We’ve been publishing our Domain Security Report for six years now, and it continues to highlight risks many organizations overlook.

In this article, we examine the significant findings from our 2026 report, and shine a light on areas that are easy to overlook in a cybersecurity set-up. This matters because, as reported by CISA, over 90% of successful cyberattacks start with a domain name.

What we found

• DMARC adoption increased to 80% across all Global 2000 companies.
• Companies in APAC saw the largest increase in security measures, though they remain well below EMEA and the Americas.
• DNS redundancy declined to 11% from 19% in 2020.
• The semiconductor and banking industries showed the most significant rise in overall rankings over the past year.

Strong growth in DMARC usage

An area where we’ve seen a large increase in the past six years is the use of DMARC records on the DNS. The main reason is to reduce the risk of phishing attacks that spoof domain names. This service can sometimes be complicated to integrate, due to the range of uses for vital domain names. But it clearly shows that security professionals see it as an effective way to reduce one threat vector.

DNSSEC use is rising, but still low

On a smaller scale, DNSSEC usage has also grown from 3% to 11% in the last six years. DNSSEC can prevent man-in-the-middle attacks—in many ways it works like a digital certificate, creating trusted links between nameservers.

In some countries, governments have made this mandatory when working with their agencies. This means their supply chains all follow the same cybersecurity protocols. But with only 11% of Global 2000 companies using DNSSEC, this is still an area that needs greater uptake.

DNS redundancy drops despite regulatory push

Interestingly, DNS redundancy has declined in the past six years, from 19% to 11%. One way to protect DNS is to run a dual infrastructure. However, there’s been a trend towards using cloud DNS providers. While these do provide strong DNS, they rely on a single infrastructure, which poses risks.

In October 2024, the EU brought in the NIS2 directive to make sure companies in critical industries bring in greater redundancy and clear backup protocols. We expect this change to drive an increase in DNS redundancy—although it’s worth noting EMEA already has the largest adoption of dual DNS.

APAC sees improvement, but is still behind

When we looked at regional differences in the data, we saw that APAC-based companies made the biggest gains across security measures. But adoption levels remain lower than those in EMEA and the Americas. Of the 87 companies with no security measures in place, nearly all are based in the APAC region.

As security practices develop in this region, we believe this is where we’ll see significant growth in future. But it may take some time and could be linked to larger global expansion plans for some of these companies.

Semiconductor and banking sectors are climbing the ranks

The final finding focuses on industries within the Global 2000. The most improved sectors were semiconductors and banking. With semiconductors playing a central role in AI technology, it’s not surprising to see those companies shoring up their security measures. It might also be a response to the need to protect intellectual property and make it a harder target for hackers.

The highest-scoring industries remain IT software and services, and media—both of which rely heavily on the internet. In contrast, the lowest performing are construction and minerals, which tend to have less digital dependence.

See how your sector stacks up: Download the Domain Security Report 2026 for detailed data, regional, and industry breakdowns, and steps you can take to improve your organization’s domain security.