Security Directory

F

FLOORENOV

floorenov.com

42

The website's overall security posture is currently poor, with critical weaknesses severely exposing the business to data breaches, regulatory violations, and operational risks. The absence of HTTPS encryption is a fundamental and critical flaw, undermining all data confidentiality and integrity and violating GDPR and NIS2 compliance requirements. Key security headers like Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to XSS and clickjacking attacks. GDPR compliance is notably deficient, lacking privacy and cookie policies as well as consent mechanisms, which risks significant legal penalties and reputational damage. The lack of an established information security framework, incident response, and business continuity plans further increases organizational risk exposure. Email authentication is critically weak, opening the door to phishing and spoofing threats. While network security and DNS configurations show strengths, they cannot compensate for core HTTPS and policy deficiencies. Immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

O

OceanaGold

oceanagold.com

47

The website's overall security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all site visitors and transactions. Key security headers are either missing or weakly configured, increasing susceptibility to attacks such as clickjacking, cross-site scripting (XSS), and content injection. Compliance with GDPR and NIS2 regulations is notably lacking, particularly concerning cookie policies, consent mechanisms, and documented security frameworks, putting the business at risk of legal consequences. While the network security and DNS health are relatively strong, email security shows room for improvement, especially with DMARC enforcement. Immediate action is required to remediate critical and high-severity issues to protect customer data, maintain trust, and ensure regulatory compliance. Without prompt remediation, the organization faces heightened risks of cyber incidents and potential operational disruption.

The website exhibits a severely deficient security posture, particularly in critical areas such as encryption, data privacy compliance, and incident preparedness. The absence of HTTPS encryption poses an immediate and significant risk, exposing sensitive user data to interception and undermining customer trust. Critical GDPR compliance gaps—including missing privacy and cookie policies and lack of consent mechanisms—expose the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework and incident response procedures under NIS2 requirements indicates unpreparedness for cyber incidents, increasing operational risk. While network security and email security show moderate strength, key improvements are needed to align with industry standards and legal mandates. Overall, urgent remediation is required to protect customer data, comply with regulations, and safeguard business continuity. Immediate focus on encryption and privacy policies will significantly reduce risk and enhance stakeholder confidence.

N

NOVAX®PHARMA

novaxpharma.com

42

The website's overall security posture is poor, with critical vulnerabilities exposing it to significant risks including data interception, regulatory non-compliance, and potential breaches. The absence of HTTPS encryption is a critical failure that undermines all data confidentiality and integrity, making user data vulnerable to interception and tampering. Missing essential security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options increase the risk of web-based attacks like clickjacking, cross-site scripting, and content injection. Compliance with GDPR and NIS2 regulations is severely lacking, with missing privacy policies, cookie consent mechanisms, and documented security procedures, exposing the organization to potential legal penalties and reputational damage. The presence of high-risk exposed services like FTP further elevates the risk profile by offering attackers easy entry points. While email security scores well, other core security domains require urgent remediation. Immediate focus is needed on encryption, policy documentation, and service hardening to protect business operations and customer trust.

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical vulnerabilities such as the absence of HTTPS encryption and missing core security headers leave user data and communications unprotected. The lack of privacy policies and cookie consent mechanisms violates GDPR requirements, increasing legal exposure. Additionally, key information security controls and incident response procedures are missing, indicating immature cybersecurity governance. Exposure of high-risk services like FTP further increases attack surface and potential compromise. While email security and DNS health show some strengths, these are overshadowed by critical gaps in encryption and compliance. Immediate remediation is essential to safeguard customer trust, comply with regulations, and protect business continuity. Without urgent action, the organization risks severe financial and operational consequences from cyber incidents or regulatory penalties.

M

Michael Jensen

communicate-network-consult.net

43

The website's overall security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant cybersecurity risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability that jeopardizes data confidentiality and undermines customer trust, directly impacting business reputation and compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking and cross-site scripting. There is a complete lack of fundamental privacy and security policies, including GDPR-mandated cookie and privacy policies, which could lead to legal penalties and loss of customer confidence. Exposure of critical services like MySQL and FTP without proper protections presents a high risk of data breaches. DNS and network configurations are suboptimal, with DNSSEC not enabled and insecure services exposed. Although email security is strong, the absence of incident response and business continuity plans leaves the organization vulnerable to prolonged downtime during security incidents. Immediate remediation is critical to protect both business operations and customer data integrity.

