Security Directory

A

Affective Advisory GmbH

affective-advisory.com

0

Affective Advisory GmbH is a specialized behavioural science consultancy based in Switzerland, founded in 2017. The company applies scientific insights from behavioural economics, psychology, and decision science to design strategy and policy solutions aimed at human behaviour change. Their clientele includes governments and private organizations globally, positioning them as a leading consultancy in their niche. The website is professionally designed using Squarespace CMS, featuring client testimonials and partner logos that enhance trust and credibility. However, the site suffers from a lack of a valid SSL certificate, which significantly impacts its security posture. The absence of HTTPS and modern TLS protocols exposes the site to potential risks and undermines user trust. Privacy compliance is basic, with a cookie consent banner present but no comprehensive GDPR indicators or detailed privacy policies. Contact information is clearly provided, including email, phone, and physical addresses, supporting business credibility.

Team Farner is a prominent European alliance of independent, owner-led management consultancies specializing in integrated communication. The alliance combines expertise in strategy, creativity, behavioral science, and technology to provide comprehensive communication solutions across various sectors. With a strong presence in Switzerland and multiple partner companies across Europe, Team Farner positions itself as a leading consultancy network focused on impactful and agile communication strategies. Technically, the website is built on modern web technologies including Webflow CMS, HTML5, CSS3, JavaScript, jQuery, and Lottie animations. The hosting is managed by world4you.at, and the site employs TLS 1.2 for secure HTTPS connections. However, performance is somewhat slow, and there are opportunities to enhance security by enabling HSTS, OCSP stapling, and upgrading to TLS 1.3. From a security perspective, the site has valid SPF and DMARC DNS records, uses HTTPS, and shows no signs of subdomain takeover vulnerabilities. Yet, it lacks several security headers and advanced SSL features, which could be improved to strengthen its security posture. Privacy compliance is good with a comprehensive privacy policy, but no explicit cookie consent mechanism was detected. Overall, the website demonstrates a high level of professionalism, rich content, and strong business credibility. The security posture is adequate but can be enhanced. The risk assessment suggests moderate risk with recommendations to improve SSL configurations and implement additional security headers to protect user data and enhance trust.

S

SEMSEA Suchmaschinenmarketing AG

semsea.ch

0

SEMSEA Suchmaschinenmarketing AG is a Swiss-based premium online marketing agency specializing in Google Ads, SEO, social media advertising, and analytics. Positioned among the top 3% of Swiss agencies and part of the exclusive Google Leading Agencies Switzerland Program, SEMSEA offers comprehensive digital marketing services including consulting, campaign management, and training. Their target audience includes businesses seeking expert digital advertising solutions with a focus on omnichannel strategies. Technically, the website is built on Contao CMS and integrates multiple marketing and analytics tools such as Google Tag Manager, HubSpot, and Hotjar. However, the site suffers from a lack of HTTPS due to an invalid SSL certificate and missing modern TLS protocols, which significantly impacts its security posture. The cookie consent mechanism is robust and GDPR compliant, with detailed cookie categories and user controls. Overall, SEMSEA demonstrates strong business credibility and marketing transparency but needs urgent improvements in security infrastructure to protect user data and enhance trust.

A

Arvato Systems Schweiz AG

arvato-systems.ch

0

Arvato Systems Schweiz AG is a subsidiary of the international Arvato Systems group, specializing in IT services and digital transformation solutions. The company offers a broad portfolio including digital commerce, cloud services, application modernization, and industry-specific IT solutions targeting enterprises primarily in Switzerland and globally. The website reflects a mature digital presence with comprehensive content, local contact points, and professional branding. Technically, the site uses CoreMedia CMS and modern web technologies but suffers from slow load times and lacks some advanced security configurations such as HSTS and OCSP stapling. Security posture is solid with valid SSL, SPF, and DMARC records, but no explicit security or incident response policies are published. Privacy compliance is well addressed with a cookie consent mechanism and a detailed privacy policy. Overall, the site is professional and trustworthy but could improve performance and security hardening.

