Security Directory

U

University Sesame

universitesesame.com

42

The website's security posture is currently weak and exposes the business to significant risks, including data breaches, regulatory non-compliance, and reputational damage. Critical issues such as the absence of HTTPS encryption and lack of email authentication mechanisms put sensitive data and communications at risk of interception and spoofing. The failure to implement GDPR requirements, including missing privacy and cookie policies and consent mechanisms, may lead to legal penalties and loss of customer trust. Additionally, the lack of a formal information security framework, incident response, and business continuity plans highlights an immature security governance environment. While network security measures appear strong, the overall ecosystem is vulnerable due to foundational security gaps. Immediate remediation is necessary to safeguard business operations, comply with regulations, and maintain customer confidence. The current module scores, especially for GDPR and NIS2 compliance, indicate urgent attention is required to align with industry standards and legal obligations.

P

Panerai

panerai.com

50

The website exhibits a severely weak security posture, with multiple critical vulnerabilities primarily around encryption and regulatory compliance. The absence of HTTPS encryption is a critical risk that undermines data confidentiality and integrity, exposing users to potential data interception and man-in-the-middle attacks. Compliance with GDPR and NIS2 requirements is significantly lacking, which poses legal and reputational risks for the business. Security headers are inadequately configured, increasing exposure to common web-based attacks. While network security and email security show relatively better scores, foundational SSL/TLS protections are missing. The lack of documented security policies, incident response, and vulnerability disclosure processes indicates immature security governance. Overall, the site is vulnerable to data breaches, regulatory penalties, and loss of customer trust. Immediate remediation is essential to protect sensitive data and comply with legal frameworks.

The website's overall security posture is critically weak, with multiple severe vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. Notably, the absence of HTTPS encryption is a critical issue affecting confidentiality and trust. The lack of fundamental security headers such as Strict-Transport-Security and Content-Security-Policy further increases susceptibility to web-based attacks. Compliance with GDPR and NIS2 frameworks is severely lacking, with missing privacy policies, cookie consent mechanisms, and no documented security or incident response procedures. DNS and network configurations also present vulnerabilities, such as missing name servers and exposed services. While email security is relatively strong, the overall risk profile is dominated by critical deficiencies in encryption, policy, and governance. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business reputation.

K

Koroyd

koroyd.com

50

The website's overall security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches and regulatory non-compliance. The absence of HTTPS encryption is a critical flaw, undermining user data confidentiality and trust, while also violating GDPR and NIS2 requirements. Key security headers are missing, increasing the risk of cross-site scripting and data leakage. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, risking legal penalties and reputational damage. The lack of documented security policies, incident response, and business continuity plans highlights operational weaknesses. Email and DNS security are relatively strong, but gaps remain that could be exploited. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity. Without urgent corrective actions, the business faces increased risk of cyber incidents and legal consequences.

M

Medicis Consult

medicis-consult.com

44

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is a fundamental vulnerability, affecting confidentiality, integrity, and trust with users and partners. Missing critical security headers, such as Strict-Transport-Security and Content-Security-Policy, leaves the site vulnerable to common web attacks like clickjacking and cross-site scripting. The lack of GDPR compliance elements, including a privacy policy and cookie consent, poses legal and reputational risks. Furthermore, the absence of an information security framework, incident response procedures, and security policy documentation suggests immature security governance. Exposure of high-risk services like FTP and insufficient DNS security controls further increase the attack surface. While email security scores relatively well, the overall environment requires urgent remediation to protect business assets, customer data, and maintain regulatory compliance. Immediate action is needed to mitigate these critical vulnerabilities and establish a robust security foundation.

U

UPS Supply Chain Solutions

ups-scs.com

50

The website's overall security posture is currently poor and exposes the business to significant risks, particularly in data protection and regulatory compliance. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and trust, simultaneously violating GDPR and NIS2 requirements. Key policies and procedures related to information security, incident response, and privacy are missing, which undermines the organization's ability to manage security events and comply with legal obligations. While network security and DNS health scores are relatively strong, foundational security controls such as security headers and cookie management are insufficient. The lack of GDPR compliance, including missing privacy and cookie policies and consent mechanisms, poses legal and reputational risks. Email security is reasonably well implemented but can be further improved. Immediate remediation is needed to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Without these improvements, the business risks data breaches, regulatory penalties, and damage to its brand reputation.

I

Indosuez Wealth Management

ca-indosuez.fr

43

The website's overall security posture is critically weak and exposes the business to significant risks, particularly regarding data protection and regulatory compliance. The absence of HTTPS encryption is a critical vulnerability affecting GDPR, NIS2, and SSL/TLS compliance, jeopardizing user data confidentiality and trust. Key security headers are missing or poorly configured, increasing exposure to web-based attacks such as clickjacking and cross-site scripting. The lack of a cookie policy and consent mechanisms indicates non-compliance with GDPR, which could lead to legal penalties and reputational damage. Furthermore, the absence of essential NIS2 security policies, such as incident response and security documentation, suggests insufficient organizational security governance. DNS and email security configurations reveal gaps that could enable phishing or spoofing attacks. While network security posture is good, the overall lack of fundamental protections necessitates urgent remediation to safeguard the business and meet regulatory requirements.