K

KeeSystem

keesystem.com

35

The website's overall security posture is critically weak, exposing it to significant risks including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption is a fundamental flaw, compromising data confidentiality and user trust. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking legal consequences and reputational damage. Network security is inadequate with critical services like MySQL and FTP exposed publicly, heightening the risk of unauthorized access. Incident response and information security frameworks are either absent or insufficient, limiting the organization’s ability to detect and respond to threats. Email security measures such as DMARC and DKIM are partially implemented but need strengthening to prevent phishing and spoofing. Immediate remediation is essential to safeguard business operations, comply with regulations, and maintain customer trust.

The website demonstrates a generally moderate security posture but contains one critical vulnerability that requires immediate attention. The absence of HTTPS encryption severely compromises data confidentiality and integrity, exposing users and the business to interception and man-in-the-middle attacks. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and incomplete email security configurations increase regulatory and reputational risks. DNS security is adequate but can be improved by enabling DNSSEC and configuring CAA records. Encouragingly, network security measures are robust, scoring 100/100. Overall, while foundational defenses exist, the critical SSL/TLS weakness and compliance gaps pose significant threats to business continuity and customer trust. Addressing these issues promptly will strengthen security posture and regulatory compliance, protecting both business assets and customer data.

F

Family Office Exchange

familyoffice.com

51

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing user data and communications to interception and manipulation. Significant compliance gaps exist, particularly with GDPR and NIS2 directives, risking legal penalties and reputational damage. Security headers are inadequately configured, leaving the site vulnerable to common web-based attacks such as cross-site scripting. While email security and network security are strong, foundational elements like incident response, security policies, and vulnerability disclosure frameworks are missing, undermining the organization's ability to detect, respond to, and mitigate threats effectively. DNS security is moderate but could be improved to reduce risks of DNS spoofing and related attacks. The absence of cookie management controls and transparency further increases regulatory non-compliance risk. Immediate remediation is essential to protect business continuity, customer trust, and regulatory standing.

The website's security posture is currently weak and exposes the business to significant risks, primarily due to the lack of HTTPS encryption and critical security headers. Absence of HTTPS not only undermines data confidentiality and integrity but also violates GDPR and NIS2 compliance requirements, risking legal penalties and loss of customer trust. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing vulnerability to cross-site scripting and clickjacking attacks. The website also lacks essential GDPR compliance elements including a cookie policy and consent mechanisms, exposing the business to regulatory fines. Incident response, information security frameworks, and security policy documentation are absent, which can hamper timely detection and mitigation of security incidents. While email security and network security have relatively strong scores, foundational web security and compliance gaps are critical and require immediate attention. Improving these areas will protect customer data, enhance trust, and reduce potential financial and reputational damage.

R

RMConsulting

rmconsulting.be

49

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Most notably, the absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and integrity, violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing the risk of cross-site scripting (XSS) and clickjacking attacks. The lack of security policies, incident response plans, and business continuity strategies demonstrates immature cybersecurity governance. GDPR compliance is insufficient, notably missing a cookie consent banner and proper privacy documentation, which could lead to legal penalties. Exposed high-risk services like FTP increase the attack surface. While email security and DNS health are relatively strong, they do not compensate for foundational weaknesses. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and meet regulatory obligations.

B

Bentley Systems

legion.com

50

The website's security posture is currently weak and exposes the business to significant risks, notably due to lack of HTTPS encryption, absence of key GDPR compliance elements, and deficient information security governance. Critical vulnerabilities, including no HTTPS, missing privacy and cookie policies, and absence of incident response procedures, pose threats to data confidentiality, regulatory compliance, and customer trust. While network security and email security configurations are strong, foundational protections such as security headers and DNS configurations require improvement. The lack of GDPR-related policies and consent mechanisms increases legal and reputational risks, particularly in data privacy jurisdictions. Additionally, missing security framework documentation and vulnerability disclosure policies hinder the organization’s ability to manage and respond to cyber incidents effectively. Overall, urgent remediation is needed to protect sensitive information, meet compliance obligations, and safeguard business continuity. Immediate attention to encryption, policy development, and security controls will significantly reduce risk exposure.

F

FITT

interplast.mc

37

The website's security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Notably, the absence of HTTPS encryption is a critical vulnerability that jeopardizes all data in transit and severely undermines user trust. Key security headers are largely missing, increasing the risk of cross-site scripting, clickjacking, and content injection attacks. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent exposes the business to potential legal penalties. The absence of a formal information security framework, incident response procedures, and security policies indicates immature security governance. Email security mechanisms like DMARC and DKIM are weak or missing, raising the risk of phishing and email spoofing. While DNS and network security show some strengths, critical gaps remain, such as the exposure of SSH services. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust.

