A new platform called Psst has launched to help tech and government workers report wrongdoing anonymously and securely.

Users submit encrypted text-only reports into a “digital safe” at www.psst.org. These stay locked unless others report similar issues, helping protect identities and reveal patterns of misconduct.

Only Psst’s legal team can access matched reports, ensuring legal privilege and shielding whistleblowers from retaliation.

The tool avoids uploads to reduce traceability and plans to automate matching using secure hardware enclaves.

Psst arrives amid growing concern that insiders fear speaking out on security, safety and ethics—especially in fast-moving tech sectors.

Businesses should review their own reporting systems and ensure staff can raise concerns safely and confidentially.

A pioneering European mission has successfully engineered an artificial total eclipse in orbit, unlocking new insights into the Sun’s outer atmosphere and showcasing precision spaceflight powered by sustainable innovation.

World-First

In a world-first achievement for orbital science, the European Space Agency (ESA) has unveiled the first results from its ambitious Proba‑3 mission to create a controlled, artificial total solar eclipse in space. The breakthrough offers an unprecedented look at the Sun’s superheated outer atmosphere (the corona) while also demonstrating the practical viability of precision formation-flying spacecraft, a key enabler for sustainable and scalable space missions of the future.

How?

Proba‑3, launched on 5 December 2024 aboard a PSLV-XL rocket from India’s Satish Dhawan Space Centre, is made up of two satellites flying 150 metres apart in Earth orbit. One of the spacecraft, dubbed the Occulter, carries a 1.4-metre disc designed to block the bright central disc of the Sun, thereby mimicking the effect of the Moon during a total solar eclipse. The other, the Coronagraph, holds a specialised optical instrument called ASPIICS, built to observe the faint corona that surrounds the Sun.

“We can create our eclipse once every 19.6-hour orbit,” explained Andrei Zhukov, Principal Investigator for ASPIICS at the Royal Observatory of Belgium. “Unlike natural eclipses, which happen at most a couple of times a year and only last a few minutes, we can hold our eclipse for up to six hours.”

Why?

The Sun’s corona is a region of superheated gases that unexpectedly reach temperatures above one million degrees Celsius, which is far hotter than the visible surface of the Sun itself. This apparent paradox has puzzled scientists for decades and holds key information about solar weather, particularly the origins of powerful coronal mass ejections (CMEs) and solar winds.

These solar outbursts can create dramatic auroras but also cause serious disruption to power grids, communications, navigation systems and satellites on Earth. For example, in May 2024, a strong solar storm caused blackouts and temporarily disabled GPS in several regions. Understanding how and why these solar events happen has, therefore, become not just a matter of scientific curiosity, but one of economic and infrastructure resilience.

The Proba-3 mission was designed precisely to address this knowledge gap, by allowing scientists to observe the corona much more frequently, and in greater detail, than has ever been possible before.

The Technology

The technical achievement behind Proba-3 is pretty remarkable. For example, to maintain their alignment while orbiting Earth at speeds of around 1 kilometre per second, the two satellites must remain synchronised to within just a few millimetres. Doing so without continuous input from ground control relies on a suite of advanced guidance, navigation, and control technologies, many of which were developed by European startups and SMEs.

From Different Countries

Dutch company Lens R&D, a graduate of ESA’s Business Incubation Centre, developed the high-precision Sun-tracking sensors which allow the spacecraft to detect minute changes in the Sun’s position, essential for staying locked in alignment. Irish firm Onsemi (formerly SensL) supplied silicon photomultipliers, i.e., the extremely sensitive light detectors that monitor the shifting shadow of the Occulter on the Coronagraph to fine-tune positioning.

Also, software from Polish firm N7 Mobile, which transitioned from consumer app development to embedded systems, handles the formation control logic. This software suite coordinates the orbital choreography required to maintain the artificial eclipse while minimising reliance on ground-based commands.

“Although we are still in the commissioning phase, we have already achieved precise formation flying with unprecedented accuracy,” said Damien Galano, ESA’s Proba-3 mission manager. “This is what allowed us to capture the mission’s first images, which will no doubt be of high value to the scientific community.”