R

Rosengart

rosengart.mc

38

The website's security posture is currently poor, with multiple critical and high-severity issues posing significant risks to data confidentiality, integrity, and regulatory compliance. Most notably, the absence of HTTPS encryption critically exposes user data to interception and undermines trust. Key security headers are missing, increasing susceptibility to web-based attacks such as clickjacking, content injection, and cross-site scripting. The lack of GDPR compliance elements such as a privacy policy, cookie policy, and consent mechanisms exposes the business to legal penalties and reputational damage. Additionally, the absence of NIS2-related security frameworks, policies, and incident response plans indicates inadequate preparedness against cyber threats and regulatory requirements. While network security posture and DNS health show relative strength, other foundational security controls need urgent implementation. Overall, immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

D

Dan-Bunkering

dan-bunkering.com

50

The website's overall security posture is currently poor, with critical deficiencies in fundamental protections such as HTTPS encryption and essential security headers. The absence of HTTPS puts all data transmissions at risk of interception, undermining user trust and regulatory compliance. Additionally, the site lacks key GDPR compliance elements, including a cookie policy and consent mechanisms, exposing the business to legal and financial penalties. The NIS2-related controls are notably weak, with missing security policies, incident response plans, and vulnerability disclosure procedures, increasing operational risk. While email security and network security are strong, these are overshadowed by critical gaps in web and data protection layers. DNS health is moderate, but enabling DNSSEC would enhance DNS integrity. Immediate attention to these critical vulnerabilities is essential to safeguard customer data, maintain regulatory compliance, and protect brand reputation.

The website's overall security posture is severely deficient, with multiple critical vulnerabilities that expose the business to significant risks including data breaches, non-compliance penalties, and reputational damage. The absence of HTTPS encryption is a glaring issue impacting confidentiality and user trust. Key security headers are missing, increasing susceptibility to web-based attacks such as XSS and clickjacking. The lack of GDPR compliance elements like privacy policies and consent mechanisms exposes the company to regulatory fines and legal challenges. Additionally, there is no formal information security framework or incident response plan, which hinders the ability to manage and recover from security incidents effectively. While network security and some email/dns security aspects are relatively strong, they do not compensate for the critical gaps in web application security and regulatory adherence. Immediate remediation is necessary to protect customer data, maintain compliance, and uphold brand integrity. Without prompt action, the business faces escalating operational and legal risks.

F

Finaxy Group

finaxygroup.com

43

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and data integrity, impacting GDPR and NIS2 compliance. Key security headers are either missing or misconfigured, increasing the risk of cross-site scripting (XSS), clickjacking, and content injection attacks. The lack of privacy and cookie policies along with missing consent mechanisms exposes the company to legal penalties under data protection regulations. Furthermore, insufficient information security governance, including missing incident response and business continuity plans, indicates poor preparedness against cyber threats. While network security and email security show strengths, they are overshadowed by critical gaps in web security and compliance. Immediate remediation is required to protect sensitive customer data, maintain trust, and meet regulatory requirements. Without urgent action, the business is vulnerable to legal actions, data loss, and operational disruptions.

F

FLOORENOV

floorenov.com

42

The website's overall security posture is currently poor, with critical weaknesses severely exposing the business to data breaches, regulatory violations, and operational risks. The absence of HTTPS encryption is a fundamental and critical flaw, undermining all data confidentiality and integrity and violating GDPR and NIS2 compliance requirements. Key security headers like Content-Security-Policy and X-Frame-Options are missing, increasing susceptibility to XSS and clickjacking attacks. GDPR compliance is notably deficient, lacking privacy and cookie policies as well as consent mechanisms, which risks significant legal penalties and reputational damage. The lack of an established information security framework, incident response, and business continuity plans further increases organizational risk exposure. Email authentication is critically weak, opening the door to phishing and spoofing threats. While network security and DNS configurations show strengths, they cannot compensate for core HTTPS and policy deficiencies. Immediate remediation is essential to protect customer data, comply with regulations, and maintain business continuity and trust.

O

OceanaGold

oceanagold.com

47

The website's overall security posture is currently poor, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory penalties, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all site visitors and transactions. Key security headers are either missing or weakly configured, increasing susceptibility to attacks such as clickjacking, cross-site scripting (XSS), and content injection. Compliance with GDPR and NIS2 regulations is notably lacking, particularly concerning cookie policies, consent mechanisms, and documented security frameworks, putting the business at risk of legal consequences. While the network security and DNS health are relatively strong, email security shows room for improvement, especially with DMARC enforcement. Immediate action is required to remediate critical and high-severity issues to protect customer data, maintain trust, and ensure regulatory compliance. Without prompt remediation, the organization faces heightened risks of cyber incidents and potential operational disruption.