B

Baloise Gruppe

baloise.com

0

Baloise Gruppe is a leading European insurance and financial services provider with a strong presence in Switzerland, Germany, Luxembourg, Belgium, and Liechtenstein. The company offers a wide range of insurance products, financial solutions, and career opportunities, targeting both private and institutional customers. Their website reflects a professional and comprehensive digital presence with extensive content, multi-language support, and clear navigation. Technically, the site employs modern web components and integrates various marketing and analytics tools, though it suffers from an invalid SSL certificate which impacts its security posture. The security configuration lacks essential headers and proper SSL, reducing the overall security score. Privacy compliance is well addressed with comprehensive policies and a robust cookie consent mechanism. Overall, the website is professional and trustworthy but requires urgent attention to its SSL configuration to enhance security and user trust.

K

Klar Webagentur GmbH

klar-webagentur.ch

0

Klar Webagentur GmbH is a Swiss-based digital agency specializing in web design, web development, content production including photography and video, and online marketing services targeted primarily at Swiss small and medium-sized enterprises (KMU) and organizations. The company positions itself as a provider of clear, practical web solutions that help clients achieve their digital goals efficiently. Their website reflects a professional and consistent brand image with good content quality and clear navigation. Technically, the website is built on Joomla CMS and leverages modern JavaScript libraries such as jQuery and GSAP, along with Mapbox for map integration. The site uses Google Analytics and Google Tag Manager for analytics and marketing purposes. Hosting appears to be managed via sui-inter.net nameservers. Performance is somewhat slow due to a large page size and many resources, but mobile optimization is good. From a security perspective, the site uses HTTPS with TLS 1.3 and 1.2 protocols and has valid SPF and DMARC DNS records, although DMARC is set to a non-enforcing policy. There is no HSTS enabled, no DNSSEC, and no OCSP stapling, which are areas for improvement. No explicit security or incident response policies are published on the site. Cookie consent is implemented with a banner and opt-in mechanism, but GDPR compliance indicators are basic. Overall, the website is functional, professional, and credible but could benefit from enhanced security configurations and improved performance. Strategic recommendations include enabling HSTS, improving DMARC policy, implementing DNSSEC, and optimizing page load times to strengthen security posture and user experience.

J

Joyn ist im Ausland nur begrenzt nutzbar

joyn.ch

0

Joyn.ch is a regional streaming media platform targeting German-speaking users in Switzerland, with sister sites in Germany and Austria. The service offers free and subscription-based tiers with geo-restrictions limiting usage abroad. Technically, the site is built on a modern Next.js framework hosted on Vercel, using GraphQL APIs and secure email services. The SSL configuration is strong with TLS 1.3 support and robust security headers, though HSTS is not fully enabled. Privacy and cookie policies are not present on the analyzed page, and no direct contact information is provided, which impacts compliance and trust. Overall, the site is professionally designed and performs well, but improvements in privacy transparency and incident response readiness are recommended.

S

Spar- und Leihkasse Wynigen AG

slwynigen.ch

0

Spar- und Leihkasse Wynigen AG is a small, independent regional bank based in Switzerland, established in 1929. The bank offers a range of financial services including savings, loans, mortgages, and digital banking solutions such as E-Banking and mobile apps. The website reflects a strong regional focus with personalized customer service as a key differentiator. Technically, the site is built on Joomla CMS, hosted behind Cloudflare, and integrates third-party services like Google Tag Manager and Mapbox. However, the website suffers from significant security shortcomings, notably the absence of a valid SSL certificate and lack of modern TLS protocols, which undermines user trust and data protection. DNS records are properly configured with SPF and DMARC, indicating some email security awareness. Cookie consent mechanisms are implemented in compliance with GDPR, enhancing privacy transparency. Overall, the site demonstrates good business professionalism but requires urgent security improvements to protect customer data and maintain regulatory compliance.