I

InfraOpS

infraops.fr

37

The website's security posture is critically weak, exposing the business to significant risk both technically and legally. The absence of HTTPS encryption and critical security headers like Strict-Transport-Security and Content-Security-Policy leaves user data vulnerable to interception and attacks such as man-in-the-middle and clickjacking. Moreover, the lack of GDPR compliance measures including privacy and cookie policies, as well as consent mechanisms, exposes the business to regulatory penalties, especially given the EU presence. The missing NIS2 security framework and incident response plans indicate inadequate preparedness for cyber incidents, increasing downtime and reputational damage risks. Email security weaknesses, such as missing DMARC and DKIM records, heighten the risk of email spoofing and phishing attacks targeting customers and partners. DNS health is moderate but could be improved with DNSSEC to prevent DNS attacks. Although network security posture is strong, this does not compensate for the critical gaps in web security and compliance. Immediate remediation is essential to protect customer trust, ensure regulatory compliance, and safeguard business continuity.

The website exhibits a severely compromised security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, service disruption, and regulatory penalties. The absence of HTTPS encryption is a critical flaw impacting data confidentiality and user trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. Compliance gaps with GDPR and NIS2 frameworks pose legal and operational risks, especially due to missing privacy policies and incident response procedures. Exposure of critical backend services like MySQL and PostgreSQL to the internet further elevates the risk of unauthorized access and data theft. Although email security and DNS health show relatively better scores, these strengths are overshadowed by critical network and application layer weaknesses. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory sanctions. Overall, urgent investment in security infrastructure and governance is required to stabilize the environment and reduce business risk.

E

Eurimpex MDD

eurimpexmdd.com

42

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting data confidentiality and integrity, highlighted as a critical issue across multiple frameworks (GDPR, NIS2, SSL/TLS). Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. There is a complete lack of privacy and cookie policies, which not only undermines user trust but also violates GDPR requirements, potentially resulting in heavy fines. The security governance framework is also deficient, with no documented incident response, security policies, or vulnerability disclosure processes, leaving the business ill-prepared for cyber incidents. Email security is partially implemented but lacks essential authentication mechanisms, increasing the risk of phishing and spoofing. DNS and network security are relatively stronger areas but cannot compensate for the critical gaps elsewhere. Immediate remediation is required to protect customer data, ensure compliance, and safeguard business continuity.

B

Best Western Plus Casino Royale Hotel

casinoroyalehotel.com

45

The website's overall security posture is critically weak, with multiple high and critical severity issues posing significant risks to business operations and compliance. The absence of HTTPS encryption represents an immediate threat to data confidentiality and integrity, undermining user trust and exposing sensitive information to interception. Key security headers are missing, leaving the site vulnerable to common web attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. GDPR compliance is severely lacking, increasing regulatory and legal risks due to missing cookie policies, consent mechanisms, and privacy safeguards. The lack of an established information security framework, incident response procedures, and business continuity plans further exacerbates operational risks under the NIS2 directive. While network security and email security show some strengths, critical gaps in SSL/TLS implementation and DNS security reduce overall trustworthiness. Urgent remediation is required to protect user data, ensure regulatory compliance, and maintain business continuity in the face of evolving cyber threats.

E

Engeco Engenharia e Construção LTDA

engeco.com.br

38

The website's overall security posture is critically weak, with multiple high and critical severity issues spanning encryption, compliance, and network exposure. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a fundamental risk. Key security headers that protect against common web attacks are missing, increasing vulnerability to clickjacking, MIME sniffing, and cross-site scripting. Compliance deficiencies, particularly with GDPR and NIS2 regulations, pose significant legal and reputational risks due to missing privacy policies, cookie consent, and documented security policies. Network services such as FTP and MySQL are exposed without adequate controls, presenting easy attack vectors for unauthorized access. While email security and DNS health show relatively better scores, critical gaps in vulnerability disclosure, incident response, and business continuity planning further weaken organizational resilience. Immediate attention is required to establish a secure baseline, ensure regulatory compliance, and protect customer data to maintain trust and avoid costly breaches.

S

SCC

scc.com

51

The website's overall security posture is currently inadequate, with critical deficiencies that expose the business to significant risks. The absence of HTTPS encryption represents a severe vulnerability, impacting data confidentiality, user trust, and regulatory compliance. Furthermore, the lack of a privacy policy, cookie policy, and consent mechanisms places the business at high risk of GDPR non-compliance, potentially resulting in regulatory penalties and reputational damage. The site also lacks foundational information security governance elements such as security policies, incident response procedures, and business continuity planning, severely weakening its resilience to cyber threats. While network and email security show strong performance, critical gaps in encryption and legal compliance overshadow these strengths. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and comply with relevant regulations such as GDPR and NIS2. Addressing these issues will significantly reduce legal liabilities and enhance overall cyber defense capabilities.

