October 14, 2025: the day Windows 10 reaches end of support (EOS). With at least 1.3 billion devices currently running Windows 10 , the race is on for organizations like yours to plan and perform a smooth and seamless transition to Windows 11.
THE DATA'S IN:
SHI experts explore the key reasons organizations are delaying their Windows 11 adoption and offer advice on overcoming common objections.
Why you’re wrong about Windows 11 adoption
Cybersecurity solutions
When the time comes, you can simply upgrade all your current devices to Windows 11.
Microsoft hails Windows 11 as a game-changer in end-user computing – and it’s easy to see why. Windows 11’s AI integration, device security improvements, and streamlined administration are all invaluable additions to any organization’s digital workplace. Why, then, are so many organizations opting to wait? Based on SHI’s recent survey, we believe six myths are standing in the way of organizations’ Windows 11 adoption.
Access the full report!
For more revealing stats and expert advice on how to execute an effective adoption strategy, download the full report today.
Have you started planning your Windows 11 upgrade? You can't afford to wait.
Jumpstart your customized Windows 11 adoption in just seven easy steps.
SHI’s recent survey has surprising insight into the 6 myths getting in the way of your Windows 11 adoption.
72%
of organizations are waiting way too long to update to Windows 11
Myth #1
Why rush? You have until 2025 to deploy Windows 11.
Myth #2
Windows 11’s UI changes are frustrating and confusing.
Myth #3
Our Windows 11 adoption will be easy. We don’t need any help!
Myth #4
Windows 11 seems too similar to Windows 10 for us to prioritize it.
Myth #5
Upgrading to Windows 11 just isn’t within our budget.
Myth #6
IT CAN'T WAIT
Why organizations aren't upgrading to Windows 11
Cost or budget
Compatibility concerns
Hardware Requirements
Not a priority
38%
43%
28%
27%
1
1Windows 11, Windows 10 are now on more than 1.4 billion devices. Windows Central. Sean Endicott. January 26, 2022
Read our ebook
© 2025 SHI International Corp. All Rights Reserved. This site is owned and maintained by SHI for the use of its customers.
The need to simplify and streamline
Start your infrastructure modernization journey
Our team of certified infrastructure experts makes it easy to design and deploy your next-generation infrastructure. Start the conversation today to gain access to SHI’s decades of industry knowledge and experience. Ready to build your next-generation infrastructure with SHI?
When asked to identify the greatest barrier to addressing cybersecurity challenges, the top concern was rapidly evolving and sophisticated threats (36.1% of respondents), followed by limited cybersecurity staff or expertise (20.4%) and inadequate funding (17%). Further expanding on the staffing challenge, Nick Casanova, SHI Public Sector Senior Solutions Director, states, “Not only can states and local governments not hire enough cybersecurity professionals, but they also have a very difficult time hiring contractors to fill the void. This is because managed service contracts for staff augmentation are usually done at the state level with general pay-per-hour rates that are not in line or competitive with standard cybersecurity professional salaries.”
The top challenge can be summarized as complexity.
What are your organization's top challenges with your cybersecurity technology? Please select up to 3.
Managing the growing complexity of devices, workloads, and identities
Complex solution deployment, tuning, and maintenance
Not enough automation/too many manual processes
Lack of integration with other tools
Vulnerability to 3rd party supply chain risks
Limited visibility into endpoint devices
High rate of false positives
Do not know
Other
63.9%
37.4%
32.0%
29.3%
27.2%
21.8%
8.2%
12.2%
When it comes to their organization’s cybersecurity technology, the complexity continues in the form of growing devices, workloads, and identities – with nearly two-thirds (63.9%) of survey respondents selecting this answer. The other top two results showed that 37.4% of the government leaders struggled with complex solution deployment, tuning, and maintenance, while 32% lacked enough automation or had too many manual processes. Additionally, about one-third of respondents chose lack of integration with other tools and vulnerability to third-party supply chain risks as leading challenges. The data reflects a maturing understanding of cybersecurity technology and the necessity of each function. No longer seen as an isolated IT issue, government leaders recognize how interconnected cybersecurity functions are – touching tools, people, and processes across the organization. There is a pressing need to streamline and secure the many facets involved, including threat protection, improved automation, and training.
