reputational damage. Additionally, the absence of documented security policies, incident response procedures, and vulnerability disclosure mechanisms under NIS2 requirements indicates immature information security governance. While email and network security are strong points, foundational gaps in encryption and security headers undermine overall defenses. The DNS configuration is moderately healthy but could be improved with DNSSEC and CAA records. Immediate remediation is needed to protect customer data, ensure regulatory compliance, and safeguard business continuity. Without prompt action, the business faces operational disruptions, legal penalties, and loss of customer trust.

E

Endeavour Mining plc

endeavourmining.com

49

The website exhibits significant security and compliance deficiencies that pose substantial business and legal risks. The absence of HTTPS encryption is a critical vulnerability, exposing all data transmissions to interception and undermining user trust, while also violating GDPR and NIS2 regulations. Lack of foundational GDPR compliance elements such as Privacy Policy, Cookie Policy, and Consent Banner further exposes the organization to regulatory penalties and reputational damage. Security governance is weak, with no documented security policies, incident response plans, or vulnerability disclosure processes, compromising the organization's ability to manage and respond to threats effectively. Email security is moderate but requires enhancements to prevent phishing and spoofing attacks. While network security posture is strong, other security controls like HTTP security headers and DNS configurations show room for improvement. Immediate remediation is necessary to safeguard sensitive data, comply with legal requirements, and maintain customer confidence. Addressing these issues will substantially reduce risk exposure and support sustainable business operations.

V

Vertex Pharmaceuticals

vrtx.com

42

The website's overall security posture is currently weak and exposes the business to significant risks, especially regarding data protection and regulatory compliance. Critical issues such as the absence of HTTPS encryption severely compromise data confidentiality and trustworthiness. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses legal and reputational risks. Additionally, essential cybersecurity frameworks and incident response plans required by NIS2 are missing, indicating unpreparedness for cyber incidents. Email security protocols are partially implemented but require strengthening to prevent phishing and spoofing attacks. DNS-related vulnerabilities, including potential subdomain takeover and missing DNSSEC, increase attack surface exposure. While network security is strong, foundational security controls like security headers are incomplete, further increasing vulnerability to common web-based attacks. Immediate remediation is crucial to safeguard customer data, ensure regulatory compliance, and protect brand reputation.

F

Ferrari

ferrari.com

60

The website's overall security posture reveals critical vulnerabilities that pose significant business risks, particularly the absence of HTTPS encryption, which undermines data confidentiality and user trust. Compliance with GDPR and NIS2 regulations is substantially lacking, exposing the business to potential legal penalties and reputational damage. While network security and email security measures are strong, critical gaps in security governance, incident response, and data protection frameworks leave the organization vulnerable to cyber threats and compliance violations. Low-scoring GDPR and NIS2 modules indicate urgent need for policy, procedural, and technical controls improvements. The presence of weak referrer policies and caching sensitive data further increase the risk of information leakage. Without immediate remediation, these issues could lead to data breaches, regulatory fines, and erosion of customer confidence. Prioritizing encryption, compliance measures, and incident management will be essential to strengthening the security posture and safeguarding business interests.

B

Banque Palatine

palatine.fr

47

The website's security posture exhibits significant critical vulnerabilities, particularly the absence of HTTPS encryption, which poses severe risks to data confidentiality and regulatory compliance. Critical GDPR compliance gaps, including missing privacy and cookie policies and lack of a cookie consent banner, expose the business to potential legal penalties and reputational damage within the EU market. The lack of foundational security policies and incident response procedures further increases operational risk and undermines stakeholder trust. While network security measures appear strong, key headers like X-Frame-Options are missing, increasing susceptibility to clickjacking attacks. Email security and DNS configurations are moderately sound but can be improved to prevent phishing and DNS spoofing threats. Overall, the current state demands urgent remediation to secure customer data, ensure compliance with regulations such as GDPR and NIS2, and protect the business from cyber threats and legal consequences. Addressing these issues promptly will safeguard the organization’s reputation and maintain customer trust.