End of Windows 10 support leaves millions of devices exposed – but offers a chance to build stronger defences

Support for Windows 10 has officially reached the end of the road. Some will have marked its passing with sadness, others with celebration. But one thing cannot be ignored. The scale of the problem posed by this end of support is enormous. According to reports, half of today’s PCs still run the operating system (OS) Windows 10, with around 400 million machines worldwide still whirring away on the defunct operating system. 

And every one of those machines is now a potential entry point for attackers, giving cybercriminals an unprecedented opportunity to wreak havoc. History shows how fast things can unravel. In 2017, the WannaCry outbreak spread through unpatched systems in days, crippling NHS services and costing potentially millions to remediate.

The removal of support means no more security patches, no more bug fixes and no more safety net. Every unpatched device instantly becomes a target, with attackers quick to exploit the gaps. But in every crisis, we can find opportunity. Now that support has ended, this is a pivotal moment to modernise, strengthen defences and reduce long-term risk – provided action is taken quickly.

The security threat is real

In fact, many in the security industry are predicting a spike in cyberattacks as opportunistic bad actors move swiftly to take advantage of the newly unsupported systems. 

For organisations that have missed the deadline, there is some breathing space. Microsoft’s Extended Security Updates (ESU) programme is a temporary backstop, buying valuable time by continuing to deliver patches beyond the official cut-off. But ESU is no silver bullet. It adds cost, doesn’t resolve hardware or compatibility challenges, and, if used to simply kick the can down the road, defers rather than solves the problem. 

So, what steps need to be taken to ensure not just a short-term fix but a longer-term solution?

The starting point has to be visibility. Without a clear, real-time view of which devices are still running Windows 10, what applications they depend on, and where vulnerabilities lie, organisations are effectively working in the dark. And it explains how teams end up firefighting instead of managing.

Visibility – or should I say ‘lack of visibility’ – is often where many migrations go wrong. It’s a sign that critical systems are out of step, forcing organisations into emergency fixes and unplanned spending rather than proactive management.

With visibility established, the next step is automation. Why? Because manual updates and piecemeal fixes simply don’t scale, while any tardiness runs the risk of exposing gaps in defences. 

Automation is a step-change in security

By automating patching, configuration enforcement and policy rollout across endpoints, IT teams can ensure consistency, speed and accuracy. Automation not only closes gaps but also unlocks efficiency and agility across the organisation.

Organisations that have embedded automation are rarely caught scrambling at deadlines like this. Instead, they can orchestrate change on their own terms, turning reactive firefighting into proactive resilience. Handled proactively, migrations can be staged to minimise disruption. But that requires planning, visibility and the orchestration tools to deliver it.

But there is another issue worth considering. For those still dependent on Windows 10, it may be a sign that they have an over-reliance on ageing infrastructure. Devices that can’t make the jump to Windows 11 are likely to be among some of the oldest and least secure in the estate and are harder to patch or monitor. That in itself is a warning sign. 

So, while the Windows 10 retirement may be seen by some as a technical exercise, it should be reframed as a strategic opportunity to refresh infrastructure, tighten security protocols and embed lasting resilience. That means updating good hygiene practices, such as consistent patching, baseline enforcement and tighter control overshadow IT. 

A springboard for future readiness

Above all, this moment should be treated as a springboard for future readiness. Migrating off Windows 10 isn’t just about ticking a compliance box. Instead, it’s a chance to modernise infrastructure, retire legacy apps, and put in place the automation and hygiene protocols that will make every future change less painful.  And if you haven’t already, may I also suggest implementing stricter identity and access controls, segmented networks and continuous compliance monitoring. 

Done right, organisations can emerge not only more secure but also more agile, more efficient, and better prepared for whatever comes next.

Regardless of whether this affected you directly – or indirectly via your suppliers and external supply chain – one thing is for certain: the cost of doing nothing is steep. Delays inevitably mean higher bills, whether through emergency procurement, inflated hardware prices, or reliance on paid ESU. 

And should the worst happen, the added cost of regulatory fines, reputational damage, and lost productivity are very compelling reasons to take action now.

With Extended Security Updates offering some breathing space, organisations still have the chance to get their houses in order and to use the end of Windows 10 as the start of a more resilient, secure future.

‍