One year to go for Windows 10: Here’s the security impact of not updating

Review the long-term risks of staying with Windows 10

But should you stick with Windows 10 even if you decide to purchase ESU patches? First, review your cyber insurance policy for possible coverage issues if you decide to continue Windows 10 without patches or continue using Windows 10 with ESU coverage.

Insurance policies often refer to PCI DSS standards for guidelines for maintaining coverage. Coverage may be refused or waived on the basis of, as a result of or in any way involving:

• Any failure by the insured to comply with the PCI Data Security Standard or any payment card company policies.
• Implementation, maintenance or compliance with security measures or standards relating to any payment card Data, including, without limitation, any fines or penalties imposed by the payment card issuer on a merchant bank or payment processor that the Insured has paid or agreed to reimbursement or security.

For example, in the case of point-of-sale systems, PCI DSS standards indicate that systems are protected with the required controls—file integrity monitoring, malware protection, patching, audit logging, and so on. Therefore, to maintain PCI DSS compliance, you cannot leave your point of sale systems installed, operational, and interacting with customers without consciously protecting and patching them. If you don’t have safeguards in place, you risk losing your cyber insurance.