Guest commentary · KPMG

Cybersecurity 2026: Why we’re discussing quantum computers but getting stuck on the ‘Update’ button

We humans really are a fascinating species: in strategic decision-making meetings, we discuss highly complex AI scenarios for the future, whilst at the same time, in our everyday lives, we struggle with something as simple as an ‘update’ button. An assessment of digital sovereignty.

kpmg_portrait

Robert Lamprecht, Cybersecurity Partner at KPMG Austria.

It’s not a question of ‘if’, but only of ‘when’.” Admittedly, this phrase has been on a never-ending loop in our cybersecurity bubble for some time now. But the days when we could spot attackers by their clumsily translated phishing emails are well and truly over. Today, artificial intelligence dictates the new rules of the game: attacks are highly automated and target precisely those vulnerabilities in the tech stack that cause the most damage. Anyone who still believes that cybercriminals are stereotypical hackers in hoodies is confusing the reality of 2026 with a dusty old streaming series. We’ve long since been dealing with highly professional, AI-powered tech companies – it’s just that their business model happens to be illegal.

Let us face the uncomfortable truth: the playing field has shifted radically. The geopolitical crises of recent years and the rapidly advancing professionalisation driven by criminal GenAI ecosystems have transformed cyberspace into a highly volatile, global arena for projecting power. This is no longer about isolated digital incidents, but about strategic, AI-driven conflicts over critical infrastructure on a global scale.

"We’re essentially designing a high-tech safe door for a wooden hut – and then we’re surprised when the intruder simply climbs in through the open window."

Robert Lamprecht · KPMG

Whilst we in the tech bubble are philosophising about highly complex AI scenarios for the future, reality is giving us the cold shoulder: According to the 11th edition of the KPMG & KSÖ study ‘Cybersecurity in Austria 2026’, more than 40 per cent of successful cyberattacks are attributable to poor patch management.

At the same time, the current situation reveals a major Achilles’ heel in our economy: our digital dependence is alarmingly high. 69 per cent of all cybersecurity applications in Austria are currently sourced from abroad. More than half of the affected companies could survive for no more than three months without these foreign technologies. What we need is genuine, active cyber resilience – a matter of attitude, culture and collective responsibility.

Yet it is precisely here that a shift in thinking is becoming apparent. 62 per cent of the companies surveyed now state that they would prefer to use cybersecurity solutions from domestic providers, provided these are available – a significant increase from 53 per cent in 2025. Awareness of digital sovereignty is taking hold among business leaders more quickly than anticipated.

It is precisely at this critical juncture that the symbiosis between research, science, education and business proves to be our most valuable lever. Whilst we tackle the immediate crises facing businesses in practice, academic research at FH Salzburg provides the strategic foundation to prevent tomorrow’s crises from arising in the first place. For me, therefore, my teaching on the Master’s degree programme in Cybersecurity is not a top-down transfer of knowledge, but a vibrant, forward-looking dialogue.

My urgent appeal: let us leave behind complacency and the illusion of total security. To the students: You are not looking for security vulnerabilities; you are building the digital resilience and sovereignty of tomorrow. To businesses: Realise that cybersecurity is no longer a burdensome cost, but the fundamental backbone of a business’s viability.

And who knows – if we consistently pursue this alliance between science, education and practical experience, we may well reactivate the most powerful defence mechanism that evolution has ever produced: trained common sense. No algorithm in the world has such a keen sense for inconsistencies as an attentive human being.

kpmg_portrait

About the author

Robert Lamprecht, DI (FH), is a partner in the Cybersecurity practice at KPMG Austria and a lecturer at FH Salzburg. He is co-author of the annual KPMG & KSÖ study ‘Cybersecurity in Austria’.

What does security mean to you personally, Robert Lamprecht?

warum_logo_weiss

The magazine of FH Salzburg

© 2026 Fachhochschule Salzburg GmbH · fh-salzburg.ac.at