The website exhibits a severely deficient security posture, particularly in critical areas such as encryption, data privacy compliance, and incident preparedness. The absence of HTTPS encryption poses an immediate and significant risk, exposing sensitive user data to interception and undermining customer trust. Critical GDPR compliance gaps—including missing privacy and cookie policies and lack of consent mechanisms—expose the business to regulatory penalties and reputational damage. Additionally, the lack of a formal information security framework and incident response procedures under NIS2 requirements indicates unpreparedness for cyber incidents, increasing operational risk. While network security and email security show moderate strength, key improvements are needed to align with industry standards and legal mandates. Overall, urgent remediation is required to protect customer data, comply with regulations, and safeguard business continuity. Immediate focus on encryption and privacy policies will significantly reduce risk and enhance stakeholder confidence.

N

NOVAX®PHARMA

novaxpharma.com

42

The website's overall security posture is poor, with critical vulnerabilities exposing it to significant risks including data interception, regulatory non-compliance, and potential breaches. The absence of HTTPS encryption is a critical failure that undermines all data confidentiality and integrity, making user data vulnerable to interception and tampering. Missing essential security headers such as Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options increase the risk of web-based attacks like clickjacking, cross-site scripting, and content injection. Compliance with GDPR and NIS2 regulations is severely lacking, with missing privacy policies, cookie consent mechanisms, and documented security procedures, exposing the organization to potential legal penalties and reputational damage. The presence of high-risk exposed services like FTP further elevates the risk profile by offering attackers easy entry points. While email security scores well, other core security domains require urgent remediation. Immediate focus is needed on encryption, policy documentation, and service hardening to protect business operations and customer trust.

The website's security posture is currently poor, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Critical vulnerabilities such as the absence of HTTPS encryption and missing core security headers leave user data and communications unprotected. The lack of privacy policies and cookie consent mechanisms violates GDPR requirements, increasing legal exposure. Additionally, key information security controls and incident response procedures are missing, indicating immature cybersecurity governance. Exposure of high-risk services like FTP further increases attack surface and potential compromise. While email security and DNS health show some strengths, these are overshadowed by critical gaps in encryption and compliance. Immediate remediation is essential to safeguard customer trust, comply with regulations, and protect business continuity. Without urgent action, the organization risks severe financial and operational consequences from cyber incidents or regulatory penalties.

K

KONE Corporation

kone.com

48

The website's current security posture presents significant risks that could severely impact the business's reputation, compliance status, and operational integrity. Critical vulnerabilities such as the absence of HTTPS encryption expose user data to interception and undermine trust. High-severity gaps in GDPR compliance, including the lack of privacy and cookie policies and no cookie consent mechanism, put the organization at risk of regulatory penalties and legal challenges. Key NIS2-related deficiencies, such as missing information security frameworks, incident response plans, and security policy documentation, indicate a lack of maturity in cybersecurity governance. Although email and network security scores are strong, the overall security hygiene is compromised by missing critical security headers and DNS protections. Immediate remediation is necessary to safeguard customer data, ensure regulatory compliance, and maintain business continuity. Addressing these issues will not only mitigate risks but also enhance customer confidence and reduce potential financial liabilities.

J

Just a moment...

3dconnexion.com

50

The website's overall security posture is currently weak, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory fines, and reputational damage. Most notably, the absence of HTTPS encryption is a severe flaw, undermining all data transmissions and violating GDPR and NIS2 compliance requirements. Key security headers such as Strict-Transport-Security and Content-Security-Policy are missing, increasing the risk of man-in-the-middle attacks and cross-site scripting. GDPR compliance is poor due to missing privacy and cookie policies and the lack of a consent banner, risking legal penalties. The organization also lacks fundamental information security frameworks, policies, and incident response procedures, indicating immature security governance. However, email security and network security show relatively strong postures, which is a positive foundation to build upon. Immediate remediation is critical to prevent exploitation and align with regulatory mandates. Investing in HTTPS encryption and comprehensive security policies will deliver the highest immediate business value by reducing risk and improving customer trust.

The website exhibits critical security vulnerabilities primarily due to the absence of HTTPS encryption, severely impacting data confidentiality and trustworthiness. Compliance with GDPR is notably poor, with missing cookie consent banners and potentially non-compliant privacy policies, exposing the business to regulatory fines and reputational damage. The NIS2 framework-related deficiencies indicate a lack of formalized security policies, incident response plans, and vulnerability disclosure processes, increasing operational risk and reducing resilience against cyber threats. While network and email security postures are strong, these strengths do not compensate for fundamental issues in encryption and governance. Low-severity issues like weak referrer-policy headers and caching of sensitive data should be addressed to minimize attack surface. Overall, the security posture is inadequate for protecting customer data and ensuring regulatory compliance, necessitating immediate remediation. Prioritizing encryption and governance frameworks will significantly enhance business security and stakeholder confidence.

K

KeeSystem

keesystem.com

35

The website's overall security posture is critically weak, exposing it to significant risks including data breaches, regulatory penalties, and service disruptions. The absence of HTTPS encryption is a fundamental flaw, compromising data confidentiality and user trust. Key security headers are missing or misconfigured, increasing susceptibility to web-based attacks such as clickjacking, cross-site scripting, and content injection. GDPR compliance is severely lacking, with no privacy or cookie policies and missing consent mechanisms, risking legal consequences and reputational damage. Network security is inadequate with critical services like MySQL and FTP exposed publicly, heightening the risk of unauthorized access. Incident response and information security frameworks are either absent or insufficient, limiting the organization’s ability to detect and respond to threats. Email security measures such as DMARC and DKIM are partially implemented but need strengthening to prevent phishing and spoofing. Immediate remediation is essential to safeguard business operations, comply with regulations, and maintain customer trust.

