Utimaco outlines three security trends for 2026

Utimaco's chief technology officer, Nils Gerhardt, outlined three security trends for 2026 and said digital security had reached a turning point after cyberattacks caused about €289 billion in damage to German companies over the prior twelve months, while threats continued to change with developments in Artificial Intelligence (AI) and quantum computing.

Gerhardt pointed to recent incidents affecting critical infrastructure, including several European airports, as evidence of reliance on a small number of large technology providers for security-critical functions such as cryptography. He referenced regulatory measures including the UK's Cyber Security and Resilience Bill, the EU's NIS2 directive, the European IPCEI projects, and the Singapore Cybersecurity Act, and recommended that organisations factor geopolitical realities into procurement and move away from purely price-oriented sourcing.

On Post-Quantum Cryptography (PQC), Gerhardt said advancing commercial quantum computers increased the risk that current asymmetric cryptography could be broken within a decade and reinforced the “harvest now, decrypt later” threat. He described a required complete cryptographic inventory of procedures, key lengths, and algorithms, migration through a central tamper-proof cryptographic infrastructure serving as a root of trust, and the use of crypto-agile hardware plus crypto-agile key and lifecycle management to allow updates to PQC algorithms without full infrastructure replacement.

Gerhardt also addressed Generative AI (GenAI), warning that model growth raised new vulnerabilities and data protection issues including prompt injection and accidental exposure of confidential information. He recommended consistent encryption at the data level before data enters Large Language Model (LLM) environments, systematic detection and classification of sensitive data, and clear use guidelines combined with employee training and human review. Utimaco described itself as a global platform provider with headquarters in Aachen and Campbell, California, developing on-premises (on-prem) and cloud-based hardware security modules, key management and data protection solutions, and Public Warning Systems, and said it had more than 400 employees worldwide.

“The digital future will be shaped by a race between new technologies and the necessary security measures. For organisations, it's not just about defending against current threats; it's about strategically investing in an independent, quantum-secure, and AI-resistant future,” says Nils Gerhardt, CTO at Utimaco.

The PR cited the EU PQC Roadmap requiring member states to develop national PQC plans by the end of 2026 and referenced NIST guidance that would prohibit support for current common practices from 2035.