When does support for Windows 10 end?

Despite confirmation that system support will end in October, it’s estimated that around 43% of PCs worldwide are still using Windows 10.

With the deadline just around the corner, business owners across the globe are being urged to update their systems and avoid the cyber security risks linked to using an unsupported programme.

In this blog post, we explore when support for Windows 10 ends, what it means for your business and security posture, the impact on Cyber Essentials certification, why delaying action is risky, the migration options available, and how we can support your transition.

When does support for Windows 10 end?

‘End-of-support’ for Windows 10 will officially take place on the 14th of October 2025.

What it means for your business and security posture

Microsoft will no longer provide updates or assistance for that version of the software. This includes:

• Security updates

These updates are critical for protecting systems from newly discovered threats, vulnerabilities, and cyber attacks.

• Non-security updates

This includes general bug fixes, performance improvements, and compatibility adjustments to ensure that the software runs smoothly.

• Technical support

This includes access to expert assistance for troubleshooting issues and resolving errors.

Why unsupported systems are dangerous

Cyber attackers are opportunistic.

Once a vendor, such as Microsoft, discontinues support, the system’s known exploits become widely documented on dark web forums and cybercrime networks.

Criminals can use publicly available information about previous vulnerabilities, many of which being used to infiltrate outdated environments.

These systems are vulnerable to:

• Ransomware attacks

Cyber criminals are most likely to use ransomware to target outdated systems that do not have the latest security patches. These malicious programs use known vulnerabilities to encrypt sensitive business data and make it inaccessible until a ransom is paid.

Even if the ransom is paid, there is no guarantee that the data will be recovered, putting businesses at risk of permanent loss and severe disruption.

• Malware infections

Unsupported operating systems often lack the defences required to combat modern malware.

When a vulnerability is exploited, malicious software can enter the system and spread across the network, stealing login credentials, financial records, and sensitive client information.

Malware can also installs backdoors, allowing continued unauthorised access long after the initial breach.

• Phishing attacks

Phishing remains one of the most common ways cyber criminals gain access to business systems.

This type of attack involves cyber criminals using deceptive emails or compromised websites to trick users into clicking malicious links or downloading infected files.

When systems are out of date and no longer receive security updates, they become especially vulnerable to this kind of attack. Cyber criminals can exploit known flaws in email clients or web browsers to bypass standard protections and infiltrate larger networks.

Learning from the past: the 2017 WannaCry ransomware attack

The dangers of unsupported systems are not just theoretical; they are well-documented.

One of the most striking examples was the 2017 WannaCry ransomware attack, which affected over 200,000 computers in 150 countries.

High-profile victims included major corporations, government agencies, and parts of the NHS, meaning critical services were disrupted and patient care delayed.

WannaCry exploited a known vulnerability in older versions of Windows, one that had already been patched in supported systems.

Organisations that failed to update or upgrade were left vulnerable to the attack, demonstrating how costly neglectful updates can be.

This incident serves as a powerful reminder that using end-of-life software is a serious business risk that can result in financial losses and long-term reputational damage.

The effects of unsupported systems on businesses’ Cyber Essentials certifications

For businesses working to obtain or maintain Cyber Essentials certification, the end of Windows 10 support presents a clear and urgent compliance challenge.

One of the core principles of Cyber Essentials is the use of secure, supported software, and when Windows 10 expires, it will no longer meet that standard.

Understanding the Cyber Essentials technical controls

Cyber Essentials is built on five key technical controls: firewalls and internet gateways, secure configuration, user access control, malware protection and security update management.

These principles explicitly require that all operating systems and software used within the organisation are properly licensed, actively supported by the vendor, and kept up to date with the latest security patches.

Once Microsoft ends support for Windows 10, any system still running it will no longer meet the criteria for a supported operating system under the Cyber Essentials scheme.

If your business continues to use devices running Windows 10 after the deadline, you risk failing your Cyber Essentials audit.

This is because unsupported software contradicts the certification’s very purpose: to help organisations defend against common cyber threats.

This is especially important in regulated industries like legal, finance, and healthcare, where Cyber Essentials is a minimum standard for handling sensitive or personal data.

Why you shouldn’t wait until the deadline

Although it may be tempting to put off system upgrades until closer to the deadline, you should be aware that waiting until the last minute is a risky and costly mistake.

Moving away from Windows 10 isn’t as simple as downloading a patch or flicking a switch. It’s a complex process that requires time, strategic planning and cross-departmental coordination.

Here’s why:

Compatibility and integration issues

Third-party business applications, legacy software tools, and industry-specific platforms may not be fully compatible with Windows 11 or other operating systems.

Testing these integrations takes time, particularly in environments with complex technology stacks or custom software.

Waiting until just before the deadline to begin testing may leave your company in limbo if critical software requires patching or upgrading to function properly on newer operating systems.

In the worst-case scenario, unresolved compatibility issues may force you to keep Windows 10 after the support deadline, jeopardising both security and compliance.

