Quality over quantity: SecTec as a platform for dialogue
Now in its third year, SecTec 2026 has established itself as a fixture in the security technology calendar. In Munich, the event once again brought together representatives from business, public authorities, critical infrastructure sectors, security services, industry and research. The aim was clear: relevance, not mass. The focus was not on a quick product showcase, but on the question of how security technology can be translated today into concrete protection concepts, robust processes and strategic resilience.
Security as a networked ecosystem
In doing so, the event struck a chord with the industry. After all, security is undergoing a phase of profound change. Physical threats, digital attacks, regulatory requirements, artificial intelligence, drone threats and complex interdependencies within critical infrastructure can no longer be viewed in isolation. Anyone wishing to organise security effectively today must consider systems, data, people, processes and responsibilities as an integrated whole.
This was precisely the strength of SecTec 2026. It did not see itself as a traditional trade fair, but as a platform for dialogue and guidance. The event was opened by Tobias Schmidt from the Bavarian Association for Security in Business. He made it clear that security technologies must not be assessed in isolation. What matters, he said, is how they are embedded in real-world application scenarios, what added value they bring to day-to-day operations, and how industry, operators, authorities and service providers can jointly arrive at viable solutions.
Elevator Pitches: Compact insights into current developments
This opening set the tone for the event. SecTec presented security not as a collection of individual products, but as an interconnected ecosystem. Sensor technology, control centres, access control, video analysis, simulation, cyber resilience and legal frameworks are becoming increasingly intertwined. The protection of critical infrastructure is thus becoming an interdisciplinary task.
The concise elevator pitches were once again a defining feature. In short presentations, exhibitors provided insights into current developments – from cloud-based platforms and AI-supported video analysis to highly secure access systems, drone detection and specialised solutions for sensitive areas. The rapid succession of presentations highlighted just how broadly and dynamically the security industry is evolving.
From individual solutions to integrated security architectures
At the same time, a clear trend emerged: the industry is moving away from isolated, stand-alone solutions. Integrated, scalable and data-enabled systems are in demand. Security technology should not merely trigger alarms, but generate situational awareness, assess risks and support decision-making. The traditional boundary between physical security and digital intelligence is becoming increasingly blurred.
Prevention as a new guiding principle
This became particularly clear when it came to the topic of prevention. Modern security does not begin only once damage has occurred. It starts earlier: with the detection of weak signals, the assessment of deviations and the ability to structure processes in such a way that risks do not escalate in the first place. Although prevention has always been one of the fundamental principles of the security industry, it often remains invisible. As long as nothing happens, its value is easily underestimated. It is only when systems come to a standstill, infrastructure fails or security situations escalate that it becomes clear just how costly a lack of precaution can actually be.
Staying one step ahead: control centres, data and AI
Karl Eckstein illustrated this idea with a simple image: training wheels on a child’s bicycle. They do not prevent every danger, but they reduce the risk before it materialises. Applied to industry, critical infrastructure and corporate security, this means that protection must not be viewed merely as a reactive measure. It is about creating conditions that intercept errors, failures or attacks at an early stage.
This logic is particularly relevant in critical infrastructure. Security incidents rarely remain isolated there. A local incident can trigger production stoppages, supply disruptions, reputational damage or regulatory consequences. Prevention therefore means not only considering individual threats, but understanding their potential chains of impact.
An example from Neckarsulm brought this connection into sharp focus. Following a heavy rainfall event, water penetrated sensitive infrastructure areas. However, the actual escalation only arose as a result of consequential damage: short circuits, fires and, ultimately, the failure of central systems. The weather itself could not be controlled. Preparation for it, on the other hand, could. If weather data, risk assessments, technical sensor technology and escalation processes are intelligently linked, protective measures can be implemented much earlier – for example, through automatic barriers, targeted shutdowns or pre-planned interventions.
This also changes the role of the control centre. It is no longer merely a reception point for alarms, but is evolving into a central authority for situation assessment and decision support. Its added value stems not from the sheer volume of reports, but from the ability to correlate information meaningfully. A single signal from video surveillance, access control or building sensors has limited significance. It is only through interaction that a robust situational picture emerges.
Artificial intelligence can support this development. It does not replace human decision-making, but it can recognise patterns, highlight anomalies and structure large volumes of data. If, for example, a system detects unusual behaviour at an ATM, this information can be linked to further data points: time, location, previous events, access data or technical faults. This does not automatically result in a decision, but it does provide a better basis for operational measures.