What the Images Show

The ASPIICS instrument (short for Association of Spacecraft for Polarimetric and Imaging Investigation of the Corona of the Sun) was built by an industrial consortium led by the Centre Spatial de Liège in Belgium. Its design reduces the amount of stray light reaching the detector by keeping the Occulter spacecraft well ahead of the Coronagraph, something that’s physically impossible with ground-based or single-satellite coronagraphs.

The very first images processed by the ASPIICS Science Operations Centre in Belgium show the ghostly, intricate structures of the corona stretching outward from the Sun’s surface. The images are composites, created by combining multiple exposures of varying lengths to capture both faint outer loops and brighter inner details.

“The difference between these and traditional eclipse images is striking,” noted ESA project scientist Joe Zender. “ASPIICS sees deeper into the corona and for much longer periods than we ever could from Earth.”

A second instrument onboard Proba-3, the Digital Absolute Radiometer (DARA), will measure the total solar irradiance which is essentially the power output of the Sun over time. This could contribute to long-term climate modelling, space weather forecasting, and understanding solar variability.

A third device, the 3D Energetic Electron Spectrometer (3DEES), will monitor high-energy electrons in Earth’s radiation belts, which pose risks to satellites and astronauts.

Milestone in Sustainable Engineering

Beyond scientific discovery, Proba-3 is also being hailed as a milestone in sustainable space engineering. For example, by proving that precision formation flying is feasible with minimal intervention, the mission sets a precedent for future multi-satellite missions that could reduce launch mass, hardware duplication, and overall system complexity.

According to Dietmar Pilz, ESA Director of Technology, Engineering and Quality: “Many of the technologies which allowed Proba-3 to perform precise formation flying have been developed through ESA’s General Support Technology Programme, as has the mission itself. It is exciting to see these stunning images validate our technologies in what is now the world’s first precision formation flying mission.”

Formation flying has long been viewed as a promising approach to improving the modularity and upgradeability of space systems. Instead of building one large satellite to perform multiple tasks, smaller, specialised satellites can fly together in tandem, each optimised for a particular role, and coordinated by autonomous onboard software.

It’s thought this approach could dramatically reduce launch costs, simplify end-of-life decommissioning, and even allow future satellites to replace individual modules of larger systems without scrapping the whole assembly. These efficiencies all contribute to reducing the environmental impact of space operations, both in terms of material use and space debris.

Valuable For Predictive Modelling

For solar physicists, Proba-3’s ability to generate high-quality coronal data on demand opens new avenues for predictive modelling. Early observations have already fed into the development of more accurate computer models, such as ESA’s COCONUT (COroNal simUlaTion) software at KU Leuven in Belgium, which can now be adjusted using real, high-resolution data instead of extrapolated estimates.

“These observations will help refine our simulations of solar behaviour and improve our ability to forecast disruptive events,” said Jorge Amaya, ESA’s Space Weather Modelling Coordinator. “This ultimately helps industries and governments better prepare for the impact of solar activity.”

Showcases Space Tech Capability

For European space tech businesses, Proba-3 could also be seen as a showcase of regional capability. More than 40 companies from 14 countries contributed to the mission, with key roles played by Sener (Spain), GMV, Airbus Defence and Space, Redwire Space and Spacebel (Belgium). Their collaboration underscores Europe’s growing leadership in cutting-edge satellite technologies and fosters new opportunities in the global space market.

Helping Protect The Earth

For Earth itself, the implications are longer-term but just as vital. For example, better understanding the Sun means better protecting Earth’s climate, infrastructure, and communication systems from space weather threats, a growing concern in an increasingly digital and satellite-reliant world.

What Does This Mean For Your Organisation?

That same need for resilience is being felt across industries, including here in the UK. As sectors from energy to aviation to telecoms become increasingly dependent on satellites and GPS systems, the ability to monitor and predict solar weather is moving from scientific interest to operational necessity. A better understanding of solar dynamics could allow UK businesses to put stronger safeguards in place, from data backup protocols to grid protection strategies. For infrastructure operators, insurers, and digital service providers alike, that foresight could prove invaluable.