Budgeting, procurement, and installation challenges

Migrating from Windows 10 might require investment in new hardware, particularly if the devices do not meet the minimum system requirements for Windows 11.

Lead times for business-grade devices, particularly during peak demand around major lifecycle deadlines, can last months. Supply chain delays or backorders may cause installation to take much longer than expected.

There is also the need to properly budget, potentially across multiple departments or financial years. Making decisions too late can result in rushed purchases or compromises on device quality, security features, or scalability..

Managing internal disruption

Every IT project brings some level of disruption.

Whether it’s scheduling installation appointments, updating endpoint management policies, or assisting employees in adjusting to new system interfaces, internal planning and clear communication are essential for keeping operations running smoothly.

Disruption isn’t just technical; it affects people, processes, and productivity, which is why a people-first approach is essential.

Effective user training helps to reduce productivity dips, change management reduces resistance to new systems, and ongoing support ensures that technical issues are resolved quickly.

The longer you wait, the shorter your timeline becomes, putting pressure on internal teams, increasing the possibility of oversight, and leaving less time to test, validate, and fine-tune the new environment before it becomes business critical.

Your next step

While large enterprises may have already audited and planned their upgrades, many smaller businesses still need to act quickly to confirm device compatibility and prepare for the change.

For most, this can be done by running Microsoft’s compatibility checker to determine whether existing hardware can support Windows 11. If devices don’t meet the requirements, you’ll need to consider replacing them or exploring alternative approaches.

Strategic system migration: your options explained

The end of Windows 10 represents an opportunity for you to make strategic decisions about the future of your IT infrastructure.

Whether you’re upgrading to Windows 11 or looking into alternative systems, a planned migration can improve performance, strengthen security, and align your tech stack with long-term business objectives.

However, there’s no one-size-fits-all solution. The best path depends on your business requirements, software dependencies, and future growth plans.

We explore your options in more detail below:

Option 1: Upgrade to Windows 11

This is the most direct route if you want to remain in the Microsoft ecosystem.

Windows 11 offers enhanced security features such as hardware-based isolation, better phishing protection, tighter integration with Microsoft 365, and long-term vendor support to ensure ongoing updates and compatibility.

However, it’s important to note that not all devices currently running Windows 10 meet the minimum system requirements for Windows 11. This includes TPM 2.0, secure boot capabilities, and more modern processors.

As a result, some organisations may need to invest in new hardware or consider retrofitting existing devices, which can complicate and increase the cost of the upgrade process.

Option 2: Alternative operating systems

Some businesses may consider macOS in Apple-based environments, which offers strong integration with Apple’s ecosystem and hardware security features.

However, moving to a non-Windows platform may involve significant changes to workflows, require new hardware purchases, and could present compatibility challenges for Windows-specific software.

Option 3: Cloud-first or hybrid infrastructure

You could also transition from a traditional device-based model to cloud-based solution.

Virtual Desktop Infrastructure (VDI) solutions, such as Windows 365 and Azure Virtual Desktop, provide scalability by enabling users to securely access a full desktop experience from virtually any device.

This approach is well-suited for distributed and remote teams, helping reduce reliance on local hardware and improving business continuity.

However, it does require careful planning around security and ongoing costs, which can vary based on usage.

Why infrastructure support matters

Regardless of the path you choose, the success of your migration ultimately depends on the strength and readiness of your IT infrastructure.

Choosing a strategic partner, such as ourselves, ensures your migration is smooth, secure, and aligned with compliance frameworks like Cyber Essentials.

By acting now, you can avoid rushed decisions and position your organisation for long-term security and stability.

How Net-Defence can help

Preparing for the end of Windows 10 support can be daunting, but you don’t have to do it alone.

At Net-Defence, we specialise in helping businesses to take proactive, strategic steps to strengthen their cyber security posture and ensure compliance with security standards.

Whether you’re just starting to review your systems or already planning your upgrade, our team is here to guide you every step of the way.

Cyber Essentials expertise

As Cyber Essentials specialists, we offer clear, jargon-free advice on how to meet the scheme’s technical requirements.

If unsupported operating systems are putting your certification at risk, we’ll help you understand what needs to change and how to do it efficiently.

From basic to Cyber Essentials Plus, we know exactly what auditors look for.

Support with documentation and policy updates

Certification isn’t just about technology; it’s also about process.

We help clients align their policies and procedures with the Cyber Essentials requirements, including:

• Software and patch management policies
• Access control and device usage guidelines
• System inventory records and documentation

We ensure that your systems are audit-ready and able to withstand external scrutiny.

User training and change management

Upgrading systems is only half the battle; ensuring your team understands how to use them securely is equally important.

We provide tailored user awareness training to minimise disruption, reduce security risk, and instil cyber-conscious behaviours throughout your organisation.

If your business needs help navigating the end of Windows 10 or preparing for Cyber Essentials, we are your reliable partner in security and compliance.