The website demonstrates a generally moderate security posture but contains one critical vulnerability that requires immediate attention. The absence of HTTPS encryption severely compromises data confidentiality and integrity, exposing users and the business to interception and man-in-the-middle attacks. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, and incomplete email security configurations increase regulatory and reputational risks. DNS security is adequate but can be improved by enabling DNSSEC and configuring CAA records. Encouragingly, network security measures are robust, scoring 100/100. Overall, while foundational defenses exist, the critical SSL/TLS weakness and compliance gaps pose significant threats to business continuity and customer trust. Addressing these issues promptly will strengthen security posture and regulatory compliance, protecting both business assets and customer data.

F

Family Office Exchange

familyoffice.com

51

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing user data and communications to interception and manipulation. Significant compliance gaps exist, particularly with GDPR and NIS2 directives, risking legal penalties and reputational damage. Security headers are inadequately configured, leaving the site vulnerable to common web-based attacks such as cross-site scripting. While email security and network security are strong, foundational elements like incident response, security policies, and vulnerability disclosure frameworks are missing, undermining the organization's ability to detect, respond to, and mitigate threats effectively. DNS security is moderate but could be improved to reduce risks of DNS spoofing and related attacks. The absence of cookie management controls and transparency further increases regulatory non-compliance risk. Immediate remediation is essential to protect business continuity, customer trust, and regulatory standing.

The website's security posture is currently weak and exposes the business to significant risks, primarily due to the lack of HTTPS encryption and critical security headers. Absence of HTTPS not only undermines data confidentiality and integrity but also violates GDPR and NIS2 compliance requirements, risking legal penalties and loss of customer trust. Key security controls such as Content-Security-Policy and X-Frame-Options headers are missing, increasing vulnerability to cross-site scripting and clickjacking attacks. The website also lacks essential GDPR compliance elements including a cookie policy and consent mechanisms, exposing the business to regulatory fines. Incident response, information security frameworks, and security policy documentation are absent, which can hamper timely detection and mitigation of security incidents. While email security and network security have relatively strong scores, foundational web security and compliance gaps are critical and require immediate attention. Improving these areas will protect customer data, enhance trust, and reduce potential financial and reputational damage.

R

RMConsulting

rmconsulting.be

49

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Most notably, the absence of HTTPS encryption is a severe vulnerability affecting data confidentiality and integrity, violating GDPR and NIS2 compliance requirements. Key security headers are missing, increasing the risk of cross-site scripting (XSS) and clickjacking attacks. The lack of security policies, incident response plans, and business continuity strategies demonstrates immature cybersecurity governance. GDPR compliance is insufficient, notably missing a cookie consent banner and proper privacy documentation, which could lead to legal penalties. Exposed high-risk services like FTP increase the attack surface. While email security and DNS health are relatively strong, they do not compensate for foundational weaknesses. Immediate remediation is necessary to protect sensitive data, maintain customer trust, and meet regulatory obligations.

B

Bentley Systems

legion.com

50

The website's security posture is currently weak and exposes the business to significant risks, notably due to lack of HTTPS encryption, absence of key GDPR compliance elements, and deficient information security governance. Critical vulnerabilities, including no HTTPS, missing privacy and cookie policies, and absence of incident response procedures, pose threats to data confidentiality, regulatory compliance, and customer trust. While network security and email security configurations are strong, foundational protections such as security headers and DNS configurations require improvement. The lack of GDPR-related policies and consent mechanisms increases legal and reputational risks, particularly in data privacy jurisdictions. Additionally, missing security framework documentation and vulnerability disclosure policies hinder the organization’s ability to manage and respond to cyber incidents effectively. Overall, urgent remediation is needed to protect sensitive information, meet compliance obligations, and safeguard business continuity. Immediate attention to encryption, policy development, and security controls will significantly reduce risk exposure.

S

Stéphane-Alexandre Dani

art-dani.com

42

The website's current security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputation damage. The absence of HTTPS encryption is the most severe vulnerability, undermining all data confidentiality and integrity guarantees. Key security headers like Strict-Transport-Security, Content-Security-Policy, and X-Frame-Options are missing, increasing the risk of web-based attacks such as clickjacking, cross-site scripting, and content injection. The lack of GDPR compliance elements including Privacy Policy, Cookie Policy, and consent mechanisms places the company at risk for legal penalties and customer trust erosion. Additionally, the absence of foundational NIS2 security governance documents such as incident response and security policies further weakens organizational readiness against cyber threats. While network security and DNS health show relatively strong posture, critical gaps in SSL/TLS and email security remain. Immediate action is required to remediate these high and critical issues to protect customer data, comply with regulations, and maintain business continuity.