The engineering and innovation model behind Proba-3 also carries lessons for future sustainability-focused projects. For example, the involvement of multiple smaller European firms, including several startups, highlights a decentralised and collaborative approach that appears to have delivered advanced results without relying on single-use mega-systems. It’s a structure that supports technical excellence, local supply chains, and long-term adaptability. In the UK, where the space sector is looking to expand its global footprint while meeting environmental goals, this kind of scalable, formation-based architecture could be a defining direction.

For researchers, the mission offers more than just data. It demonstrates that high-risk, high-precision science is still possible with tight constraints and sustainable principles in mind. By proving that a six-hour solar eclipse can be recreated on demand from orbit, Proba-3 has not only opened a new window into solar physics, but it has also set a benchmark for how future missions might balance ambition with responsibility.

This video shows how you can make sure that your website is optimised for SEO and that all your products and services will have the highest likelihood of being indexed and found properly … all with the few clicks of some buttons … and some handy prompts !

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Need to check a voice note during a meeting or just prefer reading over listening? WhatsApp now lets you transcribe voice messages into text in just a few taps.

How to:

– Go to ‘Settings > Chats > Voice message transcripts’ in WhatsApp.
– Choose your preferred language (e.g. English).
– Then, in any chat, tap and hold the voice message.
– Select ‘Transcribe’ when the option appears.

What it’s for:

Ideal for catching up on messages when you can’t play audio out loud — or for double-checking long or unclear voice notes.

Pro‑Tip: Transcription works offline and on-device for privacy — but always scan the text for errors before forwarding or quoting.

A massive trove of stolen usernames and passwords totalling 16 billion records has been discovered across 30 newly uncovered databases, revealing one of the largest and most dangerous credential breaches ever recorded.

Two Login Credentials for Every Person on Earth

Security researchers at Cybernews have uncovered an unprecedented cache of login data scattered across unsecured web databases. These exposed collections, some open to the internet only briefly, were mostly hosted on misconfigured Elasticsearch instances or cloud object storage services, making them accessible without authentication.

All but one of the 30 datasets involved in the breach had not been reported previously. Combined, they include roughly two login credentials for every person on Earth!

A Blueprint For Mass Exploitation

“This is not just a leak – it’s a blueprint for mass exploitation,” said the Cybernews team, who have been tracking the breach since early 2024. “The structure and recency of these datasets make them particularly dangerous.”

From Apple, Google, Facebook, and More

While large-scale data breaches have become disturbingly common, this incident stands out for the freshness of the data and the scope of what’s included. For example, Cybernews has reported that the breach includes login credentials drawn from a huge range of services including Apple, Google, Facebook, GitHub, Telegram, VPNs, and even government portals.

More Than Just Usernames and Passwords

The datasets primarily consist of credentials stolen by infostealers, i.e. a type of malicious software designed to extract sensitive information from infected computers. Once installed (often via phishing emails, fake software updates, or pirated software), infostealers scan the victim’s device for stored logins, cookies, authentication tokens, and autofill data. These details are then quietly sent back to attackers’ servers.

In most cases, Cybernews reports that the stolen data is structured in a familiar format, i.e. the website URL, the username or email address, and the associated password. Some records are reported to include extra metadata, such as session cookies or two-factor authentication tokens, which can significantly aid attackers in bypassing security protections.

Cybernews estimates that some overlap exists between datasets, but even conservative estimates suggest billions of distinct login records are involved. The largest single collection, linked to a Portuguese-speaking population, holds over 3.5 billion records. Others are named generically (such as “logins” or “credentials”) while some reference specific services like Telegram or locations such as the Russian Federation.

Who’s Behind It and Who’s Affected?

It appears that the origin of these leaked datasets remains murky. Although some may have been compiled by cybercriminals intent on launching mass-scale phishing or credential stuffing attacks, others could belong to grey-hat researchers, aggregating leaked data for academic or threat intelligence purposes. However, it should be noted that the absence of clear attribution makes them no less dangerous.

