Despite gradual improvements, many of the world’s largest companies remain exposed to domain-based cyber risks as attackers increasingly exploit weaknesses outside the traditional corporate firewall.

That’s according to Corporation Service Co.‘s Domain Security Report 2026, released today. It examines the domain security posture of Forbes Global 2000 companies and compares them with the world’s top 100 unicorns to highlight persistent gaps that could allow for phishing, ransomware and brand abuse attacks.

According to the report, compromised, hijacked or maliciously registered domains are now routinely used to launch attacks such as business email compromise, impersonation and malware delivery. Despite this, 67% of Global 2000 companies were found to have implemented fewer than half of the recommended domain security measures, leaving a large portion of enterprises vulnerable.

While some companies fell short, others were heading in the right direction. The adoption of domain-based message authentication, reporting and conformance was found to have risen sharply. That’s driven in part by regulatory pressure such as the European Union’s Network and Information Security Directive 2 directive. Among Global 2000 companies, adoption of DMARC — Domain-based Message Authentication, Reporting and Conformance, an email security protocol — rose from 39% in 2020 to nearly 80% in 2025.

Other areas of domain security were nowhere near as high. Only about 11% of Global 2000 companies were found to have deployed DNS security extensions and registry lock adoption remains below 25%, despite registry locks being one of the strongest defenses against domain hijacking.

The report contrasts established enterprises and high-growth tech unicorns and, not surprisingly, the high-profile tech companies show stronger adoption of DNS-based controls such as Sender Policy Framework, DomainKeys Identified Mail, DMARC, Domain Name System Security Extensions and certificate authority authorization records. According to CSC’s researchers, this is likely thanks to smaller, more agile information technology teams with strong DNS expertise.

However, even unicorns fall short in some areas, such as nearly 90% relying on a single cloud infrastructure and only 1% using DNS redundancy, creating potential single points of failure as they scale.

The report also highlights the role of registrars in shaping security outcomes. Companies using enterprise-class registrars were found to demonstrate significantly higher adoption of registry locks and other protections compared with those relying on consumer-grade registrars, many of which do not support advanced security features. CSC warns that misplaced trust in consumer registrars can expose organizations to domain hijacking, dangling DNS records and impersonation attacks.

“Companies continue slowly to increase their domain security, however there’s still more work needed for improvement among the largest companies in the world,” the report concludes. “We believe that government interventions with legislation such as NIS2 will create more emphasis on driving these changes quicker, especially as we see a continued growth of cyber attacks against multinational companies.”

Image: SiliconANGLE/Ideogram