N

Namebay

namebay.com

48

The website's security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Additionally, missing GDPR compliance elements such as privacy and cookie policies, along with a lack of consent mechanisms, expose the business to legal penalties and customer trust erosion. Security governance is weak, with no documented incident response, security policies, or vulnerability disclosure processes, increasing the risk of unmanaged security incidents. Security headers are partially implemented but lack essential protections against common web attacks. Network-level controls are strong, but this does not offset the critical application-layer and compliance deficiencies. Immediate remediation is required to safeguard customer data and meet regulatory requirements. Without prompt action, the business faces heightened operational and legal risks.

I

Icon Connect

iconconnect.com

47

The website's overall security posture is critically weak, with significant gaps in foundational security controls and compliance requirements. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining user trust. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. Compliance with GDPR is poor, lacking a cookie policy, consent mechanisms, and sufficient privacy disclosures, exposing the business to regulatory penalties. The NIS2 directive requirements are largely unmet, with no documented security frameworks, incident response plans, or business continuity strategies. While email security and network posture are relatively strong, these do not compensate for the critical web and compliance deficiencies. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent action, the business faces heightened cyber risk, legal exposure, and reputational damage.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is the most severe vulnerability, risking data interception and undermining customer trust. Missing fundamental security headers further exposes the platform to common web attacks such as clickjacking, cross-site scripting, and content injection. Non-compliance with GDPR, especially lacking cookie policies and consent mechanisms, increases legal and financial liabilities. The exposure of critical services like MySQL and FTP without adequate protections heightens the risk of unauthorized access and data loss. Additionally, the lack of documented security policies, incident response plans, and business continuity strategies indicates poor preparedness for cyber incidents. While email security scores well, network security and governance frameworks are significantly lacking, undermining overall resilience. Immediate remediation is essential to protect business reputation, customer data, and ensure regulatory compliance.

The website's security posture is currently poor and exposes the business to significant risks, including data breaches, regulatory non-compliance, and operational disruptions. Critical vulnerabilities such as the complete lack of HTTPS encryption and exposure of critical services like MySQL and FTP pose immediate threats to data confidentiality and integrity. Missing key security headers and policies increase the likelihood of web-based attacks such as clickjacking, content injection, and cross-site scripting. Additionally, the absence of GDPR compliance elements like privacy policies and cookie consent can lead to regulatory penalties and damage to brand reputation. The lack of defined information security frameworks, incident response, and business continuity planning further exacerbates the organization's exposure to cyber threats and slows recovery from incidents. Email security and DNS configurations are moderately strong but require improvements to align with best practices. Overall, urgent remediation is required across infrastructure, compliance, and web application security to protect business assets and customer trust.

V

Valeo

valeo.com

54

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

S

Sophia Business Angels

sophiabusinessangels.com

40

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability impacting user data confidentiality and trust. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, cross-site scripting (XSS), and content injection. The site also lacks essential GDPR compliance elements like privacy policies and cookie consent, risking substantial legal penalties. Organizational security governance under NIS2 directives is severely lacking with no incident response, security policies, or information security framework in place. While email security and DNS health show moderate strengths, they are insufficient to mitigate the broader critical deficiencies. Immediate remediation is required to protect customer data, meet regulatory requirements, and maintain business continuity. Without urgent improvements, the business faces heightened risk of cyber incidents and regulatory sanctions.

R

Riviera Marine S.A.M.

rivieramarine.mc

47

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is a critical vulnerability, undermining data confidentiality and trust, and violating GDPR and NIS2 requirements. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy further increase exposure to common web attacks like clickjacking and cross-site scripting. The lack of a cookie consent banner and incomplete GDPR compliance could result in legal penalties and reputational damage. Additionally, no formal security frameworks, incident response processes, or business continuity plans are in place, leaving the organization ill-prepared for security incidents. The exposure of high-risk services like FTP introduces unnecessary attack vectors. While email security and DNS health show relatively better scores, critical gaps remain. Immediate remediation is crucial to protect customer data, maintain regulatory compliance, and safeguard business continuity.

