After 31 December 2026, Kentico 13 receives no security patches. Any vulnerability found from 2027 stays unpatched permanently.
A single security incident on an unpatched CMS can cost significantly more than a planned migration.
Cyber insurance providers increasingly exclude EOL software from coverage. Check your policy now.
Regulatory requirements for Australian organisations holding customer data may create additional exposure for sites running unsupported software.
When organisations delay a CMS migration past a vendor's end-of-life date, the reasoning is usually financial: avoid the cost of a migration project this year. It is a reasonable instinct. But it rests on an assumption that running EOL software is a neutral decision, a deferral with no cost attached. It is not.
The security cost: unpatched vulnerabilities
From 1 January 2027, every new vulnerability discovered in Kentico 13 will be unpatched. Kentico will not issue a fix. Your development team cannot patch what the vendor no longer patches. The vulnerability inventory grows permanently.
This is exactly what the Australian Cyber Security Centre's advisory describes. Attackers scan for EOL software with known, unpatched vulnerabilities. Organisations on EOL platforms become easier targets not because they are being singled out, but because their vulnerabilities are documented and unfixed
The insurance cost: EOL exclusions
Cyber insurance policies are increasingly specific about software support status. Many include exclusions for incidents that occur on unsupported or end-of-life software. If your organisation experiences a breach on a Kentico 13 site after 31 December 2026 and your policy includes an EOL exclusion, the insurer may decline the claim. Review your current cyber insurance policy and ask your broker specifically about EOL software provisions before the end of 2026.
The compliance cost: data obligations
Australian organisations that collect and hold customer data have obligations under the Privacy Act 1988 and, in some sectors, additional regulatory requirements around data security. Running a website on unsupported software that processes or transmits personal information creates a compliance exposure. The question is not just whether a breach occurs, but whether the organisation took reasonable steps to prevent one. Running EOL software makes that answer harder to defend.
The operational cost: incompatibility over time
Beyond security, EOL software becomes incompatible with the ecosystem around it. Browser updates, operating system changes, third-party plugin updates, and integration API changes happen on a schedule that does not account for your CMS being unsupported.
Every month on Kentico 13 past its EOL date is a month where a third-party integration might fail, a browser security update might break a form or checkout flow, or a hosting dependency might require an update the unsupported CMS cannot accommodate.
The calculation most organisations are not doing
A planned Kentico migration to Xperience by Kentico is a known cost, scoped in advance, managed over a fixed period. A security incident, an insurance claim denial, a compliance investigation, or a period of site downtime is an unknown cost that can exceed the migration cost many times over. The decision to delay is not a decision to avoid cost. It is a decision to trade a known, manageable cost for an uncertain, potentially much larger one
About Dapth
Dapth helps organisations “unlock business advantage” by connecting customer, employee and operational systems into scalable digital ecosystems. Built on understanding, knowledge and collaboration delivering ROI through efficiency and/or revenue.
Not a developer. Just a marketer managing a website, running campaigns, and publishing content. Here is what that actually looks like in Kentico Xperience.
Xperience by KenticoContent Management SystemsCustomer Experience
Three enterprise CMS platforms assessed honestly: AI capabilities, headless delivery, deployment flexibility, and which type of organisation each suits best.
SitefinityXperience by KenticoContent Management SystemsCustomer Experience
Umbraco.AI takes a different approach to CMS AI: define rules and governance first, then activate AI features for editors. Here is what that means in practice.
Umbraco is free to download and use. But open-source does not mean no cost. Here is an honest look at what open-source means for Australian organisations building on Umbraco.
UmbracoCustomer ExperienceContent Management Systems
Three stores plus an online shop. Odoo manages all of them from a single platform. Here is how Australian retailers use Odoo to unify their operations across every location.
AIRA is Kentico's native AI suite for content teams. Tagging, translation, content generation, and personalisation, directly inside the CMS. Here is what it means in practice.
Xperience by KenticoCustomer ExperienceContent Management Systems
The Australian Cyber Security Centre has flagged an active CMS exploitation campaign targeting Australian businesses. Here's what every WA organisation with a website needs to know, and a free checklist to assess your exposure.
Content Management SystemsXperience by KenticoDigital ConsultancyCustomer Experience
SharePoint is the document layer behind Teams, the storage engine behind OneDrive, and the content platform behind Viva. Here is what the connected Microsoft 365 picture looks like.
EOL is not just a vendor milestone. It has real financial and security consequences. Here is what the costs actually look like for organisations that delay their Kentico migration.
Xperience by KenticoContent Management SystemsCustomer Experience