top of page
Search

Windows 10 Support Ends October 2025: Is Your Business Ready?

  • janna7555
  • Aug 28
  • 3 min read

As of October 14th 2025, Microsoft will officially cease providing security updates and technical support for Windows 10. While the operating system will continue to function in basic form, the lack of security fixes will leave your company’s devices and data increasingly vulnerable to cyber threats such as malware, ransomware and data breach attacks.


Why this matters for businesses


·       Rising risk of compromise: Without security updates, vulnerabilities in your systems will remain open to exploitation from criminals. Businesses, especially SMEs, cannot afford such exposure and should take the necessary steps to remain cyber resilience.

·       Loss of official support: Microsoft customer support will also no longer be available after October 2025. Without this safety net, businesses still operating on Windows 10 may have to rely on unofficial internal or third-party resources.

·       Degradation of software and apps: Certain applications such as Microsoft 365 will eventually lose feature updates on Windows 10 and become incompatible with new software and hardware over time.

·       Regulatory and compliance implications: Operating on unsupported software can conflict with cybersecurity regulations such as GDPR or Cyber Essentials. The National Cyber Security Centre (NCSC) has emphasised the importance of upgrading your systems to a more modern alternative to ensure overall cyber resilience.


What should businesses do now?


·       Audit your Windows devices: You must identify which of your company’s systems still run on Windows 10 and what versions they are running on. If your device can upgrade to Windows 11, then it is important that you do this as soon as possible. However, we understand that some hardware does not allow this upgrade. In this case, it is recommended that your Windows 10 devices are pushed to version 22H2 if they aren’t already. This is the most recent version of Windows 10 and should only be used as a temporary solution until you are able to upgrade fully to Windows 11.

 

·       Carefully plan the transition: It is important to plan your upgrades carefully. Use Microsoft’s official upgrade guide to successfully and safely upgrade your existing devices to Windows 11. If you have devices which do not support Windows 11, then budget for new hardware, prioritising critical systems first.

 

·       Reinforce other defences: Even if you have upgraded to Windows 11, the cyber threats don’t disappear. Vulnerabilities unrelated to Microsoft or day-to-day errors made by staff can still be exploited by criminals. This is why it’s essential to strengthen your wider cyber defences.

 

·       Educate your staff: Communicate the upcoming changes with your staff and provide guidance on upgrades to prevent any confusion amongst your team and reduce disruption or downtime in business operations.

 

·       If you need more time to move to Windows 11, Microsoft recommends you enrol your Windows 10 device in Extended Security Updates (ESU) program, which you can enrol any time until the program ends on October 13, 2026. 


Final thoughts


It is important that businesses act now before Microsoft’s pivotal cybersecurity deadline of 14th October 2025, when Windows 10 will lose all support and updates, leaving your business’ devices and data exposed. A well-informed and proactive approach will ensure the safety of your systems and data. A cyber resilient business is built on layers; therefore, by combining the upgrading of your systems to Windows 11 with strong cybersecurity protocols elsewhere in your business, you’re not just avoiding the risks associated with using an outdated OS, you’re putting your business in a stronger, safer position against future cyber threats.


Are you confused about how this may affect your business? Or maybe you just need some extra help to upgrade your systems to Windows 11. If so, the SECRC are here for you. Contact us today and one of our friendly, knowledgeable team will be in touch to help with your query!


Example Scenario


Say we have “ABC Plumbing Ltd”, a small UK plumbing business who take card payments over the phone when booking jobs.  The admin team enters card details using a Windows 10 PC computer.  PCI DSS requires that all systems handling payment data are vendor-supported and patched.  This could mean the payment processor could refuse to process the payments as your systems are not compliant.

 
 
 
NPCC
TVP Logo
Hampshire Police Logo
SEROCU logo
Surrey Police Logo
Sussex Police Logo
Cyber Essentials Logo
Cyber Essentials Plus Logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of the South East Cyber Resilience Centre is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The South East Cyber Resilience Centre provides funded services and Cyber Essential Partners if you need specific support. For specific questions please contact us at enquiries@secrc.police.uk.  The South East Cyber Resilience Centre does not accept any responsibility for any loss that may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

© 2022 - 2025 The South East Cyber Resilience Centre

Registered in England & Wales, No. 13263448 

TM

  • Facebook for South East Cyber Resilience Centre
  • LinkedIn for South East Cyber Resilience Centre
  • X for the South East Cyber Resilience Centre
  • Youtube for South East Cyber Resilience Centre
  • Instagram for South East Cyber Resilience Centre
  • Threads
bottom of page