E

Ersparniskasse Speicher

ersparniskassespeicher.ch

0

Ersparniskasse Speicher is a small, regional banking institution based in Switzerland, founded in 1819, serving the local community of Speicher and surrounding areas. It offers traditional banking services such as savings accounts, mortgage lending, and e-banking. The website reflects a well-established local bank with a strong historical presence and community focus. Technically, the website is built on WordPress with standard web technologies including jQuery and Google Maps integration. However, the site suffers from significant security shortcomings, including the absence of a valid SSL certificate and lack of modern TLS protocols, which exposes users to potential risks. The site also lacks visible cookie consent mechanisms and formal security or incident response policies, indicating gaps in compliance and security maturity. Overall, while the business is well-positioned locally with clear contact information and good content quality, the digital security posture requires urgent improvements to protect customer data and enhance trust.

H

HBL Solutions

hblsolutions.ch

0

HBL Solutions is a Swiss Banking-as-a-Service provider operating under the regulated banking license of Hypothekarbank Lenzburg AG. The company specializes in embedding banking products such as accounts, cards, payments, securities portfolios, and pension plans into the digital customer journeys of partner companies. Their market position is that of a Swiss pioneer in embedded and open finance, supported by a robust banking infrastructure and regulatory compliance. Technically, the website is built on Umbraco CMS with modern JavaScript libraries like Swiper.js and jQuery, and employs Cookiebot for GDPR-compliant cookie consent management. However, the absence of a valid SSL certificate is a critical security gap. The security posture shows strengths in regulatory compliance and consent management but weaknesses in transport security and DNS security features. Overall, the business is well-positioned in the Swiss finance sector with a clear focus on embedded finance, but should urgently address SSL and DNS security to improve trust and compliance.

F

Finstar AG

finstar.ch

0

Finstar AG is a Swiss-based company specializing in integrated IT solutions for private and universal banks as well as fintechs. With over 40 years of experience, the company offers customized and cost-effective banking software and services, positioning itself as a trusted partner in the financial technology sector. Their offerings include a broad range of products and services such as APIs, digital onboarding, and digital asset platforms, supported by a strong ecosystem of partner banks and financial institutions. The company is a subsidiary of Hypothekarbank Lenzburg AG and holds the prestigious 'swiss made software' label, underscoring its commitment to quality and reliability. Technically, the website is built on the Umbraco CMS and leverages modern JavaScript libraries including GSAP and ScrollMagic for enhanced user experience. It integrates Cookiebot for GDPR-compliant cookie consent management and Google Tag Manager for analytics and marketing. However, the website currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical security gap. Performance is slow, likely due to the large page size and resource count, but mobile optimization and accessibility are rated good. From a security perspective, the domain has well-configured SPF and DMARC records with a strict reject policy, reducing email spoofing risks. Despite this, the absence of HTTPS and security headers significantly lowers the security posture. No explicit security policy, incident response contacts, or vulnerability disclosure mechanisms were found. The cookie consent mechanism is comprehensive and transparent, supporting GDPR compliance. Overall, Finstar AG presents a professional and trustworthy digital presence with strong business credentials and compliance in privacy and cookie management. The primary risk lies in the lack of HTTPS, which should be addressed urgently to protect user data and maintain trust. Strategic improvements in security infrastructure and transparency around security policies would enhance the company's risk profile and customer confidence.

H

Hypothekarbank Lenzburg AG

hblasset.ch

0

HBL Asset Management, a brand of Hypothekarbank Lenzburg AG, operates a professional asset management and investment product platform targeting private investors primarily in Switzerland. The website offers financial market news, investment insights, and profiling tools to support investor decision-making. Technically, the site is built on the Umbraco CMS and integrates several modern web technologies including Google Analytics, Cookiebot for GDPR-compliant cookie consent, and Google Tag Manager. However, the site lacks HTTPS encryption, which is a critical security deficiency. While cookie consent and privacy policies are well implemented, the absence of SSL/TLS and security headers exposes users to risks. The company maintains a strong digital presence with social media integration and clear contact information, but should urgently address security gaps to protect user data and enhance trust.

