More than half of the world’s PCs—53% to be precise—are still running Windows 10, a staggering statistic just weeks before Microsoft officially retires the operating system on October 14, 2025. New telemetry data from Kaspersky paints a sobering picture: only 33% of devices have moved to Windows 11, and a surprising 8.5% cling to Windows 7, an OS that lost support in 2020. These numbers underscore a growing security gap that threatens consumers, businesses, and critical infrastructure alike once the free patch spigot turns off.
The Data Divide: Kaspersky vs. StatCounter
The headline figures come from Kaspersky’s Security Network (KSN), which samples consenting users of its endpoint products. In that dataset, Windows 10 dominates at roughly 53%, Windows 11 at 33%, and Windows 7 at 8.5%. Among corporate endpoints, Windows 10 usage spikes to nearly 60%, while small businesses sit at 51%. This telemetry measures what’s actually installed on machines—not just what’s browsing the web.
That distinction matters because web-traffic trackers like StatCounter tell a different story. For August 2025, StatCounter reported Windows 11 at 49.02% and Windows 10 at 45.65% in global pageviews. Pageview samples skew toward heavy web users and can miss offline or rarely surfing devices, which often include older, mission-critical systems. Neither dataset is a perfect census, but the takeaway is unanimous: an enormous installed base still relies on software Microsoft will soon abandon.
Why Users Are Holding Onto Windows 10
Three forces drive this inertia. First, hardware incompatibility. Windows 11 demands TPM 2.0 and specific CPU generations, locking out millions of devices that are otherwise perfectly functional. Second, operational risk. Businesses with bespoke applications, regulated workflows, or thin IT staffing avoid disruptive upgrades without extensive testing. Third, perceived friction. Many users—especially in SMBs—view Windows 11’s interface and workflow changes as unnecessary, preferring Windows 10’s familiarity.
These are legitimate concerns, but they collide with an immutable deadline. On October 14, 2025, Microsoft stops shipping free security updates for Windows 10. Devices will boot and run, but any vulnerability discovered afterward becomes a permanent gateway for attackers unless patched via paid Extended Security Updates (ESU) or a full OS upgrade.
The Security Countdown: What Happens on October 14
When Microsoft ends support, the threat landscape shifts fast. Malicious actors track vendor timelines and stockpile exploits, knowing that unsupported platforms are low-hanging fruit. Past end-of-life cycles—Windows XP, Windows 7—proved that exploit proliferation accelerates dramatically within months of patch cutoff.
Unsupported Windows 10 systems will be increasingly vulnerable to ransomware, credential theft, and supply-chain attacks. An unpatched device connected to a corporate network becomes a pivot point for lateral movement. Security software like antivirus and EDR provides a layer of defense, but it cannot replace OS-level patches that fix fundamental kernel or protocol flaws. As Kaspersky’s experts note, relying on third-party tools alone is a gamble that rarely pays off in the long run.
Extended Security Updates: A Stopgap, Not a Solution
Microsoft offers ESU to buy time. For consumers, it’s a one-year bridge through October 13, 2026, at a nominal cost. Three pathways exist: sync PC settings via Windows Backup (free), redeem 1,000 Microsoft Rewards points, or pay a one-time $30 fee covering up to 10 devices per Microsoft account. Enrollment lives under Settings > Update & Security > Windows Update once eligible. A sharp operational catch: a Microsoft account is mandatory; devices running local-only accounts must convert, frustrating privacy-conscious users.
Commercial customers enter a different cost universe. Enterprise ESU is purchased per device, typically through volume licensing or cloud partners, and prices escalate with each renewal year. For a fleet of hundreds or thousands of devices, the tab can quickly surpass the cost of a hardware refresh. ESU also covers only “critical” and “important” security patches—no feature updates, no tech support. It’s a controlled stopgap, never a permanent fix.
Regional Adoption Lags Highlight Systemic Risks
Kaspersky’s regional snapshots reveal stark disparities. In the Middle East, only 31% of devices run Windows 11, while 54% stay on Windows 10 and nearly 8% on Windows 7. Africa shows 36% on Windows 11, 53% on Windows 10, and 4.5% on Windows 7. Emerging markets and public-sector deployments often harbor older hardware that can’t meet Windows 11’s requirements, widening the security divide. These are not just numbers; they represent hospitals, government offices, and small businesses that will soon operate with a target on their backs.