F

FITT

interplast.mc

37

The website's security posture is currently poor, with multiple critical and high-severity issues that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. Notably, the absence of HTTPS encryption is a critical vulnerability that jeopardizes all data in transit and severely undermines user trust. Key security headers are largely missing, increasing the risk of cross-site scripting, clickjacking, and content injection attacks. Additionally, the lack of GDPR compliance elements such as privacy policies and cookie consent exposes the business to potential legal penalties. The absence of a formal information security framework, incident response procedures, and security policies indicates immature security governance. Email security mechanisms like DMARC and DKIM are weak or missing, raising the risk of phishing and email spoofing. While DNS and network security show some strengths, critical gaps remain, such as the exposure of SSH services. Immediate remediation is required to protect sensitive data, comply with regulations, and maintain customer trust.

The website exhibits a severely compromised security posture with multiple critical vulnerabilities that expose it to significant risks, including data breaches, service disruption, and regulatory penalties. The absence of HTTPS encryption is a critical flaw impacting data confidentiality and user trust. Key security headers are missing, increasing susceptibility to common web attacks such as clickjacking, MIME sniffing, and cross-site scripting. Compliance gaps with GDPR and NIS2 frameworks pose legal and operational risks, especially due to missing privacy policies and incident response procedures. Exposure of critical backend services like MySQL and PostgreSQL to the internet further elevates the risk of unauthorized access and data theft. Although email security and DNS health show relatively better scores, these strengths are overshadowed by critical network and application layer weaknesses. Immediate remediation is necessary to protect sensitive information, maintain customer trust, and avoid regulatory sanctions. Overall, urgent investment in security infrastructure and governance is required to stabilize the environment and reduce business risk.

E

Eurimpex MDD

eurimpexmdd.com

42

The website's overall security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a fundamental vulnerability affecting data confidentiality and integrity, highlighted as a critical issue across multiple frameworks (GDPR, NIS2, SSL/TLS). Key security headers such as Content-Security-Policy and X-Frame-Options are missing, increasing the risk of cross-site scripting and clickjacking attacks. There is a complete lack of privacy and cookie policies, which not only undermines user trust but also violates GDPR requirements, potentially resulting in heavy fines. The security governance framework is also deficient, with no documented incident response, security policies, or vulnerability disclosure processes, leaving the business ill-prepared for cyber incidents. Email security is partially implemented but lacks essential authentication mechanisms, increasing the risk of phishing and spoofing. DNS and network security are relatively stronger areas but cannot compensate for the critical gaps elsewhere. Immediate remediation is required to protect customer data, ensure compliance, and safeguard business continuity.

V

VolkerRail

volkerrail.nl

51

The website exhibits critical vulnerabilities that severely impact its security posture, notably the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust. Compliance with GDPR is critically deficient, with missing privacy measures, cookie consent, and policy elements, risking significant legal and financial penalties for operating as an EU business without proper safeguards. The lack of an information security framework, incident response procedures, and security policies further amplifies operational risks and regulatory non-compliance under NIS2 requirements. While network security and email security show strengths, foundational issues such as weak security headers and DNS security gaps must be addressed to prevent exploitation. Overall, the site is at high risk of data breaches, legal repercussions, and reputational damage unless urgent remediation occurs. Immediate focus on encryption, privacy compliance, and security governance is essential to protect business interests and customer trust. The current security posture scores indicate critical gaps in GDPR, NIS2, and SSL/TLS domains that require rapid attention. Addressing these will significantly improve compliance, resilience, and stakeholder confidence.

A

AFRY

afconsult.com

50

The website's overall security posture is currently inadequate, exposing the business to significant risks related to data protection, regulatory compliance, and potential cyberattacks. The absence of HTTPS encryption is a critical vulnerability that compromises data confidentiality and integrity, severely undermining user trust and legal compliance, especially under GDPR and NIS2 frameworks. Key regulatory compliance gaps include missing privacy and cookie policies and the lack of a cookie consent mechanism, which can lead to legal penalties and reputational damage. Security governance is weak, with no documented information security or incident response policies, indicating poor preparedness for cyber incidents. While some foundational network security controls are in place, critical header configurations and missing Content-Security-Policy headers leave the website susceptible to common web attacks. DNS health is moderately good but can be improved by enabling DNSSEC to prevent DNS spoofing. Email security measures are strong, indicating some security awareness. Immediate remediation is essential to protect customer data, maintain trust, and comply with regulatory mandates.

The website's security posture presents significant risks that could impact business operations and customer trust. The absence of HTTPS encryption represents a critical vulnerability, exposing data in transit and potentially leading to data breaches or compliance failures. Additionally, the exposure of a high-risk FTP service increases the attack surface and could allow unauthorized access. Medium-level issues such as missing security headers, lack of DNSSEC, and incomplete email security configurations further weaken defenses against common threats. GDPR and NIS2 compliance failures indicate potential regulatory risks, which could result in legal penalties and reputational damage. While email security and DNS health scores are moderate, improvements are necessary to enhance overall protection. Immediate remediation is essential to secure sensitive data, maintain regulatory compliance, and protect brand reputation. Overall, the site requires prioritized security enhancements to mitigate critical vulnerabilities and align with best practices.

