Review the long-term risk of staying on Windows 10
As businesses weigh the decision to remain on Windows 10, especially with the option to purchase Extended Security Updates (ESU), it is crucial to consider the implications for cyber insurance coverage. A thorough examination of your cyber insurance policy is essential to understand any potential coverage gaps that may arise from continuing to operate on an unpatched version of Windows 10 or even with ESU support.
Cyber insurance policies frequently reference the Payment Card Industry Data Security Standard (PCI DSS) as a benchmark for maintaining coverage. Failure to adhere to these standards can lead to significant consequences, including the denial of claims or the complete loss of coverage. Key areas of concern include:
- Any insured party’s non-compliance with the PCI Data Security Standard or any related rules set forth by payment card companies.
- The implementation, maintenance, or compliance with security measures pertaining to payment card data, which may involve fines or penalties imposed by payment card companies on merchants or payment processors.
For businesses utilizing point-of-sale systems, adherence to PCI DSS standards is non-negotiable. These standards mandate that systems must be equipped with essential controls such as file integrity monitoring, anti-malware solutions, timely patches, and comprehensive audit logging. Operating point-of-sale systems without these protections not only jeopardizes customer data but also risks the integrity of your cyber insurance coverage.
In essence, if you choose to keep point-of-sale systems active while knowingly neglecting necessary updates and protections, you may find yourself facing severe repercussions, including the potential loss of cyber insurance benefits. The decision to remain on Windows 10 should be made with careful consideration of both operational needs and the overarching requirement to safeguard your business against cyber threats.
