Microsoft has announced that Windows 10 will reach its end of life on October 14, 2025. Following this date, the operating system will cease to receive security updates, prompting businesses to consider migrating to Windows 11. However, a significant number of organizations have yet to make the transition. As of December 2024, Statcounter reported that over 62% of devices globally were still operating on Windows 10.
Several factors contribute to this delay in upgrading. Many organizations are discovering that their existing hardware does not meet the compatibility requirements for Windows 11. Budget constraints also play a crucial role, as some firms find it challenging to allocate funds for new hardware. Additionally, the time required for employees to acclimatize to the new operating system poses another hurdle, as Steve Prescott-Jones, Director of Digital Managed Services at UBDS, points out.
Prescott-Jones emphasizes that remaining on Windows 10 presents “significant risks,” including heightened vulnerability to malware, ransomware, and other cyber threats. He warns that without regular updates, businesses may encounter operational inefficiencies and compliance challenges that could disrupt daily operations. Kier Nolan, Head of Managed Services at Cobweb, adds that for organizations in regulated industries, using unsupported software could lead to complications during audits and potentially hefty fines.
Operational downtime is another concern. Nolan notes that security breaches or technical failures can result in unnecessary interruptions and stress for businesses. “Ignoring the end-of-life deadline could jeopardize data security and erode customer trust,” he cautions.
The Windows 10 holdouts
Jonathan Dedman, Director at Cloudhouse, shares that they are currently collaborating with several clients who are still utilizing Windows 10 and are in the planning stages for their upgrade to Windows 11. “These organizations have extensive Windows 10 environments, and transitioning their staff to Windows 11 demands considerable time and investment in new hardware. The scale of these projects necessitates a phased deployment to ensure a seamless transition,” he explains.
Legacy software dependencies also hinder some firms from updating. Nolan recounts the case of a mid-sized company whose essential software was incompatible with Windows 11, necessitating costly updates and employee training, which further delayed the migration. Budget limitations are another common obstacle, particularly for smaller businesses struggling to afford the necessary hardware upgrades, such as newer processors and TPM 2.0.
For organizations needing additional time, Microsoft provides an Extended Security Updates (ESU) program, which extends Windows 10 security support for three years at progressively higher costs. This option can serve as a temporary solution for those unable to transition to Windows 11 immediately. Dedman notes that while this program incurs costs, it allows organizations to execute a “carefully planned, multi-year migration project.” However, he cautions that this does not resolve the issue of applications that may not function on Windows 11.
Extended support may be beneficial for organizations in highly regulated sectors or those reliant on critical legacy applications that cannot be migrated promptly, according to Alon Bar, Global CISO at Checkmarx. Nevertheless, he asserts that investing in upgrading systems to a supported operating system is more cost-effective in the long run.
Upgrading to Windows 11
While the transition to Windows 11 may create additional work, experts believe the benefits outweigh the challenges. Prescott-Jones highlights that the new operating system offers “numerous advantages” beyond continued support, including enhanced security features such as biometric authentication through Windows Hello and real-time phishing protection that alerts users to potential threats.
Organizations must, however, carefully evaluate the benefits against potential costs. Devices that do not meet Windows 11’s system requirements may need replacement, and while it is possible to bypass TPM 2.0 requirements, doing so carries significant risks. Nolan warns that incompatible devices may not receive updates, and warranties could be voided due to these issues.
Moreover, sticking with Windows 10 past the deadline could lead to unforeseen expenses. “Organizations may find themselves spending more on third-party security tools to compensate for missing updates,” Nolan explains. The financial repercussions of data breaches or non-compliance fines, along with the challenges of maintaining outdated systems, are critical factors to consider.
In light of these considerations, organizations still using Windows 10 should begin formulating their upgrade plans. Conducting a comprehensive audit of systems to identify vulnerabilities and hardware limitations is essential, advises Stew Parkin, Global CTO at Assured Data Protection. While Microsoft’s Extended Security Updates can provide a temporary reprieve, they are not a sustainable long-term solution.
A phased rollout strategy can help minimize disruptions during the transition, Prescott-Jones suggests. “Prioritize upgrading high-risk devices and critical systems early on, while allowing sufficient time for user training and process adjustments. In the meantime, organizations should ensure that all devices are patched, monitored, and secured with tools like Microsoft Defender to mitigate risks.”
