Getting your Trinity Audio player ready...
null

With Microsoft withdrawing support for Windows 10 operating systems (OS), users no longer receive security patches, feature updates or technical support. As a result, devices running on Windows 10 are now exposed to cybercrime.

Globally, one out of five devices still runs on Windows 10, and the number is much higher in Australia. As of late 2025, 34% of Australian businesses have not yet upgraded to Windows 111. This means their professional ecosystems remain compromised.

Why 'end of life' is a critical security vulnerability

When an operating system reaches end of life (EOL), it no longer receives security patches, bug fixes or technical assistance. Cyber criminals actively scan for such outdated systems, as the lack of regular security patches provides easy entry points for repeated exploitation.

Beyond security risks, legacy systems struggle to integrate with modern software, resulting in performance issues, downtime and operational bottlenecks that impact service delivery and customer experience.

In Australia, organisations covered under the Privacy Act and the Notifiable Data Breaches Scheme are expected to take reasonable steps to secure personal information. This task becomes more challenging when running unsupported systems.

A look back: Lessons from Windows 7 EOL

When Windows 7 support ended in 2020, many organisations delayed upgrading, assuming short-term risk was manageable. Within months, attackers began targeting Windows 7 systems on a large scale. It was an easy task for attackers because of known vulnerabilities in the unsupported operating systems.
Healthcare providers, local authorities and smaller organisations felt the impact most sharply, mirroring the dynamics seen in the 2017 WannaCry attack, which compromised over 200,000 Windows systems globally2.

What can businesses do now?

Businesses are advised to migrate their systems to the latest operating systems through a safe and well-managed transition plan, including the following steps:

Organisations can take this as an opportunity to review broader cyber practices. For example, businesses can use tools such as Microsoft Copilot, behavioural analytics and automated threat detection to strengthen control over sensitive data. However, this requires the system to be built on supported and secure systems.

Proactive risk management is the first step in cyber protection

The Windows 10 EOL shift reinforces a core principle in cybersecurity: Prevention costs are less than the recovery costs. To act upon that, organisations can do the following:

Defend proactively

Strengthen their resilience by combining system upgrades with modern tools such as behavioural analytics and robust data security governance frameworks to support a safer digital environment.

Reviewing insurance cover

A strong cyber defence reduces exposure, but insurance provides the financial and operational support when incidents occur.

How can Gallagher help?

In the event of a cyber incident, breach or concern, having a trusted partner to help you manage it effectively is highly valuable. That's where the Gallagher cyber experts come in.

Our comprehensive policies provide coverage for:

  • Business interruption: Compensation for revenue lost during forced closures or downtime.
  • Incident response: Immediate access to expert investigators and forensic teams.
  • Data recovery: Costs associated with the loss, restoration and decontamination of critical data.

Connect with us to access cyber risk management expertise and guidance for protecting your business operations.

connect with us

Sources

1 Desktop Windows Version Market Share in Australia - November 2025, Statcounter Global Stats, accessed 08 Dec 2025.

2 What Was the WannaCry Ransomware Attack?, Cloudflare, accessed 08 Dec 2025.

Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312

MORE NEWS & INSIGHTS