Data Insights Report

A spotlight on legacy systems

Which industries have the highest proportion of legacy systems which are no longer supported by manufacturers and no longer receive security updates?

A spotlight on legacy systemsA spotlight on legacy systems

A key part of any company’s cybersecurity posture is ensuring that its applications and systems are up-to-date. All software providers release security patches and updates for their programmes, to protect users as new threats emerge - but not forever. Eventually, software falls out of support and is no longer updated - meaning that the longer an unsupported application is used, the greater risk it presents to your cybersecurity.

Part of the security profile suppliers set up on Risk Ledger asks: “Does your organisation run any applications or systems that are no longer supported and no longer receive security updates?” We’ve compared all industries to show where suppliers are the most likely to be using software that no longer receives security updates - revealing that unsupported systems are most likely to be used by manufacturing, telecoms, and financial services industries.

Does your organisation run any applications or systems that are no longer supported and no longer receive security updates?

The table above shows the percentage of organisations from each industry who answered 'Yes' or 'No' to this question. The manufacturing industry has the highest proportion of organisations (42%) who are still running out of support systems.

In all of these industries, it’s possible that the reason they are using out-of-date software is that the software in question is too integral to their business to update - the risk to their business of the update is greater than the risk of a breach. Or, if not a business-critical system, there might be a process-critical system where updating the software would risk breaking the process, and the process in question isn’t deemed enough of a risk to spend the time ensuring the update is done - perhaps it’s an isolated system, not connected to any others.

In a world where attempts of cyber security attack on your organisation is almost inevitable, it’s a risk to assume that any system, no matter how sandboxed it is, isn’t a target for an attacker. If your supplier is using unsupported software, we’d advise asking them exactly which systems are not supported, whether your data would ever pass through those systems, and what steps they take to protect that system from compromise. Then you can make your own judgement call as to whether the risk is acceptable to your business.

Data Insights Report

Download for free

By submitting this form, you agree to Risk Ledger’s Terms of Service, Privacy Policy, and Risk Ledger contacting you.

Thank you!
Download
Oops! Something went wrong while submitting the form.
Data Insights Report

Download for free

Download
Pattern Trapezoid Mesh

Join our growing community

Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.

We're committed to your privacy. Risk Ledger uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.