Cybersecurity experts have warned that even if only a fraction of the 16 billion records are actively exploited, the consequences could be severe. Identity theft, business email compromise (BEC), unauthorised access to cloud services, ransomware attacks, and financial fraud are all plausible next steps.

A significant concern is that many users still reuse the same password across multiple sites (known as ‘password sharing’). Attackers often employ credential stuffing, a tactic that involves testing stolen username/password pairs against a wide range of sites, hoping users have reused credentials elsewhere.

The impact is not likely to be just limited to individual consumers. Businesses, particularly those lacking multi-factor authentication (MFA) or modern password management protocols, are at risk of full-scale account takeovers. These in turn could lead to data theft, service disruption, or reputational damage.

What Tech Companies and Security Experts Are Saying

So far, most affected companies have not issued individual statements, probably because the breach is not tied to a specific platform or service – the leak is an aggregation of credentials siphoned off via malware over time.

However, the Cybernews team and other researchers have voiced serious concern. “Credential leaks at this scale are fuel for phishing campaigns, ransomware intrusions, and business email compromise,” the team said in its public briefing. “The inclusion of both old and recent infostealer logs – often with tokens, cookies, and metadata – makes this data particularly dangerous for organisations lacking multi-factor authentication or credential hygiene practices.”

Security vendor Malwarebytes described the incident as “a wake-up call” for both users and companies. “This is a stark reminder that infostealer malware remains an enormous threat and that misconfigured cloud services continue to expose sensitive data at scale.”

More of a ‘Combolist’

Some experts have cautioned against treating the breach as a single event, noting that it is better understood as a massive combolist, i.e., a curated aggregation of multiple smaller leaks. Even so, the potential for harm remains high.

Why This Breach Is Different and What Comes Next

Unlike older breaches which often contain outdated or previously exposed data, these records are mostly new. Only one of the 30 datasets had been reported before (a 184 million-entry trove covered by Wired in May). The rest have emerged only recently, some in the last few weeks, suggesting that infostealer activity is ongoing and highly active.

Not Indexed Yet

At the moment (it’s still early days since the discovery), compounding the risk is the lack of visibility. Many of the exposed credentials have not yet been indexed by breach monitoring services or browser alert systems, meaning users aren’t being automatically notified if their details are among those leaked.

Also, because the databases were reportedly only briefly exposed, researchers say they could not determine who held or uploaded the data, nor whether it has already been downloaded or traded on criminal forums.

What Should Users and Businesses Do Now?

For individual users, the recommendations are fairly straightforward but urgent and they probably echo most of the points of security good practice around breaches. For example:

– Immediately change passwords on any accounts using duplicated or weak credentials.

– Use a password manager to generate and store complex, unique passwords for every service.

– Enable multi-factor authentication (MFA) wherever possible.

– Monitor for phishing emails or unusual account activity, especially logins from unfamiliar locations or devices.

– Run antivirus and anti-malware tools to scan for potential infostealers on your system.

For businesses, the stakes are higher. Implementing stronger access controls, requiring MFA across all services, and deploying endpoint detection tools are worthwhile steps. Regular audits of privileged access accounts, secure cloud configurations, and employee training on phishing threats are also essential.

Experts also recommend checking employee and corporate credentials against breach monitoring services such as Have I Been Pwned or Cybernews’ Leaked Database Checker.

Could Big Tech Be Doing More?

Looking at where many of these stolen credentials came from, it’s perhaps not surprising that there is growing pressure on tech platforms to go beyond offering MFA as an optional feature. Some experts are calling for default-on MFA policies, improved session token management, and better user alerts for credential misuse. Others suggest that browser makers could more aggressively warn users about unsafe passwords, even when stored locally.

Cloud service providers also face scrutiny. For example, misconfigured storage services remain a recurring source of data exposure and security researchers have long warned that businesses often fail to understand the shared responsibility model of cloud hosting, which places the burden of securing customer data squarely on the organisation using the service, not the cloud provider itself.

