When a Letterkenny accountancy firm ran the Digital Trust Mark assessment for the first time, they expected to pass easily. Their website had been running for years, their emails worked, and nobody had ever complained. They scored 41%. The report listed failures across every category — HTTPS redirect issues, no DMARC policy, outdated TLS protocols, and missing security headers. The firm's director called us the same afternoon. "We had no idea," he said. "Where do we even start?"
That experience is typical. Most Irish businesses we work with score between 30% and 55% on their first Digital Trust check. The failures are not random — they cluster around the same five categories every time. The good news is that every common failure has a fix, and most of them can be resolved in a single afternoon without specialist equipment or an enterprise IT budget.
This article walks through the five categories the Digital Trust Mark tests, explains the most frequent failures in each, and gives you the steps to fix them.
Not sure where your score is failing? Book a free 20-minute strategy call — we review Digital Trust reports with Irish businesses every week and can tell you exactly what to prioritise.
WHAT: The Five Categories the Digital Trust Mark Tests
Category 1 — Website and HTTPS. This checks whether your website is served securely over HTTPS and whether the redirect from HTTP is configured correctly. The most common failure is that visitors can still access your site over plain HTTP — meaning any data they enter, including login credentials and form submissions, can potentially be intercepted. The fix is straightforward: configure a permanent 301 redirect from HTTP to HTTPS in your hosting control panel. If you use Cloudflare, enable "Always Use HTTPS" under SSL/TLS settings. Once HTTPS is working, add an HSTS header — this tells browsers to always use HTTPS from the first request, closing the gap that exists before a redirect can fire.
Category 2 — TLS and Encryption. This checks the strength of the encrypted connection your website offers visitors. The most common failure is that your server still accepts connections using TLS 1.0 or TLS 1.1 — protocols deprecated in 2021 because of known vulnerabilities. Disable these in your hosting control panel or ask your hosting provider to update the server configuration. Mozilla's SSL Configuration Generator will produce the correct settings for any server type.
Category 3 — Email Authentication. This is where most Irish businesses lose the most points. Email authentication — SPF, DKIM, and DMARC — prevents criminals from sending emails that appear to come from your domain. Business email compromise, the attack that cost Irish businesses millions in 2025, relies almost entirely on the absence of these controls. SPF tells receiving servers which mail servers are authorised to send on your behalf. DKIM adds a cryptographic signature to your outgoing emails. DMARC tells receiving servers what to do when an email fails SPF or DKIM — quarantine it or reject it outright.[^1] Get SPF and DKIM working first, then add DMARC. Rushing to a reject policy without confirming your legitimate emails are passing will cause your own emails to be blocked.
Category 4 — DNS and Domain Protection. DNSSEC adds cryptographic signatures to your domain's DNS records, preventing attackers from redirecting your visitors to a fake version of your website without anyone noticing. Enabling DNSSEC requires action at two levels — your DNS provider and your domain registrar. If you use Cloudflare for DNS, enable DNSSEC in the DNS settings and then copy the DS record Cloudflare provides into your registrar's DNSSEC settings. Both steps are required. The most common failure is enabling DNSSEC at Cloudflare but forgetting to add the DS record at the registrar, which breaks DNS for your domain entirely.[^2]
Category 5 — HTTP Security Headers. Security headers tell browsers how to behave when loading your website. Without them, visitors are vulnerable to clickjacking, content injection, and cross-site scripting even if your website code is perfectly written. The most impactful headers to add are X-Frame-Options (prevents your site being embedded in iframes), X-Content-Type-Options (prevents browser content sniffing), and Referrer-Policy (controls what URL information is sent to external sites). These can be added through Cloudflare Transform Rules or directly in your server configuration.
WHAT NOW: Where to Start if Your Score Is Below 60%
The fix priority order matters. Some failures have a much larger impact on your score than others, and some require other fixes to be in place first.
Start with HTTPS and the redirect. This is foundational — nothing else works properly without it. Then add SPF, enable DKIM through your email provider's admin console, and add a DMARC record at the quarantine level. Once your legitimate emails are confirmed to be passing the DMARC checks, upgrade to reject. Steps one through four can typically be completed in a single afternoon.
After email authentication, address TLS configuration and security headers. These have a lower impact on your score individually, but they are quick to fix and the cumulative effect is significant. DNS and DNSSEC come last — the process takes 24 to 48 hours for propagation and requires care to avoid disrupting your DNS.
The NCSC Ireland has published guidance on email security and web security configuration that is directly applicable to these fixes.[^3] The Data Protection Commission expects organisations to implement appropriate technical measures to protect personal data — and a website that leaks data through insecure HTTP connections is a GDPR compliance issue, not just a technical one.
WHY IT MATTERS: Digital Trust and the Irish Business Context
The Digital Trust Mark is not just a badge. It signals to customers, suppliers, and partners that your business takes basic digital hygiene seriously. For Irish businesses seeking to pass supplier audits, win public sector contracts, or simply reassure customers who are increasingly security-conscious, the mark has genuine commercial value.
An Garda Síochána's National Cyber Crime Bureau consistently reports that Irish businesses are disproportionately targeted by email fraud, much of it enabled by the absence of DMARC. A DMARC reject policy on your domain removes your business email from the toolkit of every criminal attempting to impersonate you.
Email fraud costs Irish businesses millions every year — and the DMARC fix takes one afternoon.
WHAT NEXT: Three Actions This Week
1. Check your score. Run the free 27-point audit at our Digital Trust Checker or through the official DigitalTrust.ie assessment. Identify which categories are failing before you start fixing.
2. Fix email authentication first. Add an SPF record if you do not have one, enable DKIM signing through your email provider, and add a DMARC record at quarantine level. This single set of changes typically adds 15 to 20 percentage points to your score and closes the most commonly exploited attack vector.
3. Submit for the official assessment when you are above 60%. The Digital Trust Mark assessment costs €89 ex VAT and results are delivered the next working day. If you pass, you receive a certification badge and a listing on the DigitalTrust.ie registry.
Related Reading
- How to Choose a Managed Security Service Provider in Ireland
- Microsoft 365 Security Settings Every Irish SME Should Enable Today
- NIS2 Compliance for Donegal Hospitality
[^1]: NCSC Ireland — advice for organisations on email security: https://www.ncsc.gov.ie/advice-for-organisations/ [^2]: An Garda Síochána — National Cyber Crime Bureau on email fraud: https://www.garda.ie/en/crime/cyber-crime/ [^3]: Data Protection Commission Ireland — technical and organisational measures: https://www.dataprotection.ie
Pragmatic Security — Cybersecurity advisory for Irish businesses. Based in Donegal, Ireland. CISA, CISSP, CISM certified advisors.