Are Your Clients Still Running Windows 7? Know the Risks

Back to Blog

Are Your Clients Still Running Windows 7? Know the Risks

As we settle into the new year, we continue to watch users’ slowly distance themselves from Windows 7. In January 2020, Microsoft announced the end-of-life (EOL) for one of the world’s most popular operating systems. Yet, despite security warnings and application incompatibility notices, many organizations are still running the defunct operating system (OS) into another year.

According to third-party statistics, the number of corporate computers that continue to run  Windows 7 puts the version in second place as the most-used desktop OS, with more than 20 percent of the market share.1 But those many machines of recent antiquity pose substantial risks.

No Patches, No Protection

Without regularly updated security patches, every device running Windows 7–and the data on those devices–is at risk. Yes, Microsoft continues to offer an Extended Security Updates (ESU) program, but only to those customers who pay for it and only if Windows 7 was purchased as part of a volume license agreement. For many smaller organizations, the cost of additional services may be too much. But it’s just enough for hackers.

Security Holes Are Open Doors for Hackers

Cybercriminals constantly ferret out vulnerable security holes in business networks–it’s one of the easiest ways to gain entry. The massive WannaCry attack in 2017 looms large as an example of the devastating potential of unpatched security holes. At the time, the U.S. National Security Administration (NSA) identified a security weakness in Windows that was instrumental in network communications. Rather than alerting Microsoft–who could have then created a security patch–the NSA built a tool that exploited the vulnerability. Ambitious bad actors then stole the tool to attack systems across the globe. The incident hit 200,000 devices, with 98 percent of those infected running Windows 7.

Without Microsoft support and security patches, all Windows 7 systems are defenseless against aggressive hackers looking for the next easy opportunity. After all, hackers reportedly strike every 39 seconds.2 And with an average price tag of $3.86 million,3 a breach can quickly put a small company out of business. Additionally, ransomware such as WannaCry, that can remotely run malicious code or malware, could instigate a ravaging global incident.

Unsupported systems pose greater risks than just exposure to data breaches. Lack of regular updates can cripple device functionality and performance. Sluggish networks, bugs, and frequent crashes hinder productivity and, ultimately, profit.

The longer businesses run Windows 7 devices, the more time cybercriminals have to find and exploit vulnerabilities. The risk isn’t worth the gamble, and the threat isn’t just financial. A data breach can spur diminished productivity, reputation damage, and loss of customers and their trust – things cyber insurance can’t replace.

Educate Your Clients

MSPs should explain the risks of running an outdated OS to their clients and encourage them to upgrade. Windows 7 end-of-life is a viable opportunity for MSPs to expand their services and customer base.

Check out our free e-book for MSPs to share with their clients: Windows 7 End of Life is Here – Know the Risks and Your Options.


  1. Microsoft Announces the Demise of Windows Embedded Standard 7, Softpedia News, November 2020
  2. 110 Must-Know Cybersecurity Statistics, Varonis, 2020
  3. Cost of a Data Breach Report, Ponemon Institute, 2019