Skip to content

Austrian Study: AI-Powered Cyberattacks Dominate 2026

To the point: AI-orchestrated attacks dramatically compress the timeframe between vulnerability discovery and exploitation, while Austrian companies remain skeptical about AI controllability, and only 15 percent believe Austria is prepared for serious cyberattacks on critical infrastructure.

The eleventh edition of the “Cybersecurity in Austria” study by the Competence Centre for Secure Austria and KPMG analyzes 1,396 companies and shows: attacks are becoming more professional, faster, and harder to detect through AI. 25 percent report increased attack rates, with only one in eight attacks being repelled.

Cyberattacks on Austrian companies have risen again in 2026. 25 percent of surveyed organizations report strongly or somewhat increased attack rates. One in eight attacks was successful and overcame existing security barriers. The top attack types remain malware via email attachments (78 percent of companies), phishing via links (69 percent), exploitation of hardware and software vulnerabilities (58 percent), business email compromise (57 percent), and scam calls (52 percent). New is the intensified exploitation of vulnerabilities, which illustrates the changing role of AI in attack patterns.

The origin of attacks presents a diffuse picture: 21 percent come from Europe, 16 percent from Asia. Alarming is the rise in non-identifiable sources: 63 percent of attacks—an increase of 20 percent compared to the previous year—cannot be localized. 50 percent of attacks are attributed to organized crime, one in ten attacks comes from state-sponsored actors. In ransomware cases, 25 percent of affected companies paid the ransom demands. In 40 percent of attack cases, ineffective patch management was the attack vector.

AI has fundamentally shifted the rules of cybersecurity. Cyberattacks increasingly use AI support, causing the window between vulnerability discovery and exploitation to shrink from days or weeks to just a few hours. 50 percent of surveyed companies see AI-powered attacks as the greatest challenge. 47 percent already report increased AI use in attacks against their organization. KPMG partner Robert Lamprecht underscores the central problem: while AI systems increasingly make decisions autonomously that are not fully traceable, it remains unclear whether they remain controllable.

Noteworthy is the skepticism surrounding AI-powered defense: only 33 percent of companies believe that AI actually improves cybersecurity. The reasons are pragmatic—companies currently see the advantages more with the attackers. 28 percent have already implemented AI technologies for defensive purposes. For CISOs, this means that investments in AI-powered security solutions are necessary, while at the same time an understanding of the governance and limitations of these systems becomes essential.

Across critical infrastructure, preparedness is low: only 15 percent of surveyed Austrian companies are confident that Austria can respond appropriately to serious cyberattacks on critical infrastructure. This underscores a structural deficit in overall state resilience.


Source: kompetenzzentrum-sicheres-oesterreich.at · Published June 8, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.

Share on: