End of Windows 10 support: what do you need to know to stay compliant with your cyber Dattak insurance?

Microsoft is ending support for Windows 10 on October 14, 2025. From that date, Windows 10 will no longer receive security patches.
This document explains the impact of this situation on compliance with the technical prerequisites of cyber Dattak insurance, and the actions recommended depending on your situation.

Two requirements concerned

Our underwriting conditions may include :

• AV: use of up-to-date antivirus software on Windows workstations and servers
• MCS: the use of operating systems and software still maintained by their publishers.

These two requirements are complementary:

• The AV requirement applies to all insured companies.
• The MCS requirement applies only to companies with sales in excess of 50 million euros.

If your company generates sales of less than €50 million

➡ Only the "up-to-date antivirus" prerequisite applies.

If you use Microsoft Defender antivirus (the antivirus built into Windows), it should continue to receive signature updates until 2028. The AV requirement is therefore met for companies with sales of less than €50 million until that date.

However, its antivirus engine and Windows 10 itself will no longer be kept up to date after October 2025. We therefore recommend that you use an antivirus offered by a third-party vendor (Bitdefender, F-Secure, ESET, McAfee, Norton, Kaspersky, Sophos, Avast, AVG, etc.), which will remain fully supported.

If you're already using a third-party antivirus, the end of Windows 10 support will not impact your compliance with the Dattak prerequisites, as long as the antivirus remains up to date.

Important clarification on antivirus

An antivirus receives two types of updates, which do not cover the same needs:

• Signatures: the "list" of new threats detected by the antivirus. They can continue to be updated on Windows 10 after October 14, 2025.
• Antivirus engine: the software itself. Its update on Windows 10 is not guaranteed after October 14, 2025.

Even with recent signatures, the absence of Windows patches leaves loopholes open in the system.

Please note: even if your compliance is respected by using Microsoft Defender on Windows 10, an unmaintained operating system remains more vulnerable to new threats.

If your company generates over €50m in sales

➡ In addition to meeting the AV prerequisite, you must also meet the MCS prerequisite, i.e. use an up-to-date maintained operating system and software.

This means preparing to migrate to Windows 11 or another supported system before October 2025, in order to remain compliant and guarantee an optimum level of protection.

Please note: End of support for Windows 10 and ESU

Microsoft will end support for Windows 10 on October 14, 2025. Companies can benefit from Extended Security Updates(ESUs) until October 2028. ESUs provide security patches only, and do not cancel Windows 10 obsolescence.

Access to the ESU program represents a significant cost: $61 per seat in the first year, $122 in the second, and $244 in the third, to push you to make the migration sooner rather than later.

For companies with sales > €50m, the ESU validates the MCS requirement for the duration of the subscription. You still need to plan your migration to a supported OS (e.g. Windows 11) to remain compliant beyond this date.

Please note: you cannot upgrade your Windows 10 workstations (e.g. industrial equipment).

If you are unable to upgrade (due to contractual or production constraints), compensatory measures can be adopted to limit the impact in the event of compromise, and thus validate the MCS prerequisite:

• Network segmentation / VLANs dedicated to Windows 10 workstations,
• Reinforced access controls (local firewall, application authorization list),
• Usage restrictions (no direct Internet access, limited rights).

To summarize

Cyber risk is the number 1 risk for any company, whatever its size.