B

Balt Group

balt.fr

50

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

P

ProTech Monte-Carlo

protech.mc

42

The website's overall security posture is critically weak, with major deficiencies in foundational security controls such as HTTPS encryption and essential security headers. Lack of HTTPS exposes user data to interception and undermines trust, while missing security headers increase vulnerability to common web attacks like clickjacking and XSS. Additionally, the absence of GDPR compliance elements such as Privacy and Cookie Policies and consent mechanisms risks regulatory penalties and damages customer trust. The site also lacks critical NIS2 framework components including incident response, security policies, and business continuity plans, which could impair the organization's ability to respond to and recover from cyber incidents. While email security and network security show relatively strong scores, the critical gaps in encryption and policy documentation represent immediate threats to business continuity and reputation. Overall, urgent remediation is needed to secure customer data, ensure regulatory compliance, and protect the business from reputational and financial harm. Failure to act promptly may result in data breaches, legal consequences, and loss of customer confidence.

N

Nyetimber Limited

nyetimber.com

45

The website exhibits a critically weak security posture with multiple severe vulnerabilities that expose it to significant risks including data breaches, compliance violations, and service interruptions. The absence of HTTPS encryption, flagged as critical across SSL/TLS, GDPR, and NIS2 compliance areas, is the most alarming issue, leaving all data transmissions vulnerable to interception and manipulation. Key security headers critical for protecting against common web attacks are missing, increasing the risk of clickjacking, content injection, and cross-site scripting attacks. GDPR compliance is poor, notably lacking a cookie consent mechanism and potentially non-compliant privacy policies, which could result in regulatory penalties and damage to customer trust. NIS2 directives are largely unmet, with no documented security policies, incident response plans, or information security frameworks, exposing the business to operational risks and regulatory enforcement. Email security is moderately better but still incomplete, with missing DKIM records and weak DMARC enforcement that could facilitate phishing attacks. DNS security is fairly strong, but the absence of DNSSEC and CAA records leaves some attack vectors open. Network security within the infrastructure is solid, providing a good foundation to build upon. Immediate attention is required to address critical encryption and compliance gaps to protect the business, customers, and reputation.

The website security assessment reveals a critical vulnerability due to the lack of HTTPS encryption, exposing all data in transit to interception and manipulation. While the overall network security posture is strong, there are multiple medium-level issues including missing security headers, absence of DNSSEC, and failure to implement GDPR and NIS2 compliance measures. The absence of DKIM records increases the risk of email spoofing and phishing attacks, potentially damaging brand reputation. Low-level issues like missing CAA records further reduce DNS security hardening. These combined gaps indicate insufficient protection against common web threats and regulatory compliance risks, which could lead to data breaches, legal penalties, and loss of customer trust. Immediate action to secure communications and meet compliance requirements is essential to safeguard business continuity and credibility. Strengthening email authentication and DNS configurations will also reduce attack surface and improve resilience.

P

Phoenix Hotel Management Company

phoenixhmc.com

38

The website's overall security posture is critically weak, exposing the business to significant risks from data breaches, regulatory penalties, and operational disruptions. Key foundational controls such as HTTPS encryption, security headers, and incident response mechanisms are missing, leaving data vulnerable in transit and at rest. Compliance with GDPR and NIS2 regulations is severely lacking, increasing legal and financial exposure. Sensitive services like MySQL and PostgreSQL are openly accessible, creating high-risk attack vectors. Although email security and DNS health are relatively stronger, critical gaps in network and application security overshadow these strengths. Immediate remediation is essential to protect customer data, maintain trust, and ensure regulatory compliance. Without urgent action, the business faces potential data loss, reputational damage, and costly fines. Strengthening security controls will also support business continuity and resilience against cyber threats.

T

Tyrus Capital

tyruscap.com

55

The website's overall security posture exhibits significant critical weaknesses, particularly the complete absence of HTTPS encryption, which exposes all transmitted data to interception and undermines regulatory compliance. Governance frameworks such as GDPR and NIS2 are poorly implemented, reflected in low scores and missing key elements including cookie consent, security policies, and incident response plans. While network security and email security show relative strength, critical gaps in secure communications and policy frameworks present substantial operational and reputational risks. The lack of GDPR-compliant privacy practices further increases the risk of regulatory penalties and customer trust erosion. Security headers are moderately implemented but missing important controls like the Permissions-Policy header. DNS security is partially addressed but lacks DNSSEC and CAA records, which could expose domain-related attacks. Immediate remediation is required to ensure data confidentiality, regulatory compliance, and resilience against cyber threats.

