CSC's Domain Security Report 2026 Finds Unicorns Outpace Global 2000 Companies in Five out of Eight Domain Security Categories

WILMINGTON, Del.— CSC, an enterprise-class domain registrar and world leader in mitigating brand, fraud, domain, and domain name system (DNS) threats, today released its Domain Security Report 2026, which found that unicorns—privately owned start-ups or relatively new innovative companies with a valuation of over $1 billion—have a higher score than the Forbes Global 2000 companies in five out of eight domain security capabilities. While significantly more unicorns sit in the middle range for domain risk scores compared to the Global 2000, they tend to lack more advanced security protocols, such as registry lock and DNS redundancy.

CSC’s Domain Security Report 2026 analyzes the security posture of the Global 2000 based on their adoption of key domain security features like type of registrar, registry lock, certificate authority authorization (CAA) records, DNS redundancy, DNS security extensions (DNSSEC), sender policy framework (SPF), DomainKeys Identified Mail (DKIM), and domain-based message authentication, reporting, and conformance (DMARC). Now in its sixth year, the annual report also compared the domain security practices of the Global 2000 with those of the world’s top 100 unicorns to determine if newer start-ups are more attuned to domain security risks and have the ability to implement the right practices to address such risks.

The majority of the top 100 unicorns are IT companies, with many in the artificial intelligence (AI) industry. Teams managing the domain names for the unicorns are likely IT professionals with good knowledge of the security protocols available within DNS. This could explain why they lead in many of the security features that are managed through DNS records, yet only 1% employ DNS redundancy and close to 90% use a single cloud infrastructure. The adoption of advanced domain security measures could be low due to higher use of consumer-grade registrars, which often do not prioritize or even offer certain domain security measures.

“Domain names, DNS, and brand trust are fundamental to our online presence. Long-overlooked dependencies will compound cyber risks as new AI and IT stacks emerge,” states Vincent D’Angelo, senior director at CSC. “It’s encouraging to see unicorns adopting strong domain security practices early, yet much work remains. As these new tech platforms scale, continued prioritization of domain security will be essential to reducing cybercrime, strengthening trust and safety, and lowering systemic risk across customer and partner supply chains.”

Additional key insights from CSC’s research on the Global 2000 include:

• The semiconductor and banking industries show the most significant rise in overall domain security scores over the past year, increasing their rankings by five places each. The rapid growth in security posture for the two industries could be in response to the parallel growth in artificial intelligence and FinTech technology over the past year, coupled with more stringent cybersecurity demands from regional governments and agencies.

• The disparity in registry lock adoption between Global 2000 companies using enterprise-class vs. consumer-grade registrar is more than six times. Registry locks offer one of the strongest defenses against domain hijacking, but due to the resources required to support this service, most consumer-grade registrars are unable to offer it.

• 88% of the registered web domains that resemble Global 2000 brands (homoglyphs) are owned by third parties and do not belong to the brand—up 8% since last year’s report. Homoglyphs are one of the most egregious attack methods used by threat actors to exploit trusted brands through fraudulent websites, false advertisements, phishing emails and other malicious content meant to trick consumers.

• DMARC rose quickly from 39% in 2020 to 80% in 2025—the fastest growth among domain security measures. The increase in volume and complexity of phishing attacks, along with the European Union’s Network and Information Security 2 (NIS2) directive coming into effect in October 2024, could be driving factors for this accelerated adoption.

The domain landscape faces rapid evolution as cyber threat actors become more efficient, regulations like NIS2 pay greater attention to domain security, and life cycles for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) digital certificates will begin to shrink in 2026, significantly impacting current domain management policies for many organizations. CSC continues to publish its annual Domain Security Report to keep organizations informed on the challenges that could disrupt their business operations within this shifting landscape, along with the domain security practices that can help them stay ahead of emerging risks.

To learn more about CSC’s approach to domain security, visit cscdbs.com. Download the Domain Security Report 2026 now at cscdbs.com/en/resources/domain-security-report-2026/.

About CSC

CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand^®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec^SM platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC’s proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit cscdbs.com.