E

Engeco Engenharia e Construção LTDA

engeco.com.br

38

The website's overall security posture is critically weak, with multiple high and critical severity issues spanning encryption, compliance, and network exposure. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a fundamental risk. Key security headers that protect against common web attacks are missing, increasing vulnerability to clickjacking, MIME sniffing, and cross-site scripting. Compliance deficiencies, particularly with GDPR and NIS2 regulations, pose significant legal and reputational risks due to missing privacy policies, cookie consent, and documented security policies. Network services such as FTP and MySQL are exposed without adequate controls, presenting easy attack vectors for unauthorized access. While email security and DNS health show relatively better scores, critical gaps in vulnerability disclosure, incident response, and business continuity planning further weaken organizational resilience. Immediate attention is required to establish a secure baseline, ensure regulatory compliance, and protect customer data to maintain trust and avoid costly breaches.

F

Fastway Global Ltd

fastway.org

43

The website's overall security posture is critically weak, with multiple serious vulnerabilities exposing the business to significant risks, including data breaches, regulatory non-compliance, and service disruptions. The absence of HTTPS encryption is the most severe issue, exposing communications to interception and violating GDPR and NIS2 regulations. Critical security headers are missing, increasing susceptibility to various web attacks such as clickjacking, XSS, and content injection. The lack of GDPR compliance elements, including cookie policies and consent mechanisms, presents a high legal and reputational risk. Network security is compromised by exposing high-risk services like FTP and SSH without adequate controls. Additionally, the absence of documented information security frameworks, incident response, and business continuity plans reflects poor organizational preparedness. While email and DNS configurations show moderate strength, they are insufficient to compensate for the critical gaps. Immediate remediation is essential to protect customer data, maintain regulatory compliance, and safeguard business continuity.

N

Namebay

namebay.com

48

The website's security posture is currently inadequate, with critical vulnerabilities that expose the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is the most severe issue, compromising data confidentiality and integrity for all users. Additionally, missing GDPR compliance elements such as privacy and cookie policies, along with a lack of consent mechanisms, expose the business to legal penalties and customer trust erosion. Security governance is weak, with no documented incident response, security policies, or vulnerability disclosure processes, increasing the risk of unmanaged security incidents. Security headers are partially implemented but lack essential protections against common web attacks. Network-level controls are strong, but this does not offset the critical application-layer and compliance deficiencies. Immediate remediation is required to safeguard customer data and meet regulatory requirements. Without prompt action, the business faces heightened operational and legal risks.

H

Hays PLC

hays.com

55

The website's overall security posture is critically weak, primarily due to the complete absence of HTTPS encryption, which exposes all data transmissions to interception and manipulation. Compliance with GDPR and NIS2 regulations is severely lacking, risking significant legal and financial penalties, especially given the missing cookie policy, consent mechanisms, and absence of key security governance documents. While network security and email security show strong implementation, fundamental weaknesses in security headers and encryption overshadow these strengths. The lack of an incident response plan and vulnerability disclosure policy further increases the risk of prolonged breaches and reputational damage. DNS security is moderately good but can be enhanced by enabling DNSSEC to protect against DNS spoofing attacks. Immediate remediation is essential to protect user data, maintain customer trust, and ensure regulatory compliance. Without urgent action, the business faces increased exposure to cyber threats and potential regulatory sanctions.

I

Icon Connect

iconconnect.com

47

The website's overall security posture is critically weak, with significant gaps in foundational security controls and compliance requirements. The absence of HTTPS encryption is the most severe vulnerability, exposing all data transmissions to interception and undermining user trust. Key security headers are missing, increasing the risk of cross-site scripting, clickjacking, and other web-based attacks. Compliance with GDPR is poor, lacking a cookie policy, consent mechanisms, and sufficient privacy disclosures, exposing the business to regulatory penalties. The NIS2 directive requirements are largely unmet, with no documented security frameworks, incident response plans, or business continuity strategies. While email security and network posture are relatively strong, these do not compensate for the critical web and compliance deficiencies. Immediate remediation is essential to protect sensitive data, ensure regulatory compliance, and maintain customer confidence. Without urgent action, the business faces heightened cyber risk, legal exposure, and reputational damage.

F

Fabi AS

fabi.no

42

The website exhibits a severely weak security posture with multiple critical vulnerabilities that expose the business to significant risk. The absence of HTTPS encryption is a critical failure, undermining data confidentiality and user trust, and violating key regulatory requirements such as GDPR and NIS2. There is a lack of foundational security policies and procedures, including incident response, security framework, and vulnerability disclosure, which impairs the organization's ability to detect and respond to threats. Privacy compliance is inadequate, with no privacy or cookie policies and no consent mechanisms, risking regulatory penalties and reputational damage. Security headers are poorly implemented, increasing exposure to common web attacks like clickjacking and cross-site scripting. Email security is incomplete, lacking enforcement of DMARC and missing DKIM records, increasing the risk of phishing and domain spoofing. DNS security is moderately strong but can be improved. Network security posture is good, indicating some positive controls in place. Immediate remediation is essential to protect sensitive data, comply with regulations, and maintain customer trust.