V

Venturi

venturi.fr

35

The website exhibits a severely deficient security posture, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and email authentication mechanisms leave communications vulnerable to interception and spoofing. Missing essential security headers and lack of incident response procedures further increase susceptibility to attacks like clickjacking, cross-site scripting, and prolonged downtime. Non-compliance with GDPR, including the absence of a cookie policy and consent mechanisms, exposes the business to legal penalties, especially given its EU operations. Although network security and DNS health show relatively strong scores, they cannot compensate for fundamental weaknesses in data protection and web security. Immediate remediation is necessary to protect customer data, maintain trust, and comply with regulatory requirements. Without prompt action, the business risks operational disruption, financial loss, and erosion of customer confidence.

R

RAX Group

pharmed-sam.net

44

The website's overall security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks. The absence of HTTPS encryption is a critical flaw, undermining data confidentiality and user trust while violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing exposure to common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is weak, lacking a privacy policy and cookie consent mechanisms, which may result in regulatory penalties and reputational damage. The lack of documented security policies, incident response, and business continuity plans highlights insufficient organizational security maturity. While DNS and network security are relatively strong, critical gaps in email security and vulnerability management remain. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and preserve brand reputation. Investment in security governance and technical controls is urgently required to mitigate these risks effectively.

The website’s security posture reveals significant vulnerabilities that pose substantial risks to business operations and customer trust. The most critical concern is the absence of HTTPS encryption, exposing all data transmissions to interception and tampering, which can lead to data breaches and regulatory penalties. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and inadequate email security measures further increase exposure to cyber threats and legal non-compliance. While network security and DNS health scores are relatively strong, DNSSEC and CAA records gaps could allow DNS spoofing or certificate mis-issuance attacks. Immediate remediation is necessary to protect sensitive data, maintain regulatory compliance, and uphold the company’s reputation. Addressing these issues will significantly reduce the risk of cyber incidents and enhance customer confidence in the website’s security. Overall, the website is at moderate to high risk until critical and medium vulnerabilities are resolved.

S

Société Générale des Travaux du Maroc (SGTM)

sgtm-maroc.com

39

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption across the site is a glaring critical vulnerability, undermining data confidentiality and trust. Key security headers are missing, increasing susceptibility to clickjacking, cross-site scripting, and content injection attacks. GDPR compliance is severely lacking, with no privacy or cookie policies and no consent mechanisms, risking heavy fines and reputational damage. Critical network services like MySQL and FTP are exposed without adequate protection, opening doors to unauthorized access and data exfiltration. The organization lacks foundational security policies, incident response plans, and vulnerability management, indicating poor security governance. DNS security is suboptimal, missing DNSSEC, which could allow domain spoofing or hijacking. While email security appears well-managed, other layers require urgent remediation to protect business continuity and customer trust.

I

IN Air Travel Experience

in-atx.com

45

The website's security posture is currently inadequate, with critical vulnerabilities primarily related to the absence of HTTPS encryption severely exposing user data and communications to interception. Significant GDPR compliance gaps, such as missing privacy and cookie policies and consent mechanisms, present legal and reputational risks. The lack of fundamental security headers increases the risk of common attacks like clickjacking and XSS, undermining user trust. Furthermore, the absence of an information security framework, incident response procedures, and vulnerability disclosure policies indicates immature security governance, which could lead to prolonged incident resolution and increased business disruption. While network security and email security scores are relatively strong, critical TLS and encryption failures overshadow these positives. Immediate remediation is needed to protect customer data, comply with regulations, and maintain business continuity. Overall, the organization faces substantial operational, legal, and reputational risks without swift action.

The website's overall security posture reveals significant vulnerabilities that could expose the business to substantial risks. The most critical issue is the lack of HTTPS encryption, which jeopardizes all data transmitted between users and the site, risking data interception and loss of trust. Medium-level issues such as missing security headers, absence of DKIM records for email, and failure to comply with GDPR and NIS2 regulations further increase the risk of data breaches, phishing, and regulatory penalties. DNS health concerns like missing DNSSEC and CAA records also reduce domain integrity and increase susceptibility to DNS hijacking. While network security is strong, the absence of foundational web security controls undermines the overall defense strategy. Immediate remediation is essential to protect customer data, ensure compliance, and maintain business reputation. Addressing these gaps will enhance user trust, reduce legal exposure, and strengthen the organization's cybersecurity posture.

