Legacy domains still dominate corporate strategy as new extensions grow, leaving firms to navigate rising fraud risks and a fragmented, fast-evolving digital naming landscape.

A new report from CSC finds that, despite an expanding universe of web addresses, corporate domain strategies remain anchored in familiar ground. Extensions such as “.com” and “.net” continue to dominate global rankings, reflecting their universal recognition and ease of use. Other long-established domains, including “.org”, “.biz” and “.info”, also feature prominently, underscoring the enduring appeal of unrestricted, globally accessible addresses.

Geography shapes registration patterns

Beneath this global consistency lies regional variation. European firms, for instance, are more likely to register country-specific domains such as “.co.uk” or “.fr”, partly due to regulatory requirements and local market priorities. In Asia-Pacific, companies often adopt hybrid structures like “.com.sg” or “.co.nz”, reflecting layered national systems. North American firms, by contrast, rely more heavily on global domains, though they still maintain international portfolios for market access and brand protection.

New domains lag in corporate adoption

While newer generic top-level domains (gTLDs) such as “.xyz”, “.shop” and “.online” have gained popularity among consumers, they have yet to achieve widespread adoption among large corporations. When firms do register them, it is often for defensive reasons. Companies seek to secure geographic identifiers, pre-empt phishing risks, or block potentially damaging associations with sensitive extensions like “.sucks” or “.adult”.

Fraud thrives in open ecosystems

Security concerns are a central theme of the report. CSC’s analysis shows that “.com” accounts for nearly half of fraudulent domain takedowns, with gTLDs making up roughly 75% of such activity. Their low cost and minimal registration barriers make them attractive to cybercriminals. Meanwhile, certain country-code domains—such as “.co”, “.tv” and “.cc”—have evolved into globalised “quasi-gTLDs”, further blurring the line between geographic and generic usage, and expanding the attack surface for fraud.

The rapid rise of “.ai”

One of the most notable shifts is the surge in “.ai” domains, driven by the boom in artificial intelligence. Registrations increased tenfold between 2022 and 2025, with the extension accounting for a growing share of the global market. This growth has delivered a windfall to Anguilla, the domain’s home territory, while also fuelling a lucrative resale market. Yet risks are mounting: more than half of “.ai” domains associated with major brands are now owned by third parties, exposing companies to potential misuse.

A more strategic approach to protection

Taken together, these trends point to a more complex domain landscape. Registering every possible variation is neither practical nor economical. Instead, CSC argues that firms must adopt a targeted strategy—prioritising high-risk extensions, monitoring emerging threats, and using tools such as domain blocking and brand surveillance.

As digital identities become ever more valuable, domain management is shifting from a technical necessity to a strategic imperative. Firms that fail to adapt may find that their most valuable assets—their names—are increasingly contested in the online world.