The crucial point is this: prevention must not be confused with mere faith in technology. AI is a tool, not an end in itself. Its usefulness depends on whether data is available, processes are defined and responsibilities are clarified. Modern security architectures must therefore not only be technically capable, but also organisationally compatible.
Drone defence in the civilian sector
Another key focus of SecTec 2026 was drone defence in the civilian sector. The presentation by Hans-Peter Stuch from Fraunhofer FKIE made it clear that unmanned aerial vehicles have long since become a real security threat. The focus here is primarily on small and medium-sized commercially available drones. These in particular are readily available, versatile in use and can be employed for surveillance, disruption or targeted attacks.
For operators of critical infrastructure, industrial sites, airports or major events, this raises a twofold question: How can drones be reliably detected? And what countermeasures are legally permissible at all?
Detection, situational awareness and legal boundaries
Technically, a wide range of approaches now exists. Modern counter-UAS concepts are usually based on three elements: detection, situational awareness and response. First, the flying object must be detected. Sensor data must then be consolidated to assess its type, position, direction of movement and potential intent. Only on this basis can appropriate measures be derived.
A single sensor is not sufficient for this. Radio sensors can analyse communication signals between the drone and its controller. Cameras enable visual verification and tracking. Acoustic systems detect characteristic sounds. Radar provides distance and movement information. Yet every method has its limitations. Wired controls, autonomous flight modes, difficult weather conditions or complex urban environments can significantly complicate individual detection methods.
The key therefore lies in sensor data fusion. Different data sources must be combined in such a way as to produce a reliable situational picture. Even small spatial or temporal deviations can lead to misinterpretations. Automated calibration, clear prioritisation and robust evaluation thus become key success factors.
However, the true complexity becomes apparent when it comes to countermeasures. Technically, various options are conceivable: jamming, spoofing, networks, interceptor drones or other neutralisation methods. Yet in the civilian sector, many of these measures are permitted only to a limited extent, if at all. Interference with radio or navigation signals touches upon areas of legal protection and is generally reserved for government agencies. This creates a structural gap for private operators: they are expected to protect their facilities but are not permitted to implement many active measures themselves.
It was precisely here that a key area of tension became apparent at SecTec. In many areas, technology is more advanced than the practical scope for action. Security requirements, jurisdiction, proportionality and liability must be reconciled. Effective drone defence is therefore not a product that is simply procured and installed once. It is a process comprising risk analysis, sensor technology, situational awareness, alerting, coordination with authorities and continuous adaptation.
Digital sovereignty and cyber resilience
The issue became even more fundamental when it came to digital sovereignty and cyber resilience. Professor Gabi Dreo Rodosek made it clear that the threat landscape is not exacerbated by individual factors, but by the simultaneous interplay of several developments: artificial intelligence, quantum computing, geopolitical tensions, global technology dependencies and highly interconnected infrastructures are changing the fundamentals of cybersecurity.
The concept of resilience is thus taking on a new meaning. It is no longer just a matter of preventing attacks. What is crucial is the ability to remain operational whilst under attack. Firewalls, compliance documents and traditional protective measures remain important, but are not sufficient on their own. Organisations must design digital structures in such a way that they can absorb disruptions, limit attacks and maintain critical functions.
AI, quantum computing and new attack strategies
AI also plays an ambivalent role here. It can accelerate security processes, detect anomalies and analyse complex data. At the same time, it itself becomes a tool for attackers – for example, for automated social engineering, vulnerability scanning, deepfakes or adaptive attack patterns. What is crucial, therefore, is not whether AI is used, but how controlled, competent and verifiable its use is.
Rodosek also emphasised that a significant proportion of AI-generated results must be critically evaluated. For companies, this means that digital competence is becoming security competence. It is not enough simply to introduce tools. Employees, managers and technical teams must understand how systems work, where their limitations lie and what risks arise from incorrect assumptions.
The potential implications of quantum computing are particularly far-reaching. Asymmetric encryption methods established today could become vulnerable in the future. Attackers are already pursuing strategies based on the ‘store now, decrypt later’ principle: data is intercepted and stored so that it can be decrypted later using more powerful technologies. For public authorities, operators of critical infrastructure and companies holding sensitive data over the long term, this creates an urgent need for action. Post-quantum cryptography is no longer a distant research topic, but part of strategic security planning.
