CSC, a global leader in digital brand development and protection, has released its sixth annual Domain Security Report. The findings reveal that domain-related vulnerabilities continue to be a critical weakness in corporate cybersecurity strategies. The report assesses the domain security posture of the world’s largest companies on the Forbes Global 2000 list and the top 100 “unicorn” startups, each valued at over $1 billion. According to CircleID, the results are alarming: while cybersecurity technology rapidly advances, the consistent implementation of security measures for the corporate domain – the very foundation of a brand’s digital presence – lags far behind, and its strategic importance is still widely underrated.
Specifically, the report shows that 67 percent of Global 2000 companies have deployed fewer than half of the eight essential domain security measures. These include DMARC (an email authentication protocol), DNS redundancy (distributing domain servers across multiple providers), registry lock, and DNSSEC. Attackers actively exploit these gaps, for instance, by registering large numbers of lookalike domains. A CSC analysis found that 88 percent of domains visually similar to Global 2000 brands are owned by third parties, many of which host active email servers, making them potent tools for phishing and fraud.
On a positive note, DMARC adoption is rising, partly driven by regulatory efforts in certain countries. Its implementation among Global 2000 firms grew from 39 percent in 2020 to 80 percent in 2025. Yet significant regional disparities remain: 85 percent of companies without DMARC are in the Asia-Pacific region, where adoption rates are still low. DNSSEC adoption has quadrupled over six years but still reaches only 11 percent of companies - an alarming figure given its role in authenticating DNS responses and preventing malicious traffic redirection.
CSC also underscores the clear advantage of using enterprise-grade registrars. Clients of these specialized services show markedly higher adoption rates for critical security measures. For example, registry lock adoption among Global 2000 companies using enterprise registrars is six times higher than among those relying on consumer-grade providers. This measure is vital for preventing unauthorized DNS changes, particularly in cases of account compromise.
Unicorn companies, especially in AI and fintech, present a mixed picture. While they lead in adopting simpler DNS security protocols like SPF and DMARC, they lag behind in more complex infrastructure practices such as DNS redundancy and registry lock. This pattern highlights their agility and technical skill but also points to heightened risks as these businesses grow.
The report’s overarching conclusion is clear: as attack vectors expand and grow more sophisticated, often augmented by AI, domain security must become an integral component of corporate risk management. The cost of inaction extends beyond operational disruption or regulatory penalties; it includes systemic vulnerability of digital transaction, erosion of customer trust, and disruption of supply chains.