Combined for Weaponisation

This breach essentially demonstrates how aggregated, seemingly disparate data leaks can combine to form a vast, weaponisable archive of credentials. Also, without rapid, coordinated responses from users, businesses, and tech providers alike, the consequences may stretch far beyond compromised passwords.

What Does This Mean For Your Business?

The sheer scale and structure of this breach underline how fragile the global system of digital identity has become. With 16 billion credentials exposed, many of them recent, unrecycled, and complete with cookies and tokens, the barrier to entry for cybercriminals appears to have been lowered dramatically. This isn’t just an escalation in volume, it’s a shift in the quality and usability of stolen data. For attackers, this is a ready-made toolkit for highly convincing phishing, large-scale account takeover attempts, and social engineering operations that could target everyone from individual users to senior staff within high-profile organisations.

For UK businesses, the risks are not theoretical. Any organisation with staff using shared or recycled passwords, without enforced multi-factor authentication, could find themselves an easy target. For example, compromised employee accounts can quickly open doors to sensitive systems, intellectual property, financial accounts or customer data. The consequences are likely to include financial loss, regulatory penalties, and long-term reputational damage. This is especially pressing for sectors handling critical infrastructure or customer data, such as healthcare, education, local government and law firms.

The fact that so many of the datasets were discovered in misconfigured online storage shows how easily even vast amounts of sensitive information can be left vulnerable. This again raises questions about internal security practices, not just among cybercriminals, but among businesses and developers failing to properly secure cloud environments. As more breaches emerge from poor cloud hygiene, regulators may well move to demand greater accountability and oversight from cloud service providers and their clients.

For security professionals and digital privacy advocates, this breach reinforces the need to accelerate the move away from passwords altogether. Passkey adoption, hardware-based authentication, and biometric alternatives are already gaining traction, but the pace remains slow. Meanwhile, tools such as credential stuffing bots and AI-enhanced phishing make password-only systems increasingly outdated and risky.

The discovery also points to a deeper issue around breach notification and public awareness. Because these credentials were collected silently through infostealers and surfaced only when aggregated by researchers, the victims (both users and the platforms their data was stolen from) may have no idea they were compromised. With no clear breach event to attribute, many companies are, therefore, unlikely to report or even detect the loss. This leaves users exposed and unprepared, and it puts the onus on breach checkers and independent researchers to close the gap.

This incident serves as a stark reminder that security needs to be proactive, not reactive. Businesses should no longer view breaches as isolated events but as part of an ongoing data extraction economy that thrives on delay, misconfiguration and user complacency. Whether you’re a multinational tech firm, a regional employer, or an individual internet user, the threat landscape has shifted again and this time, the scale is difficult to ignore.

A new survey has revealed that a majority of Windows users still haven’t moved to Windows 11, despite Microsoft’s looming deadline and growing security concerns.

Windows 11 Promised a Leap Forward

When Windows 11 launched in October 2021, Microsoft described it as a fresh start for the world’s most widely used desktop operating system. The company pitched it as more than just a visual refresh, i.e. it was billed as faster, smarter, more secure, and better integrated with new hardware and cloud-powered AI features. Yet nearly four years later, new research by TechRadar has found that only 43 per cent of users say they’ve made the switch.

Most Still on Windows 10 or Older – 14 October Date Looming

This means that the remaining 57 per cent are still on Windows 10 or even older versions, despite the clock ticking down to 14 October 2025, when Microsoft will officially end support for Windows 10. After that date, no more security patches or updates will be issued unless users pay for costly extended support contracts through the new ESU (Extended Security Updates) programme.

What’s Stopping Users From Upgrading?

According to the TechRadar survey, part of the issue is confusion. For example, while 55 per cent of users said they knew “exactly” which version of Windows they were running, the remaining 45 per cent were uncertain to some degree. Also, it seems that over 12 per cent had no idea at all. This uncertainty makes it harder for users to feel urgency around upgrading, particularly when their systems still appear to function normally.