The website's security posture is critically weak, exposing the business to significant risks including data breaches, regulatory non-compliance, and operational disruptions. The absence of HTTPS encryption is the most severe vulnerability, risking data interception and undermining customer trust. Missing fundamental security headers further exposes the platform to common web attacks such as clickjacking, cross-site scripting, and content injection. Non-compliance with GDPR, especially lacking cookie policies and consent mechanisms, increases legal and financial liabilities. The exposure of critical services like MySQL and FTP without adequate protections heightens the risk of unauthorized access and data loss. Additionally, the lack of documented security policies, incident response plans, and business continuity strategies indicates poor preparedness for cyber incidents. While email security scores well, network security and governance frameworks are significantly lacking, undermining overall resilience. Immediate remediation is essential to protect business reputation, customer data, and ensure regulatory compliance.

I

International Superyacht Society

superyachtsociety.org

39

The website’s security posture is currently inadequate and exposes the business to significant risks including data breaches, regulatory non-compliance, and reputational damage. The absence of HTTPS encryption is a critical vulnerability affecting confidentiality and integrity of user data, severely undermining trust and violating GDPR and NIS2 requirements. Key security headers that mitigate common web attacks are largely missing, leaving the site vulnerable to clickjacking, content injection, and cross-site scripting exploits. Additionally, the lack of privacy and cookie policies, along with no cookie consent mechanism, poses serious compliance risks with GDPR regulations, potentially leading to legal penalties. The organization also lacks essential security governance components such as incident response procedures, security policies, and business continuity plans, which are vital for operational resilience. While some areas like DNS health and network security show moderate strength, critical gaps in email authentication and SSL/TLS further increase exposure to phishing and man-in-the-middle attacks. Immediate remediation is necessary to protect sensitive data, ensure regulatory compliance, and maintain customer trust. Without swift action, the business risks financial loss, legal consequences, and damage to brand reputation.

I

IQVIA

imshealth.com

50

The website's security posture currently exhibits significant vulnerabilities that pose notable risks to business operations and customer trust. Most critically, the absence of HTTPS encryption exposes all data transmissions to interception and manipulation, violating GDPR and NIS2 compliance requirements and potentially leading to regulatory penalties. The lack of fundamental privacy policies and cookie consent mechanisms further threatens legal compliance and customer confidence. Additionally, missing core security governance elements such as incident response, security policies, and vulnerability disclosure indicate a weak security management framework. While network and email security show strengths, critical gaps in web security headers and DNS configurations leave attack surfaces open. Immediate remediation is essential to prevent data breaches, reputational damage, and compliance failures. Overall, the website needs a prioritized security overhaul to align with industry standards and regulatory mandates.

The website's security posture is currently poor and exposes the business to significant risks, including data breaches, regulatory non-compliance, and operational disruptions. Critical vulnerabilities such as the complete lack of HTTPS encryption and exposure of critical services like MySQL and FTP pose immediate threats to data confidentiality and integrity. Missing key security headers and policies increase the likelihood of web-based attacks such as clickjacking, content injection, and cross-site scripting. Additionally, the absence of GDPR compliance elements like privacy policies and cookie consent can lead to regulatory penalties and damage to brand reputation. The lack of defined information security frameworks, incident response, and business continuity planning further exacerbates the organization's exposure to cyber threats and slows recovery from incidents. Email security and DNS configurations are moderately strong but require improvements to align with best practices. Overall, urgent remediation is required across infrastructure, compliance, and web application security to protect business assets and customer trust.

V

Valeo

valeo.com

54

The website's overall security posture is currently poor, with critical deficiencies severely impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical risk, exposing all data in transit to interception and undermining user trust. The site lacks essential GDPR compliance elements, including a privacy policy and cookie consent mechanisms, increasing legal exposure. Furthermore, there is no evidence of adherence to the NIS2 directive, with missing information security frameworks, incident response plans, and security policies. While email and network security scores are strong, foundational web security controls like Content-Security-Policy headers are missing or weak. DNS health is moderately good but can be improved by enabling DNSSEC and configuring CAA records. Immediate remediation is required to protect customer data, comply with regulations, and mitigate reputational and financial risks. Without urgent action, the business risks significant security incidents and regulatory penalties.

A

APM Monaco

apm.mc

50

The website's overall security posture is currently weak, with critical vulnerabilities severely impacting confidentiality and compliance. The absence of HTTPS encryption is a critical failure affecting GDPR, NIS2, and SSL/TLS compliance, exposing all data in transit to interception and undermining customer trust. Governance issues are apparent, with no documented security or incident response policies and missing GDPR-required cookie policies and consent mechanisms. While network security and DNS health show strengths, critical gaps in email security enforcement and security headers remain. The poor NIS2 and GDPR compliance scores highlight significant regulatory risk, potentially leading to legal penalties and reputational damage. Addressing these issues is urgent to protect customer data, ensure business continuity, and maintain regulatory compliance. The current state exposes the business to data breaches, legal fines, and loss of customer confidence. Immediate remediation efforts on encryption, policies, and user privacy controls are imperative to improve security posture and business resilience.

