After 31 December 2026, Kentico 13 receives no security patches. Any vulnerability found from 2027 stays unpatched permanently.
A single security incident on an unpatched CMS can cost significantly more than a planned migration.
Cyber insurance providers increasingly exclude EOL software from coverage. Check your policy now.
Regulatory requirements for Australian organisations holding customer data may create additional exposure for sites running unsupported software.
When organisations delay a CMS migration past a vendor's end-of-life date, the reasoning is usually financial: avoid the cost of a migration project this year. It is a reasonable instinct. But it rests on an assumption that running EOL software is a neutral decision, a deferral with no cost attached. It is not.
The security cost: unpatched vulnerabilities
From 1 January 2027, every new vulnerability discovered in Kentico 13 will be unpatched. Kentico will not issue a fix. Your development team cannot patch what the vendor no longer patches. The vulnerability inventory grows permanently.
This is exactly what the Australian Cyber Security Centre's advisory describes. Attackers scan for EOL software with known, unpatched vulnerabilities. Organisations on EOL platforms become easier targets not because they are being singled out, but because their vulnerabilities are documented and unfixed
The insurance cost: EOL exclusions
Cyber insurance policies are increasingly specific about software support status. Many include exclusions for incidents that occur on unsupported or end-of-life software. If your organisation experiences a breach on a Kentico 13 site after 31 December 2026 and your policy includes an EOL exclusion, the insurer may decline the claim. Review your current cyber insurance policy and ask your broker specifically about EOL software provisions before the end of 2026.
The compliance cost: data obligations
Australian organisations that collect and hold customer data have obligations under the Privacy Act 1988 and, in some sectors, additional regulatory requirements around data security. Running a website on unsupported software that processes or transmits personal information creates a compliance exposure. The question is not just whether a breach occurs, but whether the organisation took reasonable steps to prevent one. Running EOL software makes that answer harder to defend.
The operational cost: incompatibility over time
Beyond security, EOL software becomes incompatible with the ecosystem around it. Browser updates, operating system changes, third-party plugin updates, and integration API changes happen on a schedule that does not account for your CMS being unsupported.
Every month on Kentico 13 past its EOL date is a month where a third-party integration might fail, a browser security update might break a form or checkout flow, or a hosting dependency might require an update the unsupported CMS cannot accommodate.
The calculation most organisations are not doing
A planned Kentico migration to Xperience by Kentico is a known cost, scoped in advance, managed over a fixed period. A security incident, an insurance claim denial, a compliance investigation, or a period of site downtime is an unknown cost that can exceed the migration cost many times over. The decision to delay is not a decision to avoid cost. It is a decision to trade a known, manageable cost for an uncertain, potentially much larger one
Author
Phil Allen
Founder & Chief Strategist
Get in touch
We transform
Discover More insights.
One thing we won't apologise for? Our passion for the digital world.
AIRA is Kentico's native AI suite for content teams. Tagging, translation, content generation, and personalisation, directly inside the CMS. Here is what it means in practice.
The Australian Cyber Security Centre has flagged an active CMS exploitation campaign targeting Australian businesses. Here's what every WA organisation with a website needs to know, and a free checklist to assess your exposure.
EOL is not just a vendor milestone. It has real financial and security consequences. Here is what the costs actually look like for organisations that delay their Kentico migration.
Dapth is now a certified Kentico Accelerator Expert Partner, and among the few in Australia to hold this qualification alongside our Gold Partner status. Here’s what that means, and why it matters for businesses looking to launch on Xperience by Kentico.
We’re thrilled to announce that Pete Boston has joined Dapth as our new Project Management Lead, bringing over two decades of leadership experience across some of Australia and the UK’s top creative and digital agencies. His appointment marks an exciting moment for Dapth as we continue to grow our capabilities and deliver innovative solutions to our clients.
2025 is off to a winning start for Dapth. With four major awards already under our belt, we're proud to be recognised for the strategic, human-centred work we do, and excited for what’s next.
Open-source CMS platforms like WordPress and Drupal power millions of websites and attract just as many security threats. From plugin exploits to core vulnerabilities, we unpack the biggest hacks of the past five years and show how a secure enterprise CMS can help you stay protected.
Many businesses unknowingly lose time, money and momentum due to disconnected digital systems. What starts as innovation can quickly turn into digital chaos. In this article, we unpack the hidden costs of disconnection and how to turn it around with connected thinking.
Looking for a CMS that’s secure, scalable, and built for performance? Discover why Payload CMS is becoming the go-to platform for developers and content teams and how Dapth is using it to deliver flexible, future-proof digital solutions.