Why Addressing Legacy IT is an Urgent Strategic Priority for CISOs

https://www.infosecurity-magazine.com/news-features/legacy-it-strategic-priority-cisos/

Publish Date: 2026-04-06 21:00:05

Source Domain: www.infosecurity-magazine.com

Microsoft’s announcement of halting support for Windows 10 post October 14, 2025, has triggered critical discussions around cybersecurity, especially concerning legacy IT systems. Following this cutoff, Microsoft will cease providing security patches, leaving these systems susceptible to new vulnerabilities. Urgency surrounds the transition to Windows 11, as underscored by the National Cyber Security Centre (NCSC) warning about the reluctance of many organizations to migrate from Windows 10 due to past complacency, which led to significant security breaches like the WannaCry attack in 2017.

Extending this issue, the broader reliance on legacy IT systems poses significant cybersecurity risks. The National Audit Office’s report from early 2025 highlighted 228 legacy systems across UK government departments, with 28% deemed high risk. Numerous reasons contribute to this reliance, from comfort zones with existing systems to a lack of awareness regarding the full extent of legacy infrastructure in organizations.

Key points from the article include the need for urgent action to upgrade legacy IT systems, due to the increasing focus of attackers on these weak areas; the substantial challenges, including resource and cost concerns; and the importance of aligning security upgrades with business continuity to convince management of the necessity behind such investments. Effective strategies for legacy migration involve building a clear inventory of legacy systems, employing phased migration approaches to minimize business disruption, and establishing ongoing oversight and lifecycle management to prevent future accumulation of high-risk legacy infrastructure.