H

Hypothekarbank Lenzburg AG

hbl.ch

0

Hypothekarbank Lenzburg AG is a Swiss regional bank offering a hybrid model of digital and personal banking services targeting private and corporate customers. The website reflects a mature digital presence with comprehensive service offerings including e-banking, mortgages, savings, investments, and financial planning. The bank positions itself as a trusted regional financial institution with a focus on customer-centric solutions. Technically, the website is built on Umbraco CMS and leverages modern frontend libraries such as Swiper, GSAP, and Cookiebot for consent management. However, the current SSL/TLS configuration is invalid, which poses a significant security risk and undermines user trust. Security headers like SPF and DMARC are properly configured, but the absence of DNSSEC, CAA, and HSTS reduces the overall security posture. The site employs extensive tracking and advertising technologies including Google Analytics, TikTok, and Meta Platforms, with a robust cookie consent mechanism ensuring GDPR compliance. Overall, the bank demonstrates a strong market position with a professional and user-friendly website but must urgently address SSL/TLS issues to maintain security and trust.

4

42matters AG

42matters.com

0

42matters AG is a technology company specializing in mobile and connected TV (CTV) app intelligence solutions. Their offerings include a comprehensive app market explorer, APIs for real-time app data access, and bulk file dumps for large-scale data ingestion. Positioned as a leading provider in the app intelligence market, 42matters serves a diverse clientele including ad tech firms, cybersecurity companies, SDK developers, and marketing agencies. The company is part of the Similarweb family, enhancing its market reach and capabilities. Technically, the website is built on a modern Next.js and React framework, hosted on Amazon AWS infrastructure. It employs multiple analytics and marketing tools such as Google Tag Manager, HubSpot, Microsoft Clarity, and Visual Website Optimizer, indicating a mature digital marketing and analytics strategy. Performance is moderate with room for optimization, and mobile responsiveness is good. SEO practices are well implemented with comprehensive metadata and Open Graph tags. From a security perspective, the site uses a valid Amazon-issued SSL certificate but lacks advanced TLS protocol support and security headers like HSTS, DNSSEC, and CAA records. No explicit security or incident response policies are publicly available, which may represent an area for improvement. The cookie consent mechanism is robust and GDPR compliant, reflecting good privacy practices. Overall, 42matters demonstrates a strong market position with excellent content quality and trust indicators. Security posture is adequate but could be enhanced by adopting additional best practices. Strategic recommendations include improving TLS support, enabling DNSSEC, and publishing detailed security policies to bolster trust and compliance.

F

Fim Europe

fim-europe.com

0

Fim Europe is a prominent European motorcycling union serving as a governing body for motorcycling sports across Europe. The organization provides regulatory frameworks, organizes sporting events, and disseminates news and information to motorcycling enthusiasts and federations. Positioned as a leading entity in the transportation sports sector, Fim Europe targets motorcycling participants, federations, and stakeholders with a non-profit business model focused on sport governance and community engagement. The website reflects a medium-sized organization headquartered in Switzerland with additional offices in Italy. Technically, the website is built on WordPress with a mature technology stack including jQuery, Owl Carousel, and various WordPress plugins such as Yoast SEO and Contact Form 7. Hosting is provided by DreamHost. Performance is moderate with room for optimization, and mobile responsiveness is good. SEO practices are well implemented, and social media integration is robust. From a security perspective, the site has a valid SSL certificate but lacks modern TLS protocol support and security headers. No DNSSEC or CAA records are configured, which could improve domain security. Cookie consent mechanisms and privacy policies are in place and GDPR compliant. However, no explicit security policy or incident response information is found, and no vulnerability disclosure or security.txt file is present. Overall, Fim Europe’s website is professional and trustworthy with good content quality and user experience. Security posture is adequate but could benefit from enhancements in SSL configuration, security headers, and incident response transparency. Strategic improvements in these areas would strengthen trust and compliance, supporting the organization's reputation and operational resilience.