Added to this is the asymmetrical relationship between attackers and defenders. Attackers need only find a single vulnerability. Defenders must protect complex systems holistically. This logic renders static security architectures increasingly inadequate. Approaches such as Zero Trust, Moving Target Defence, and Security and Privacy by Design are therefore gaining in importance. Systems must not only be protected, but fundamentally built to be resilient.
Cybersecurity as a prerequisite for physical security
In networked infrastructures, cyberattacks have long since ceased to affect only data. They can influence physical processes: energy supply, logistics, industrial control, transport systems or building services. Cybersecurity thus becomes a prerequisite for physical security. The protection of digital systems is simultaneously the protection of production, supply and social stability.
A practical example from the logistics sector illustrated the operational dimension. Following a severe cyberattack, a company’s IT systems were shut down within a matter of hours to prevent further damage. Economically, the move was painful. Strategically, it was necessary. Such scenarios demonstrate that resilience also means being able to act decisively in the face of uncertainty.
To do so, organisations must know their ‘crown jewels’. Which systems, data and processes are indispensable? Which functions must be prioritised in the event of a crisis? Without this clarity, risk management remains abstract. With it, resources can be deployed more effectively and critical dependencies reduced.
Europe’s digital sovereignty was also addressed in this context. Many key technologies – cloud platforms, AI systems, semiconductors, software ecosystems – originate from non-European markets. Amid geopolitical tensions, this dependency can become a risk. This does not mean isolation, but freedom of choice: organisations must have alternatives so as not to be entirely dependent on individual providers, jurisdictions or supply chains.
Regulation can support this process, but it is no substitute for operational security. NIS2, the Cyber Resilience Act and other requirements establish important framework conditions. The real question, however, remains whether companies can detect, assess, manage and learn from attacks. Compliance is necessary, but not synonymous with resilience.
Simulation as a key technology in modern security planning
Another key topic at SecTec was simulation. This was particularly vividly illustrated in the presentation by Dipl.-Soz. Sophia Simon, Managing Director of accu:rate GmbH. The focus was on how crowd flow simulations can help to better understand the security, planning and operation of complex spaces.
Whether it’s a stadium, festival site, railway station, trade fair, observation tower or urban space: wherever large numbers of people are moving around at the same time, risks arise not solely from structural conditions. Equally crucial is how people behave, how they make decisions, where they hesitate, which routes they follow and how they react to stress, disorientation or bottlenecks.
Pedestrian flow simulations digitally model such movement dynamics. They allow scenarios to be tested before they occur in reality. This is particularly important because many situations cannot be tested in practice. Nobody evacuates a festival site as a trial under real-life stress conditions. Nobody deliberately fills a railway station to its capacity limit to see where things become critical. Simulation creates an experimental space here.
Pedestrian flow simulation: better understanding of crowds
The major advantage lies in making dynamic processes visible. Static regulations, building codes and capacity calculations form important foundations. However, they only provide a limited understanding of how crowds actually move. People are not uniform particles. They react to other people, to signage, to loudspeaker announcements, to local knowledge, to uncertainty and to social bonds.
In simulations, people are therefore modelled as agents. They can be assigned different characteristics: walking speed, space requirements, mobility restrictions, reaction time, local knowledge or choice of destination. This allows for more realistic scenarios to be modelled than with purely mathematical averages.
The benefits became particularly clear in several practical examples. At the Weserstadion in Bremen, the focus was on organising the away supporters’ area. Different fan groups, security requirements and route connections had to be modelled in such a way that admission could be managed safely and efficiently. The simulation helped to test different scenarios, identify bottlenecks and optimise the routing.
Another example concerned the crowd dispersal situation following a stadium visit. When tens of thousands of people move towards the station, city centre or car parks within a short period of time, bridges, tunnels, platforms and checkpoints can quickly become critical bottlenecks. The simulation showed that structural extensions alone are not automatically sufficient. Only in combination with organisational management and a clear separation of route patterns could the situation be significantly improved.
Simulations also prove their worth during festival evacuations. When a thunderstorm is approaching or a situation escalates, every minute counts. What matters is not only how many people are on the site, but how long it realistically takes them to reach safe areas. This can lead to counter-flows, bottlenecks and delays. Simulations help to identify such issues in advance and make evacuation plans more robust.
The example of Hamburg’s Heinrich Hertz Tower ultimately showed that simulation is not merely a safety tool. It can also support operational efficiency and business management. The planned reopening to visitors involved considerations such as lift capacity, waiting areas, toilet facilities, dwell times and visitor flows. Such questions are difficult to answer in isolation because they are interlinked in terms of space, time and organisation. The simulation made these interrelationships visible.