Even more concerning, the results appear to show that a significant number of people don’t understand what their devices are capable of. For example, although 53 per cent of users claimed their PCs or laptops met the minimum requirements for Windows 11, only 40 per cent could say how much RAM they actually had. Of those, around one in four gave wildly inaccurate answers, with some naming specs that don’t exist in consumer devices.

This gap between perception and reality is, therefore, one of the key barriers. To install Windows 11, devices must meet stringent requirements, including Secure Boot, TPM 2.0 (Trusted Platform Module), and at least 4GB of RAM. Older devices (even those still performing well) often fail to meet these specifications. For example, according to a Lansweeper study from 2022, around 42 per cent of business devices tested did not pass Windows 11’s CPU compatibility checks, and 15 per cent lacked TPM 2.0.

Users Say They’re Willing, But Don’t Act

Interestingly, TechRadar’s research also found that many users are optimistic about upgrading. More than half of respondents said they’d be confident doing the upgrade themselves, yet those same respondents often lacked basic knowledge about their systems’ specs. This suggests a large proportion of users are either unaware of what’s actually involved or overestimate their readiness.

The survey also found that 28 per cent of users explicitly stated their devices didn’t meet the system requirements in some way. Another 14 per cent didn’t know what Windows 11 required at all, and 4 per cent didn’t know what specs their devices had.

This echoes a broader trend identified by other studies. For example, a Canalys report from late 2023 showed that enterprises were “reluctant to refresh hardware” unless absolutely necessary, with many still clinging to fleets of Windows 10 devices because of cost constraints, particularly in the public sector and small business environments.

How Users Can Check If Their Device Is Ready for Windows 11

As noted earlier, one of the reasons why users may not be upgrading to Windows 11 is that they simply don’t know whether their current device meets the system requirements for Windows 11. Fortunately, Microsoft has provided tools to help users check their eligibility and plan accordingly.

The most straightforward option is the PC Health Check app, a free utility from Microsoft that runs a full compatibility check. Once downloaded and installed, the app scans the device’s hardware to confirm whether it meets Windows 11’s key requirements, including CPU model, RAM, storage space, Secure Boot, and TPM 2.0 support. If the user’s device is compatible, the tool will confirm this clearly. If not, it will list which components fall short.

For those managing multiple devices, particularly in a business setting, more advanced tools are available. Microsoft’s Endpoint Analytics within Intune allows IT teams to assess upgrade readiness across their estate, while other third-party platforms such as Lansweeper and PDQ Inventory offer detailed Windows 11 compatibility reporting.

As mentioned earlier, the minimum requirements for Windows 11 include a 64-bit processor with at least 1GHz clock speed and 2 or more cores, 4GB of RAM, and 64GB of storage, alongside UEFI firmware with Secure Boot and TPM 2.0. Microsoft maintains a full list of compatible processors and guidance on how to check for TPM using the Windows Security settings or command prompt.

If users are unsure about their device’s hardware, they can access system information by typing “System Information” in the Start menu or using “dxdiag” via the Run command. These tools reveal processor type, memory size, and other key details. Alternatively, third-party tools like Speccy or CPU-Z can offer a clearer breakdown.

Crucially, checking compatibility now gives users time to prepare whether that means freeing up space, enabling TPM in the BIOS, or budgeting for new equipment. For businesses, it provides the insight needed to build a phased upgrade plan, avoiding the cost and disruption of last-minute decisions.

The Business Risk Is Growing

For business users, the stakes are actually high. For example, once Windows 10 support ends in October this year, organisations that haven’t upgraded will be exposed to security vulnerabilities, compliance risks, and potential loss of functionality. Cybercriminals often target unsupported systems because they’re easier to exploit.

As Chris Morrissey, a senior analyst at Forrester recently pointed out in a webinar, “Windows 10 reaching end-of-support in 2025 is not just a technical milestone—it’s a business continuity issue,” and that “We’re already seeing a rise in ransomware attacks on legacy systems, and unpatched endpoints are a key vector.”