The website demonstrates a generally strong security posture with no critical or high severity issues detected. Core protections such as SSL/TLS and network security are fully implemented and scored at 100, ensuring secure data transmission and robust infrastructure defenses. However, there are medium-level concerns related to missing or incomplete security headers, lack of DNSSEC implementation, and non-compliance with GDPR and NIS2 regulatory frameworks, which could expose the business to data protection risks and regulatory penalties. Low-level issues like complex SPF records and missing CAA records indicate areas for improvement in email authentication and certificate management. Addressing these medium and low issues will enhance the website’s resilience against threats, improve compliance, and reduce potential reputational and financial risks. Overall, the business is in a strong position but should prioritize closing regulatory and DNS security gaps to maintain trust and compliance. The proactive remediation of these findings will support long-term security and regulatory adherence.

C

CIEPP

ciepp.ch

0

The website's overall security posture shows strong network security and solid SSL/TLS and DNS configurations, but reveals significant vulnerabilities in privacy compliance, email authentication, and information security governance. Critical gaps exist in GDPR compliance, including missing privacy and cookie policies and consent mechanisms, exposing the business to regulatory and reputational risks. The lack of an information security framework, security policies, and incident response procedures indicates immature security management, increasing exposure to cyber threats and operational disruptions. Email security is critically weak due to missing SPF and DKIM records, raising the risk of phishing and domain spoofing attacks. Security headers are partially implemented but omit key protections against cross-site scripting and feature abuse. Addressing these deficiencies will mitigate regulatory exposure, improve customer trust, and reduce the risk of cyber incidents. Prioritizing compliance and governance controls alongside email security enhancements is vital for business resilience and trustworthiness.

The website demonstrates a moderate security posture with no critical vulnerabilities currently detected; however, there are multiple high and medium risk issues that could expose the business to regulatory non-compliance and cyber threats. Significant gaps exist in privacy compliance, including missing privacy and cookie policies and absence of a consent banner, which expose the business to GDPR fines and reputational damage. The lack of documented information security and incident response policies indicates immature cybersecurity governance, increasing risk during security incidents. Network security weaknesses, such as exposed FTP service and missing DNSSEC, further heighten the risk of unauthorized access and data interception. While email security and SSL/TLS implementations are generally strong, some SSL and HSTS configurations require improvement to maintain secure communications. The overall security headers configuration is suboptimal, missing key protections like Content-Security-Policy, increasing risk of content injection attacks. Immediate attention to governance, privacy compliance, and network service exposure will significantly reduce business risk and improve regulatory adherence. Strengthening these areas will bolster customer trust and reduce potential financial and operational impacts from security incidents.

S

Swissquote

swissquote.ch

0

The website demonstrates a generally strong technical security foundation, with excellent SSL/TLS, network security, and DNS health scores. However, significant gaps exist in compliance with GDPR and NIS2 regulations, indicated by missing privacy and cookie policies, absence of consent mechanisms, and lack of documented security and incident response procedures. These deficiencies expose the business to regulatory risks, potential fines, and reputational damage, especially in regions governed by GDPR and NIS2 mandates. While some medium severity issues like missing X-XSS-Protection header and lack of DKIM records impact security, the primary concern is the absence of governance frameworks and policies. Addressing these will not only reduce compliance risk but also improve overall security posture and stakeholder trust. Immediate prioritization of privacy compliance and formal security documentation is critical to align with legal obligations and industry best practices. The organization's proactive network and SSL/TLS configurations provide a solid base to build upon. Overall, the security posture is solid technically but requires urgent policy and compliance enhancements to mitigate business risks effectively.

The website demonstrates a generally strong network security posture and good email security measures, but critical gaps exist in compliance and governance areas, particularly relating to GDPR and NIS2 requirements. The absence of a cookie policy and consent banner exposes the business to regulatory non-compliance risks and potential fines under GDPR. Key documentation and procedures such as incident response, security policies, and business continuity planning are missing, which heightens operational and security risks. SSL certificate expiry is imminent, threatening site availability and user trust. DNS configuration weaknesses, including an unregistered MX record and lack of DNSSEC, increase exposure to email spoofing and DNS attacks. While security headers are mostly in place, missing permissions-policy headers could allow unnecessary resource access. Overall, the security posture requires urgent attention to governance, compliance, and certificate management to mitigate legal, reputational, and operational risks.

