Microsoft Edge Canary Windows 7Source: Microsoft

What you need to know

  • Windows 7 is still 'nearly ubiquitous' at large companies, and has a large presence in the education and government sectors, according to a new study.
  • That's despite Windows 7 reaching end of support on January 14.
  • Windows 7's prevelance represents a potential security threat for many organizations unless they migrate to Windows 10 or pay for extended security updates.

Windows 7 reached its end of support date on January 14, but it's still heavily relied upon by a large number of organizations, according to a new study. BitSight, a company that runs a security ratings platform, found that almost 90 percent of large companies with more than 10,000 employees still run Windows 7. That's compared to 61 percent of companies with fewer than 1,000 employees, the company said in a press release today.

The overall picture is similar for education and government sectors. BitSight found that both verticals have a Windows 7 deployment rate above 80 percent (84 percent for education and 82 percent for government). Expanding to retail, transportation, manufacturing, and healthcare industries shows that just above 40 percent of all PCs in each runs Windows 7.

BitSight obtained its data by analyzing data from around 60,000 organizations over the past 60 days. Overall, BitSight says, nearly 70 percent of those 60,000 organizations were running Windows 7 "in some capacity." Though reliance on Windows 7 isn't evenly spread across all of these organizations, BitSight found that 51 percent of those in the study had Windows 7 running on more than one in 10 machines.

Save big with VPN deals from ExpressVPN, PureVPN, Surfshark & more

Because Microsoft will no longer provide security updates for Windows 7 going forward, its presence across all sectors is an area of concern. Microsoft offers extended security updates for organizations that pay for them, and it has vowed to protect election systems with further security updates through 2020. However, it's unlikely that every organization that uses Windows 7 in some capacity will opt to purchase paid security updates.

The obvious solution, BitSight points out, is to upgrade machines to a newer operating system. However, upgrading and patching PCs across an entire organization takes time, and there are numerous reasons to delay such a rollout. The process can become even more complicated for companies that rely on bespoke software that doesn't play nice with Windows 10 for one reason or another as well.

"Any organization relying on [Windows 7] moving forward could be susceptible to a security issue, attack or data breach unless they purchased extended support from Microsoft," BitSight said in its press release.

The high-profile "WannaCry" ransomware outbreak that impacted Britain's National Health Service in 2017 showed how a lapse in security can disturb large organizations. With Windows 7 still in wide circulation without guaranteed security updates, attacks like "WannaCry" are a threat that looms large.