Pay for Windows 10 Security Updates for 3 Years After 2025

The upcoming Microsoft Extended Security Updates (ESU) programme, aimed at organisations that need more time, will, however, offer security updates for up to three years after 2025, but at a significant cost. For businesses with hundreds or thousands of endpoints, this could quickly become expensive.

Features Alone Aren’t Driving Migration

Despite Microsoft’s emphasis on new features, e.g. integrated Copilot AI tools, improved virtual desktops, enhanced gaming performance, and faster boot times, these haven’t been enough to convince the majority of users to make the leap.

Critics have pointed out that many of Windows 11’s enhancements feel incremental, not essential. Also, some power users and IT administrators have raised concerns about changes to the Start menu and taskbar, which have removed or restructured functionality found in Windows 10. For example, in a widely shared Reddit thread among sysadmins, one commenter described the Windows 11 interface as “a step forward in looks but a step backwards in control.”

Even Microsoft has acknowledged that uptake has been slower than expected. In a blog post from April 2024, the company said it was “continuing to invest in helping users transition” and hinted at further incentives, including possible discount offers for Windows 11-compatible hardware bundles.

Larger Devices, Longer Lifecycles

There also appears to be a practical reason why many users are waiting, i.e. PC lifecycles have lengthened. Where once businesses refreshed desktops every three to four years, it’s now common to extend that to six or more. The pandemic’s remote work boom saw a spike in PC sales in 2020–2021, meaning many organisations feel they’ve only recently upgraded, even if those machines aren’t compatible with Windows 11.

This mismatch is a challenge for Microsoft, which relies on regular upgrade cycles to keep its ecosystem secure and standardised. But for IT departments already stretched for budget and time, replacing functioning machines purely for compliance is a hard sell.

What Happens Next?

Microsoft is expected to step up its messaging later this year, particularly as the October 2025 deadline approaches. Experts believe we’ll see more nudges built into Windows 10 itself, with system tray notifications and update prompts likely to become more persistent.

The pressure is also likely to increase on IT providers, MSPs and corporate procurement teams. As the deadline nears, demand for Windows 11-compatible hardware will rise, and possibly outstrip supply, particularly in niche sectors. Businesses that wait until 2025 to start planning may face disruption, higher costs, or difficulty securing replacement devices in time.

For now, the message from Microsoft is to check compatibility, and don’t assume your device is ready just because it runs smoothly. It could, therefore, be said that for both individuals and organisations, the real risk is waiting too long to begin, rather than the upgrade itself.

What Does This Mean for Your Business?

The message from all the available evidence is that time is running out, and the level of readiness among users, particularly within SMEs and the public sector, is not where it needs to be. While many may believe they are prepared to make the switch to Windows 11, a large proportion either misunderstand the system requirements or are using devices that are simply not capable of upgrading. Optimism alone will not prevent a security breach once Windows 10 support ends.

For UK businesses, the stakes are especially high. For example, operating unsupported systems after October 2025 introduces real risks such as those from cyberattacks, regulatory penalties, and operational downtime. Even for those considering Microsoft’s Extended Security Updates, the cost of delay could add up quickly. Replacing hardware on short notice, under pressure, and potentially amid supply chain constraints could impact budgets and business continuity plans. Those with critical dependencies on specific Windows-based applications will also need time to test, validate, and train staff on new systems.

This could be regarded, therefore, as not so much a technical migration, but more of a strategic operational shift with implications for cybersecurity, procurement, compliance, and long-term planning. If the research is anything to go by, it seems that many stakeholders across IT, finance, and leadership teams need to coordinate now, rather than waiting until the upgrade becomes unavoidable. Otherwise, organisations risk finding themselves caught between rising security threats, stretched resources, and avoidable costs.

For Microsoft, the slow uptake also presents challenges. For example, delays in user migration hold back the rollout of its AI-led desktop vision and extend the support burden for legacy systems. Unless adoption improves, the company may have to offer new incentives, extend transition periods, or risk reputational damage if a large number of users are left behind.

The choice for users and organisations is, therefore, becoming clearer, i.e., start planning for Windows 11 or prepare to pay a premium to stay where you are. The longer the delay, the fewer options will remain.