N

Navitrans

navitrans.com

0

The website demonstrates a moderate to low overall security posture with no critical vulnerabilities but multiple high and medium severity issues, primarily related to missing security headers, GDPR compliance gaps, and inadequate security policies. Key risks include exposure of sensitive data due to absent headers like Strict-Transport-Security and Content-Security-Policy, and significant non-compliance with GDPR and NIS2 regulations, which could lead to regulatory fines and reputational damage. Additionally, the presence of a high-risk exposed FTP service and lack of incident response and security documentation pose risks of unauthorized access and inadequate breach handling. SSL/TLS and DNS configurations are fair but require improvements to ensure stronger encryption and domain integrity. Business continuity and vulnerability disclosure policies are also missing, undermining preparedness and transparency. Immediate remediation and policy development are essential to strengthen security, regulatory compliance, and customer trust.

L

Landmark Trust Group

landmarktrustgroup.com

0

The website's overall security posture reveals significant gaps that could expose the business to data breaches, regulatory non-compliance, and reputational damage. Critical security headers are missing, undermining protection against common web attacks such as clickjacking, content injection, and cross-site scripting. GDPR compliance is notably weak, with missing cookie policies and consent mechanisms, risking fines and legal repercussions. The absence of documented information security frameworks, incident response, and business continuity plans highlights operational vulnerabilities according to NIS2 standards. Email security is relatively strong but could be improved further. SSL/TLS and DNS configurations require attention to maintain trust and secure communications. While network security appears robust, foundational web and compliance security improvements are urgently needed to safeguard the business and customer data.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

This website has 2 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

T

Temenos

avoka.com

0

The website exhibits a severely weak security posture, primarily due to the absence of HTTPS encryption, which is classified as critical across multiple standards including GDPR, NIS2, and SSL/TLS assessments. Key security headers are largely missing, leaving the site vulnerable to attacks such as clickjacking, MIME-type sniffing, and cross-site scripting. Compliance with GDPR and NIS2 regulations is notably deficient, with no cookie consent banner, inadequate privacy policies, and lack of documented security and incident response procedures. While network security and DNS health show some strengths, critical email security measures like SPF records are missing, increasing the risk of email spoofing. The overall risk profile exposes the business to regulatory penalties, reputational damage, and potential data breaches. Immediate remediation is necessary to protect customer data, ensure legal compliance, and maintain trust. Without urgent action, the business faces significant operational and financial risks.

The website's overall security posture is currently poor, with critical vulnerabilities severely impacting confidentiality, integrity, and compliance. The most alarming issue is the complete lack of HTTPS encryption, exposing all data transmissions to interception and manipulation, which also violates GDPR and NIS2 regulatory requirements. The absence of a privacy policy and cookie consent mechanisms further exposes the business to legal and reputational risks under data protection laws. Security headers are partially implemented but miss key protections against common web attacks. Email security configurations like DMARC and DKIM are incomplete, increasing the risk of phishing and spoofing. Although network security and DNS health are relatively strong, foundational web security controls and compliance frameworks are lacking. Immediate remediation is necessary to protect customers, maintain trust, and avoid regulatory penalties. This assessment highlights critical gaps in both technical defenses and governance policies that must be addressed promptly.

C

Capefront Energies

naurexgroup.com

0

The website exhibits a poor overall security posture with critical vulnerabilities significantly impacting data protection and regulatory compliance. The absence of HTTPS encryption is a critical failure, exposing user data to interception and undermining trust. Missing key security headers such as Content-Security-Policy and X-Frame-Options increase the risk of cross-site scripting and clickjacking attacks. GDPR compliance is insufficient due to the lack of a cookie consent banner and incomplete privacy policy, risking regulatory penalties and reputational damage. The site also lacks essential NIS2 mandate elements including security policies, incident response procedures, and a vulnerability disclosure policy, indicating immature cybersecurity governance. Email security gaps, notably the missing DMARC record, increase the risk of phishing and email spoofing attacks. DNS security is relatively strong but could be improved with DNSSEC and CAA record implementation. Overall, urgent remediation is needed to protect customer data, ensure regulatory compliance, and maintain business continuity.