Business and Compliance Risks
Regulated industries face a ticking time bomb. Many frameworks—HIPAA, PCI DSS, GDPR—require supported software with timely patching. Cyber insurance policies increasingly mandate up-to-date OSes; failing to migrate could void coverage. Unsupported drivers and peripherals may stop functioning with newer cloud services, while legacy hardware without ongoing driver fixes becomes a compatibility minefield. The cost of reactive breach remediation far exceeds the cost of proactive migration. One industry estimate pegged post-EOL cleanup costs at 3–5 times the expense of a planned upgrade cycle.
A Practical Migration Playbook
IT teams and informed consumers can follow this step-by-step plan to move from risk to action:
- Inventory and classify every device. Record make, model, Windows build (must be 22H2 for ESU), TPM version, and CPU. Tag machines with admin credentials, sensitive data, or external connectivity as top priority.
- Determine upgrade eligibility. For devices meeting Windows 11 requirements, pilot the upgrade on representative hardware with a rollback plan. For ineligibles, check BIOS updates or TPM/CPU upgrades where feasible. Otherwise, plan hardware replacement.
- Adopt a phased migration schedule. Move high-risk endpoints first—internet-facing terminals, finance, HR, and executive devices. Use a pilot group to uncover application incompatibilities before broad deployment.
- Use ESU only as a controlled bridge. Enroll irreplaceable devices in ESU to buy months, but document a hard retirement date. ESU is not a substitute for migration.
- Harden legacy endpoints immediately. Implement network segmentation, restrict internet access for unsupported devices, enforce least privilege, and ensure endpoint protection and multi-factor authentication are current.
- Prepare user training. Short tutorials and clear documentation reduce productivity loss and support tickets. Gamify the transition where possible to boost adoption.
- Monitor and revise weekly. Maintain a register of ESU-covered devices with renewal deadlines and ownership. Track Windows 11 rollout status against compliance milestones.
Alternatives to Windows 11
When hardware can’t be replaced, alternatives exist:
- Linux desktop distributions. Modern distros like Ubuntu, Linux Mint, or ChromeOS Flex can breathe life into older hardware, provided users aren’t locked into Windows-only software. Community toolkits simplify the switch for SMBs.
- Cloud desktops. Windows 365 or Azure Virtual Desktop stream a supported Windows 11 session to aging hardware, bypassing local OS limitations entirely. This works well for distributed workforces but adds monthly subscription costs.
- Device refresh programs. OEMs and retailers often run trade-in promotions that subsidize new purchases, making capital expenditure more palatable.
Each path carries unique trade-offs in security, cost, and user experience. A mixed approach—cloud desktops for some, hardware refresh for others, Linux for kiosks—often yields the best results.
Cost Considerations: From Free to Five Figures
For households, the math is simple: $30 or free for one more year of patches. For enterprises, the calculus is brutal. ESU pricing escalates sharply after the first year, and per-device fees for hundreds of seats can exceed $100,000 annually. Deferring migration also incurs hidden costs: lost productivity from unplanned outages, rush upgrade fees, and breach damages. A proactive, budgeted hardware refresh aligned with fiscal cycles remains the most cost-effective long-term strategy.
What to Do This Month
Home users should verify their Windows 10 build (Settings > System > About; aim for 22H2), back up files, and choose an upgrade path or enroll in ESU via the free Windows Backup method. Enable automatic updates to catch any remaining patches before the deadline.
Business IT managers must launch a prioritized audit immediately. Identify every Windows 10 device, test Windows 11 on pilot groups, purchase enterprise ESU only for non-replaceable systems, and deploy network segmentation and strengthened endpoint protections now. Post-October 14, the window for safe, measured action closes quickly.
The Clock Is Running Out
October 14, 2025, is more than a product lifecycle milestone—it’s a security inflection point. With 53% of the world’s PCs still on Windows 10, the attack surface is vast. Microsoft’s ESU program provides a brief financial bridge, but the ultimate solution is migration. Inventory, classify, and act with speed. Those who treat the deadline as an impetus for disciplined IT hygiene will not only avoid breaches but will emerge with a more modern, resilient infrastructure.