Short Answer:
IT systems that no longer receive vendor security updates—such as Windows 10 without ESU, Windows Server 2012, or outdated business software—are compliance violations in 2025, even if they still work. These systems can void cyber insurance coverage.

Reading time: 6 minutes
Last updated: December 15, 2025
Author: John Lowery, CEO, Big Water Technologies

What Makes IT Systems Non-Compliant in 2025?

Answer:
An IT system is non-compliant when it:

• Is no longer supported by the vendor

• Does not receive security patches

• Lacks required controls like MFA

• Fails to meet cyber insurance requirements

Functionality does not matter. Support status does.

This is why many Michigan businesses are being flagged during insurance renewals—even though nothing “broke.”

Is Windows 10 Still Compliant for Cyber Insurance?

Short Answer:
No—unless you purchase Extended Security Updates (ESU).

As of October 2025, Windows 10 without ESU is non-compliant for most cyber insurance policies.

Windows 10 Compliance Status (2025)

• ❌ Windows 10 without ESU → Non-compliant

• ⚠️ Windows 10 with ESU → Compliant, increasing annual cost

• ✅ Windows 11 → Fully compliant

Insurers now treat unsupported operating systems as uninsurable risk.

Which Operating Systems Are Non-Compliant in 2025?

Non-Compliant Windows Servers

• ❌ Windows Server 2012 / 2012 R2

• ❌ Windows Server 2016

• ⚠️ Windows Server 2019 (extended support only)

• ✅ Windows Server 2022

Non-Compliant Desktop Systems

• ❌ Windows 8.1

• ❌ Windows 10 Home

• ⚠️ Windows 10 Pro (ESU required)

• ❌ macOS versions before Monterey

If the vendor no longer patches it, insurers no longer trust it.

Is QuickBooks Desktop Still Compliant in 2025?

Answer:
Only QuickBooks Desktop 2023–2025 and QuickBooks Online are compliant.

• ❌ QuickBooks Desktop 2022 or older → Non-compliant

• ✅ QuickBooks Desktop 2023–2025 → Compliant

• ✅ QuickBooks Online → Fully compliant

Financial software is a frequent failure point in insurance audits.

What Software Is Commonly Non-Compliant?

Most common problem categories:

• Microsoft Office 2016 or 2019

• Perpetual-license accounting software

• Legal and medical systems without current vendor support

• Manufacturing systems running embedded XP or Windows 7

Age—not usefulness—is the deciding factor.

How Much Does Windows 10 ESU Cost?

Windows 10 Extended Security Updates Pricing

• Year 1: $61 per device

• Year 2: $122 per device

• Year 3: $244 per device

Total 3-year cost: $427 per device

For many firms, upgrading is cheaper than staying compliant on Windows 10.

What Are Cyber Insurance IT Requirements in 2025?

Most policies now require:

1. All systems under active vendor support

2. MFA on admin and remote access

3. Regular patching

4. Tested backups

5. Endpoint Detection & Response (EDR)

Required documentation includes:

• System inventory

• Patch logs

• Backup test results

• Security training records

No proof = no coverage.

How Do I Check If My Systems Are Compliant?

Quick Compliance Check:

1. Identify OS and software versions

2. Verify vendor support status

3. Confirm MFA and patching

4. Review insurance requirements in writing

Most businesses fail at step two.

What Happens If Systems Aren’t Compliant?

Immediate consequences include:

• Denied cyber insurance claims

• Regulatory fines

• Contract violations

• Policy cancellation

Average breach cost: $200,000+
Emergency upgrades: 3× planned cost

Are There Michigan-Specific Compliance Requirements?

Yes. Michigan businesses must consider:

• Michigan Data Breach Notification Act

• Healthcare, legal, and automotive supplier rules

• Municipal and state contract requirements

How Can I Become Compliant Before the End of January 2026?

30-Day Compliance Plan:

• Week 1: Inventory and support checks

• Week 2: Upgrade planning or ESU decisions

• Week 3: Implement changes

• Week 4: Document and notify insurer

Waiting increases cost and risk.

Frequently Asked Questions

Can I use Windows 10 if it still works?
Yes—but only with ESU. Without it, you’re non-compliant.

Is Windows 11 required?
No—but it’s the most cost-effective compliant option.

Do small businesses really get audited?
Yes. Renewals and claims trigger audits automatically.

Can I operate without cyber insurance?
You can—but breach costs become your personal liability.

The Bottom Line

In 2025, “working” does not mean compliant.

If your IT systems lack vendor support, insurers treat them as violations—no matter how reliable they seem. With stricter cyber insurance enforcement, Michigan businesses must modernize now or face denied claims and regulatory exposure.

Don’t find out after a breach that you weren’t covered.

Note: This article provides general guidance based on current trends. Always consult your specific insurance policy and legal advisors for requirements applicable to your situation.