B

Balt Group

balt.fr

50

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, exposing all data in transit to interception and manipulation risks. Compliance with GDPR and NIS2 regulations is severely deficient, risking significant legal penalties and reputational damage. Key security headers are mostly missing, increasing vulnerability to clickjacking, cross-site scripting, and content injection attacks. Absence of essential policies such as incident response and security frameworks further heightens operational risks. Although DNS and email security show moderate strength, they cannot compensate for fundamental flaws in transport security and regulatory compliance. Network security posture is strong, indicating underlying infrastructure may be well-managed, but website-level controls are inadequate. Immediate remediation is necessary to protect customer data, maintain trust, and ensure regulatory adherence. Without urgent action, the business faces data breaches, compliance fines, and loss of customer confidence.

M

MARK

meyerbergman.com

53

The website's overall security posture is critically weak, primarily due to the absence of HTTPS encryption, which exposes all data transmissions to interception and undermines trust and regulatory compliance. Key security headers are partially missing, reducing protection against common web attacks. GDPR compliance is severely lacking, with no cookie policy or consent mechanism, and insufficient privacy documentation, risking legal penalties and reputational damage. The NIS2-related controls are almost entirely absent, indicating a lack of fundamental security governance, incident response, and business continuity planning. While email and network security are strong, the critical gaps in encryption and governance overshadow these strengths. DNS security is moderate but could be improved to further harden the domain against tampering. Immediate remediation is necessary to protect customer data, comply with regulations, and maintain business continuity and trust.

The website's overall security posture exhibits significant vulnerabilities, most notably the absence of HTTPS encryption, which presents a critical risk to data confidentiality and user trust. Medium-level issues such as missing security headers, lack of GDPR and NIS2 compliance, absence of DKIM for email authentication, and disabled DNSSEC further expose the organization to data breaches, regulatory penalties, and phishing attacks. While network security shows a strong posture, foundational web security controls are lacking, which could undermine customer confidence and business reputation. Immediate remediation is needed to secure data in transit and align with legal requirements. Addressing these issues will reduce exposure to cyber threats, improve compliance posture, and enhance customer trust and operational resilience. The business should prioritize remediation efforts to avoid potential financial losses and reputational damage stemming from these vulnerabilities. Overall, the current state reflects an urgent need to elevate security controls to industry standards and regulatory expectations.

D

Doro AB

doro.com

42

The website's overall security posture is currently weak, with critical deficiencies in fundamental protections such as HTTPS encryption and key security headers. The absence of HTTPS impacts user trust, data confidentiality, and regulatory compliance, exposing the business to significant legal and reputational risks. GDPR compliance is notably poor, lacking essential elements like cookie policies and consent mechanisms, which could result in heavy fines and customer distrust. The NIS2-related security framework and incident response processes are missing, increasing vulnerability to cyber threats and potential operational disruptions. While email security and network infrastructure show moderate to strong performance, critical gaps in web and application-layer security jeopardize the entire environment. Immediate remediation is essential to protect sensitive customer data, maintain compliance, and safeguard business continuity. Failure to address these issues promptly could lead to data breaches, regulatory penalties, and loss of customer confidence. Overall, the current state demands urgent and prioritized security improvements to align with industry standards and legal requirements.

M

Mercedes-AMG PETRONAS F1 Team

mercedesamgf1.com

54

The website's overall security posture is critically weak, with significant gaps in encryption, regulatory compliance, and security governance. The absence of HTTPS encryption represents a major vulnerability, exposing user data to interception and undermining trust. GDPR compliance is severely lacking, with missing privacy policies, cookie consent mechanisms, and inadequate third-party data handling disclosures, risking legal penalties and reputational damage. The organization also lacks fundamental security frameworks required under NIS2 regulations, such as incident response plans and security policies, which exposes it to operational risks and regulatory sanctions. While some network and email security measures are robust, critical areas like SSL/TLS encryption and security headers need urgent attention. DNS security is moderate but can be improved to further reduce attack surface. Immediate remediation is essential to protect business operations, customer trust, and ensure compliance with legal requirements.

L

London Property Investments

londonpropertyinvestments.com

45

The website's overall security posture is critically weak, with multiple high and critical severity issues primarily related to missing HTTPS encryption and key security headers. The absence of HTTPS encryption exposes all data transmissions to interception and tampering, representing a severe risk to user privacy and business integrity. Compliance with GDPR and NIS2 regulations is insufficient, posing potential legal and regulatory consequences, including fines and reputational damage. Security governance gaps such as missing incident response procedures, security policies, and vulnerability disclosure processes further increase organizational risk. While network security and email security show relatively stronger postures, foundational web security controls and privacy safeguards are lacking. Immediate remediation is required to protect customer data, maintain trust, and ensure regulatory compliance. The company must prioritize establishing a secure HTTPS environment and implementing critical HTTP security headers. Addressing these issues will significantly reduce the risk of cyberattacks and data breaches that could disrupt business operations and harm the brand reputation.