O

One Partners

onepartners.com.br

42

The website's overall security posture is critically weak, exposing the business to significant cyber risks and regulatory non-compliance. The absence of HTTPS encryption is a critical vulnerability impacting data confidentiality and user trust, with cascading effects on GDPR and NIS2 compliance. Multiple missing security headers increase susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. The exposure of critical services like MySQL and FTP without adequate protections further elevates the risk of data breaches and unauthorized access. Additionally, the lack of essential documentation and policies—including privacy, cookie, security, and incident response—exposes the organization to legal and operational risks. Although email security and DNS health scores are relatively strong, they do not compensate for the critical infrastructure and governance gaps. Immediate remediation is necessary to protect sensitive data, maintain customer confidence, and ensure regulatory compliance. Failure to act could result in financial losses, reputational damage, and potential regulatory penalties.

G

GS Monaco

gsmonaco.com

42

The website exhibits a severely deficient security posture, with multiple critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. Most notably, the absence of HTTPS encryption critically undermines data confidentiality and integrity, violating GDPR and NIS2 requirements and risking customer trust and legal penalties. The lack of key security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options leaves the site vulnerable to man-in-the-middle attacks, clickjacking, and cross-site scripting. Additionally, missing privacy policies and cookie consent measures expose the business to compliance violations and reputational damage. Network services like FTP and SSH are exposed without adequate protections, increasing the attack surface. Overall, the current state indicates a lack of foundational cybersecurity governance and incident preparedness. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain business continuity. Without urgent action, the company risks financial loss, legal sanctions, and erosion of customer confidence.

M

Manens S.p.A.

manens-tifs.it

48

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Key security headers that mitigate various web attacks are largely missing, increasing the risk of cross-site scripting, clickjacking, and content sniffing attacks. Compliance with GDPR and NIS2 regulations is significantly lacking, posing legal and reputational risks, particularly due to missing cookie consent mechanisms, insufficient privacy policies, and lack of incident response and security documentation. Although email security and network security are relatively strong, critical deficiencies in web security and regulatory compliance overshadow these strengths. The absence of an information security framework and business continuity planning further jeopardizes operational resilience. Immediate remediation is essential not only to protect sensitive data and privacy but also to maintain customer trust and avoid substantial regulatory penalties. Without prompt and focused improvements, the business faces heightened exposure to cyber threats and compliance violations.

A

Athos Partners

athospartners.com

45

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory fines, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting secure data transmission and compliance with GDPR and NIS2 regulations. Key security headers are missing, increasing susceptibility to clickjacking, cross-site scripting, and other web-based attacks. The lack of a cookie policy and consent mechanisms further exposes the organization to GDPR non-compliance and potential legal penalties. Additionally, the absence of documented security policies, incident response plans, and vulnerability disclosure processes indicates immature security governance. While email security and network security are relatively strong, foundational web security controls and regulatory compliance require urgent attention. Immediate remediation will protect customer data, ensure legal compliance, and enhance trust with stakeholders.

The website's overall security posture exhibits critical vulnerabilities, notably the absence of HTTPS encryption and lack of email authentication, which pose significant risks to data confidentiality and email integrity. Medium-level issues related to security headers, GDPR compliance, NIS2 alignment, and DNS security measures further weaken the security framework and could lead to regulatory non-compliance and increased attack surface. While network security measures are strong and DNS health is relatively good, the failure to implement foundational protections like SSL/TLS and email authentication undermines user trust and exposes the business to potential data breaches and phishing attacks. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and uphold the organization's reputation. Addressing these gaps will also support long-term security resilience and business continuity. The current email security score (75/100) and DNS health score (85/100) indicate room for improvement despite some positive aspects. Prioritizing encryption and authentication will deliver the highest security and business impact benefits. Overall, the assessment reveals critical weaknesses that require urgent and strategic attention.

O

Oceanco

builtbyoceanco.com

50

The website's overall security posture presents significant risks, primarily due to the complete lack of HTTPS encryption, which is flagged as a critical issue across multiple security domains (GDPR, NIS2, SSL/TLS). This exposes the website and its users to data interception and undermines user trust. Additionally, there are severe compliance gaps with GDPR and NIS2 regulations, including missing privacy and cookie policies, lack of cookie consent mechanisms, and absence of essential security governance documents such as incident response and security policies. While network security and security headers are relatively strong, critical foundational elements like encryption and governance are missing, which could lead to regulatory penalties, reputational damage, and increased vulnerability to cyberattacks. The absence of a vulnerability disclosure policy and business continuity planning further exacerbates risks. On a positive note, email security and DNS health receive moderate scores but still require improvements to fully mitigate risks. Immediate remediation is imperative to protect the business, comply with regulations, and maintain customer trust.

