SEKOIA ASSESSES ITS SOVEREIGNTY POSTURE
In a remarkable stance, SEKOIA has checked its sovereign posture against EU criteri.
POINTSHARP
As our readers know, Pointsharp has its roots in Sweden, Germany, and Denmark. « When we talk about the benefits of solutions made in Europe, especially as the world around us changes, it is not a slogan or tagline. To further highlight our European roots, we are happy to have been awarded two new certificates that emphasize the benefits of our solutions being developed and hosted in Europe. Over in the UK, the National Cyber Security Centre (NCSC) has finally shifted from recommending passwords for security to recommending passkeys. Since we are a leading player in enterprise passkey management, offering a full management suite with on-premises and Windows login support, we are happy to see European government agencies pivoting to what we have been building for years.Speaking of passkeys, we recently added Swissbit as a technology partner, giving you more options when implementing security keys in your organization, whether based on passkeys or certificates. »
IS YOUR DOMAIN ONE OF THE 77.6%? By Guardian360
Why email impersonation remains Europe’s most underestimated cyber risk?
How confident are you that no one can send emails pretending to be your organisation? For most
European organisations, the honest answer is: not confident at all.
Together with DMARC Advisor, Guardian360 analysed the DMARC configuration of 10,833
domains across 17 industries and four European countries. The goal was simple: to get a clear,
evidence-based picture of how well organisations protect their email domains against spoofing,
phishing and Business Email Compromise (BEC). The findings are sobering.
A SNAPOSHOT OF EUROPEAN EMAIL (IN) SECURITY
• 77.6% of domains are not fully protected against email impersonation.
• 25.8% have no DMARC record at all, meaning anyone can impersonate their domain.
• Only 22.4% enforce p=“reject”, the only DMARC policy that actively blocks spoofed emails
before they reach a recipient’s inbox.
• Transport and Legal are the most exposed sectors, with the lowest DMARC adoption rates
of all industries surveyed.
WHY THIS MATTERS FOR EUROPEAN CHAMPIONS
Email remains the number one attack vector in Europe. Without proper DMARC enforcement,
criminals can send messages that appear to come directly from your CEO, your CFO or your
supplier, and there is nothing technical to stop them.
The consequences are well documented:
fraudulent invoices, stolen credentials, ransomware footholds, and increasingly reputational
damage when customers and partners receive convincing phishing emails sent in your name.
The regulatory context is also shifting fast. With the NIS2 audit deadline approaching, email
authentication is no longer a “nice to have”. Boards and auditors will increasingly ask a simple
question: can you prove that no one can send email in your name? For three out of four European
organisations, the answer today is no.
TWO RECOMMENDATIONS TO ACT ON THIS WEEK
1. Check your own DMARC record today. It takes minutes. If your domain has no DMARC
record, or is stuck on p=“none”, you are visible in our 77.6%. Move towards p=“quarantine” and
ultimately p=“reject”, with proper monitoring in place to avoid disrupting legitimate mail flows.
2. Treat DMARC as a board-level metric, not an IT detail. Just as you track patching or MFA
coverage, the percentage of your domains under p=“reject” should be a recurring KPI in your
security reporting. It is one of the few cyber controls that is cheap, measurable, and directly tied to
brand protection.
READ THE FULL BENCHMARK REPORT
Guardian360 has compiled all findings into a comprehensive benchmark report that is free to
download, with no registration or sign-up required. It includes detailed breakdowns per
industry, per country and per DMARC policy level, together with practical recommendations.
Download the DMARC Benchmark Report 2026
By Jan Martijn Broekhof, CEO and founder of Guardian360