C

Crans Montana Forum

cmf.ch

0

The website security assessment reveals a concerning overall security posture, particularly in key areas such as security headers, GDPR compliance, and SSL/TLS configurations. No critical vulnerabilities were found, but multiple high and medium severity issues expose the business to risks including data breaches, regulatory non-compliance, and reputational damage. The absence of important HTTP security headers like Strict-Transport-Security and Content-Security-Policy increases susceptibility to man-in-the-middle attacks and cross-site scripting. GDPR-related deficiencies, including missing privacy and cookie policies and lack of user consent mechanisms, present significant legal and compliance risks. SSL/TLS weaknesses, including weak key lengths and soon-to-expire certificates, threaten the integrity and confidentiality of data in transit. While network security and DNS health scores are relatively strong, gaps in email security and incident response readiness further elevate risk. Immediate remediation efforts should focus on closing these gaps to safeguard customer trust and ensure regulatory adherence.

This website has 1 critical security issue(s) requiring immediate attention. Overall security score: 50/100 (unknown risk level). A comprehensive security review is recommended.

U

UEFA

uefa.org

0

The website uefa.org exhibits a significantly weak security posture, mainly due to the complete lack of HTTPS encryption and non-compliance with GDPR and NIS2 regulations. Critical vulnerabilities in transport layer security and governance frameworks expose the business to data breaches, regulatory fines, and reputational damage. While network security and email security show strengths, the absence of foundational protections undermines overall trust and operational resilience.

J

Julius Baer

juliusbaer.com

0

The website's overall security posture is critically weak, primarily due to the complete lack of HTTPS encryption, which exposes all data transmissions to interception and undermines user trust. GDPR compliance is severely lacking, with no cookie policy or consent mechanisms in place, risking regulatory fines and reputational damage. The absence of fundamental NIS2 security measures, including information security frameworks, incident response procedures, and security policy documentation, further heightens the risk of operational disruptions and non-compliance penalties. While network security and email security show some strengths, these are overshadowed by critical vulnerabilities. Security headers are generally well implemented, but missing the Permissions-Policy header leaves some attack surfaces open. Immediate remediation is crucial to protect customer data, ensure legal compliance, and maintain business continuity. Addressing these issues will also improve stakeholder confidence and reduce exposure to cyber threats.

F

Fédération Patronale et Économique (FPE-CIGA)

federation-patronale.ch

0

The website federation-patronale.ch demonstrates significant security and compliance gaps, particularly in privacy policy adherence and information security governance. While no critical vulnerabilities were found, multiple high-risk issues related to GDPR compliance, security headers, and network exposure pose substantial risks to business reputation and regulatory standing.

The website careers.cern exhibits significant security and compliance gaps, particularly in email authentication, security headers, GDPR compliance, and NIS2 regulatory requirements. These weaknesses expose the organization to data breaches, regulatory penalties, and reputational damage, necessitating urgent remediation to safeguard user data and maintain trust.

The website alumni.cern demonstrates a solid foundational network and SSL/TLS security posture but suffers from significant compliance and governance gaps, particularly related to GDPR and NIS2 requirements. The absence of key privacy policies, incident response procedures, and security frameworks exposes the organization to regulatory risks, reputational harm, and potential operational disruptions.

The website exhibits a concerning security posture with critical gaps in email authentication and fundamental security headers, alongside significant non-compliance with GDPR and NIS2 requirements. These vulnerabilities expose the organization to legal risks, data breaches, and reputational damage. Immediate remediation is necessary to protect user data, ensure regulatory compliance, and maintain stakeholder trust.