Key Takeaways:
- Many of the world’s largest companies remain exposed to domain-based cyber risks due to inadequate security measures.
- 67% of Global 2000 companies have implemented fewer than half of the recommended domain security measures.
- Adoption of domain-based message authentication, reporting, and conformance (DMARC) has risen sharply, driven by regulatory pressure.
- High-growth tech unicorns show stronger adoption of DNS-based controls, but still fall short in some areas, such as DNS redundancy.
- Companies using enterprise-class registrars demonstrate higher adoption of registry locks and other protections compared to those relying on consumer-grade registrars.
Introduction to Domain Security Risks
Despite gradual improvements, many of the world’s largest companies remain exposed to domain-based cyber risks as attackers increasingly exploit weaknesses outside the traditional corporate firewall. According to Corporation Service Co.’s Domain Security Report 2026, compromised, hijacked, or maliciously registered domains are now routinely used to launch attacks such as business email compromise, impersonation, and malware delivery. This highlights the need for companies to prioritize domain security and implement robust measures to protect themselves against these types of threats.
Domain Security Posture of Global 2000 Companies
The report examines the domain security posture of Forbes Global 2000 companies and compares them with the world’s top 100 unicorns to highlight persistent gaps that could allow for phishing, ransomware, and brand abuse attacks. The findings show that 67% of Global 2000 companies have implemented fewer than half of the recommended domain security measures, leaving a large portion of enterprises vulnerable to cyber attacks. This is a concerning statistic, as it suggests that many companies are not taking adequate steps to protect themselves against domain-based cyber risks.
Adoption of Domain-Based Security Measures
While some companies fell short, others were heading in the right direction. The adoption of domain-based message authentication, reporting, and conformance (DMARC) has risen sharply, driven in part by regulatory pressure such as the European Union’s Network and Information Security Directive 2 directive. Among Global 2000 companies, adoption of DMARC rose from 39% in 2020 to nearly 80% in 2025. This is a positive trend, as DMARC is an important security protocol that helps to prevent email spoofing and phishing attacks.
Comparison with High-Growth Tech Unicorns
The report contrasts established enterprises and high-growth tech unicorns, and the findings show that high-profile tech companies show stronger adoption of DNS-based controls such as Sender Policy Framework, DomainKeys Identified Mail, DMARC, Domain Name System Security Extensions, and certificate authority authorization records. According to CSC’s researchers, this is likely thanks to smaller, more agile information technology teams with strong DNS expertise. However, even unicorns fall short in some areas, such as nearly 90% relying on a single cloud infrastructure and only 1% using DNS redundancy, creating potential single points of failure as they scale.
Role of Registrars in Shaping Security Outcomes
The report also highlights the role of registrars in shaping security outcomes. Companies using enterprise-class registrars were found to demonstrate significantly higher adoption of registry locks and other protections compared with those relying on consumer-grade registrars, many of which do not support advanced security features. CSC warns that misplaced trust in consumer registrars can expose organizations to domain hijacking, dangling DNS records, and impersonation attacks. This emphasizes the importance of choosing a reputable and secure registrar to manage domain registrations.
Conclusion and Future Outlook
The report concludes that companies continue to slowly increase their domain security, but there is still more work needed for improvement among the largest companies in the world. The authors believe that government interventions with legislation such as NIS2 will create more emphasis on driving these changes quicker, especially as we see a continued growth of cyber attacks against multinational companies. As the threat landscape continues to evolve, it is essential for companies to prioritize domain security and stay ahead of potential threats. By implementing robust security measures and staying informed about the latest trends and best practices, companies can reduce their risk of falling victim to domain-based cyber attacks.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights, and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI, and theCUBE SuperStudios, SiliconANGLE Media operates at the intersection of media, technology, and AI. Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals.