F

Federal Hotel

federal-hotel.com

40

The website exhibits a significantly weak security posture with multiple critical vulnerabilities, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Key security headers are missing, increasing susceptibility to common web-based attacks such as clickjacking, MIME sniffing, and cross-site scripting. GDPR compliance is severely lacking, with no privacy or cookie policies, no consent mechanisms, and insufficient contact information, risking regulatory penalties and loss of customer trust. The absence of an information security framework, security policies, and incident response procedures further highlights immature security governance, exposing the business to operational risks and regulatory non-compliance under frameworks like NIS2. Email authentication is inadequately configured, increasing the risk of phishing and email spoofing attacks. While network security and DNS health show some positive aspects, these strengths are overshadowed by critical gaps in encryption and governance. Immediate remediation is required to protect customer data, maintain trust, and comply with legal requirements, thereby safeguarding the business’s reputation and operational continuity.

T

Temenos

avoka.com

49

The website exhibits a severely weak security posture, primarily due to the absence of HTTPS encryption, which is classified as critical across multiple standards including GDPR, NIS2, and SSL/TLS assessments. Key security headers are largely missing, leaving the site vulnerable to attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is notably deficient, with no cookie consent banner, inadequate privacy policies, and lack of documented security and incident response procedures. While network security and DNS health show some strengths, critical email security measures like SPF records are missing, increasing the risk of email spoofing. The overall risk profile exposes the business to regulatory penalties, reputational damage, and potential data breaches. Immediate remediation is necessary to protect customer data, ensure legal compliance, and maintain trust. Without urgent action, the business faces significant operational and financial risks.

M

Monte Carlo Capital

montecarlocap.com

42

The website's security posture is currently at high risk due to critical vulnerabilities, most notably the absence of HTTPS encryption, which compromises data confidentiality and integrity. Multiple missing security headers expose the site to common web attacks such as clickjacking, cross-site scripting, and MIME-type sniffing. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, poses significant legal and reputational risks, especially in regulated markets. Deficiencies in NIS2-related controls, such as missing incident response procedures and security policies, indicate inadequate preparedness for cyber incidents. While network security and email security show relatively better scores, critical gaps in SSL/TLS and DNS configurations undermine overall security. Immediate remediation is necessary to protect user data, maintain trust, and avoid regulatory penalties. The current state may deter customers and partners concerned about data protection and compliance.

A

Albanu

albanu.mc

41

The website's security posture is currently poor with multiple critical and high-risk vulnerabilities identified, exposing the business to significant cyber threats and regulatory non-compliance. The absence of HTTPS encryption is a fundamental and critical weakness, undermining data confidentiality and integrity. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements, including privacy and cookie policies and consent mechanisms, presents legal and reputational risks, especially for customer data protection. Network security is compromised by exposure of high-risk services like FTP and SSH, which can be exploited for unauthorized access. Additionally, the absence of essential security governance documents and incident response procedures indicates immature security management practices. Immediate remediation is necessary to protect customer trust, comply with regulations, and safeguard business operations. Prioritizing these issues will reduce the risk of data breaches and potential financial and legal consequences.

C

Centurion Bulk

centurionbulk.com

34

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a critical vulnerability that undermines all data confidentiality and integrity, putting customer data and business communications at risk. Missing essential security headers such as Strict-Transport-Security and Content-Security-Policy increase susceptibility to common web attacks like man-in-the-middle, clickjacking, and cross-site scripting. Non-compliance with GDPR is evident due to missing privacy policies, cookie consent mechanisms, and third-party privacy disclosures, which can result in heavy fines and reputational damage. Several NIS2 directive requirements are unmet, including lack of incident response, security policies, and business continuity planning, exposing the company to operational risks and regulatory penalties. Network security is compromised by exposing critical services like FTP and MySQL publicly, heightening the risk of unauthorized access. Email security is moderately implemented but lacks enforcement and reporting mechanisms, potentially increasing phishing and spoofing risks. Overall, urgent remediation is needed to protect sensitive data, comply with regulations, and maintain customer trust.

M

Meridian4G

meridian4g.com

54

The website's overall security posture is significantly compromised, primarily due to the absence of HTTPS encryption, which is a critical vulnerability exposing user data to interception and undermining trust. Compliance with GDPR and NIS2 regulations is severely lacking, risking legal penalties and damage to brand reputation. While email security and network security modules score well, major gaps exist in policy documentation, incident response planning, and user privacy protections. The presence of exposed services like SSH and missing security headers further increase the attack surface. DNS security is moderate but can be improved to prevent DNS spoofing attacks. Immediate remediation is essential to safeguard customer data, ensure regulatory compliance, and maintain business continuity. Addressing these critical issues will also boost customer confidence and reduce the risk of costly breaches.