An important aspect is the communication function. Simulations provide not only figures but also visual representations. They reveal where congestion forms, which areas are overloaded and which measures provide relief. This enables planners, operators, authorities and security services to discuss matters on a common basis.
At the same time, it became clear: simulation is not a crystal ball. It does not predict exactly how every single person will behave. Its quality depends on data, assumptions, scenarios and expert interpretation. It replaces neither experience nor organisation. But it expands the scope for action because it makes complex dynamics visible at an early stage.
Technical simulation of physical hazards
In addition to crowd simulations, the technical simulation of physical hazards also played an important role. Daniel Huber demonstrated how numerical models can be used to realistically simulate explosions, gunfire, impact events or other complex stress scenarios. The advantage is clear: dangerous, expensive or practically impossible tests can be analysed digitally. This enables better planning decisions without unnecessarily transferring risks into reality.
This leads to an overarching conclusion: simulation is developing into a key technology for modern security planning. It combines analysis, prevention and decision support. Whether structural protection, crowd flow, evacuation or operational planning – wherever systems are complex and wrong decisions prove costly, simulation creates additional security.
KRITIS protection as a systemic task
SecTec 2026 thus presented a very clear picture of the industry as a whole. Security technology is becoming smarter, more interconnected and data-driven. At the same time, the demands on legal assessment, organisational implementation and strategic management are increasing. Technology alone does not solve security problems. It only realises its value when embedded in processes, responsibilities and concrete chains of action.
This insight is particularly relevant for operators of critical infrastructure. Today, KRITIS protection means far more than perimeter security. It is about the robustness of entire systems: physical, digital, organisational and personnel-related. Natural disasters, drones, cyberattacks, sabotage, technical failures and human errors can all interplay. Resilience therefore does not arise from individual protective measures, but from a comprehensive understanding of one’s own vulnerability.
The role of security service providers is also changing. They are increasingly becoming integrators, analysts and process partners. Traditional guarding and alarm handling remain important, but are supplemented by situation assessment, data analysis, control centre logic and preventive consultancy. The security service of the future will not only operate at the door or within the premises, but as part of an information network.
For manufacturers, in turn, the connectivity of their solutions will be crucial. Systems must deliver data, be integrable, offer interfaces and fit into larger architectures. Those offering only an isolated product will find it harder. What is needed are platforms that communicate with other systems, contextualise events and support security processes.
SecTec 2026 also made it clear that public authorities and regulation play a central role. Particularly on issues such as drone defence, data protection, critical infrastructure or cybersecurity, the legal framework determines what is practically possible. This creates a need for closer dialogue. Security solutions must not only function technically, but also be legally sound.
Conclusion: Staying one step ahead
This is precisely why the SecTec format is so relevant. The event provides a space where technological developments are not merely presented, but also contextualised. Here, suppliers meet users, research meets practice, and authorities meet operators. This enables an exchange that goes beyond marketing messages.
The central theme of the event can be clearly identified: modern security means staying one step ahead of the situation. This applies to prevention in industrial processes just as much as to drone defence, cyber resilience or crowd management. Reaction remains necessary. But the decisive value is created earlier – in the ability to identify risks, understand patterns, run through scenarios and prepare appropriate measures.
This requires data. But data alone is not enough. Analysis is needed. But analysis alone is not enough either. What is crucial is translating this into actionable structures: clear processes, trained teams, defined escalation procedures, robust technology and a management team that views security as a strategic priority.
SecTec 2026 has shown that the industry is at precisely this juncture. It possesses powerful technologies, yet at the same time faces new constraints: legal, organisational, personnel-related and economic. The next step in development therefore lies not only in more technology, but in better integration.
This makes the event more than just an industry gathering. It serves as a barometer for the issues that will shape the security sector in the coming years: AI-supported situational awareness, resilient control centres, hybrid protection architectures, simulation-based planning, civil drone defence, digital sovereignty and the protection of critical infrastructure as a systemic task.
The conclusion is correspondingly clear: SecTec 2026 has impressively demonstrated that security can no longer be viewed in silos today. Physical security, cybersecurity, simulation, data analysis, law and organisation form a shared field of action. Anyone wishing to protect critical processes must bring these dimensions together.
In an era of growing threats and increasing interdependencies, security thus becomes a prerequisite for economic performance and social stability. SecTec does not provide simple answers to this – but it does offer exactly the right framework for asking the right questions.
