Microsoft support for Windows 10 ended on 14 October 2025, meaning that updates and bug fixes will no longer be dispatched to those who continue to use the operating system. A survey from the consumer organisation Which? has found that approximately five million British computer users are vulnerable to cyber-attacks and scams, including malware and viruses, if they do not upgrade their systems.
The problem of widely used software solutions is that when they stop a lot of people get taken by surprise. Windows 10 has been the backbone of systems since 2015, but it is now heading for obsolescence, and with it will come the shock and risk of the unprepared. After 14 October 2025, technical assistance, feature updates and most importantly security updates will no longer be provided. If you have devices running Windows 10, and they cannot upgrade to version 11, you are going to run increasing risks with your cyber security.
The risks of outdated software were highlighted this week when Microsoft identified and sought to mitigate an exploit in its Edge browser’s Internet Explorer (IE) mode. That functionality exists to allow for access to legacy websites that still rely on technologies such as Flash and ActiveX controls. The IE mode in the Edge browser allows users to access those sites without having to leave the Edge environment.
Similarly, the UK’s National Cyber Security Centre recently issued an alert urging organisations to take action to mitigate a vulnerability in the widely used Oracle E-Business Suite software. Without implementing the patch issued by Oracle, systems would remain vulnerable to unauthenticated attackers gaining access to those systems.
What to do to enhance your businesses’ cyber security
To best protect yourself from cyber attacks, the most important thing to do is check the system you are running and work out if you can upgrade it. If this isn’t an option, think about your insurance. According to a UK government survey concluded that only 45% of businesses across the spectrum have cyber insurance.
It is advisable for businesses to:
- Review and update your software systems so your technology has more protection.
- Consider getting cyber insurance so your company is protected should it be victim to an attack.
- Review your cyber insurance policy to check what is covered. Losses and business costs that you will want your policy to cover will include:
- Business interruption and resultant loss of income
- Forensic investigation and data restoration
- Legal advice
- Third party liability claims
- Regulatory reporting and (where covered) fines
- Reputation management
- Ransomware payments (in some cases, and becoming more rare)
In today’s world you need to think about your system security and your insurance cover, or the lesson can be very painful. Recent examples of high profile breaches include those against M&S, Coop, Harrods, Salesforce, and Jaguar Land Rover (JLR). In the case of JLR, no cyber insurance policy had been put into place before the attack, though the company had reportedly been working with a broker on securing a policy. The attack on JLR resulted in over a month of lost production, with lost profits reaching millions of pounds per day. So concerning was the disruption, that JLR reportedly secured a £1.5bn loan guarantee from UK Export Finance, as well as commercial credit facilities in the range of £2B, to seek to insulate against possible longer term disruption. Read more about the JLR cyber attack here.
The UK government acknowledged the growing urgency of cyber security preparedness with an announcement on 14 October that senior ministers and security officials will be urging large UK businesses, in particular, to improve their cyber security defences. Those efforts began with a letter issued to all FTSE100 and FTSE250 companies, and other large UK businesses, setting out the need for “immediate and robust action to confront evolving cyber threats.”
If you have questions or concerns about cyber security, please contact James Tumbridge and Robert Peake.