“Organizations are looking for help to make sense of that complexity and starting to really get the fact that everything is connected to everything else – and it’s not going to go away,” said VP of CDG and Governing Institute Todd Sander. SHI Public Sector Field Solutions Engineer Steve Troxel adds, “We are now at a point where business leaders can’t say they did not know about the cybersecurity risks of their actions.”
Back
What is your organization's biggest barrier to addressing cybersecurity challenges?
Rapidly evolving and sophisticated threats
36.1%
Limited cybersecurity staffing or expertise
20.4%
Inadequate cybersecurity funding
17.0%
Outdated legacy technologies and infrastructure
12.9%
Lack of staff awareness or training
4.8%
4.1%
No barriers
Evolving threats, proliferation of devices, and too many manual processes result in an environment that is difficult to secure.
3 cybersecurity challenges
Simplify and streamline
Role of funding
Investments for today
Security program strategy
Solve what's next with SHI
Next
Explore
The increasingly complex, rapidly changing cybersecurity environment
The role of funding
Investments for today and beyond
How is your organization funding cybersecurity staff and initiatives for this upcoming fiscal year? Please select all that apply.
Given the great need for cybersecurity technology, it’s not surprising that funding plays a vital role in securing solutions and services in the public sector.
Respondents are most likely to use regular budget funding (78%) to fund cybersecurity staff and initiatives for the upcoming fiscal year. The data showed state respondents are much more likely to say they are relying on federal grants (33%) compared to counties (19%) and cities (9%).
Regular budget funding
78.2%
How will your organization's cybersecurity funding change for this upcoming fiscal year?
Utilizing free resources
23.1%
Partnering with other organizations
Federal grants
17.7%
Fees for cybersecurity services
9.5%
Additionally, funding for the upcoming fiscal year was most often reported as either a slight increase (38.8%) or the same as the last fiscal year (28.6%). With less than 7% of respondents showing a decrease in cyber funding, the data emphasizes a growing standardization of cybersecurity funding as a business need. SHI can help balance the mounting demand to address cybersecurity concerns and simultaneously maximize your budget to take these initiatives further.
Regarding budgets, many organizations are starting to ask the question: how much is enough? “They need to be really thoughtful about how much more they spend, especially now that they're rolling into the general fund approach to support cybersecurity,” said Sander. The modernization of technology is also likely to impact the conversation of how much to invest and where. “Since we are at a more mature starting point for modern IT platforms and their capabilities, they frequently account for cybersecurity needs better," according to Troxel. "This can make it easier for governments to meet cybersecurity controls today and is a great driver for application modernization. An example of this is native integration of platforms with multi-factor authentication products.” The disparity in security maturity will also impact where these funds go. “While some organizations are still trying to catch up with establishing a basic package that addresses their needs, others that invested the most up to this point are considering: at what point do you get to the place where adding another dollar to cybersecurity spending doesn't get you another dollar’s worth of improvement, protection, or benefit?” said Sander.
When asked where respondents need assistance in securing funding for cybersecurity, the following survey responses suggest nearly half of respondents are looking for support with grants. The data shows the majority needs help either identifying, securing, or managing grants.
Navigating grant funding
Many state and local government leaders want to understand which grants they qualify for and gain awareness of available grants (45.6% and 44.9% respectively). Another leading answer showed that 36.1% of respondents needed assistance with applying for grants. The theme of complexity presents itself again in the form of procurement and grant funding. “Whether the grant programs are formula-based or proposal-based, state and local agencies must put NIST standards and federal requirements in place to qualify,” said SHI Director of Growth Marketing Programs – Public Sector Robert Fass. “This is an area SHI’s grants team has been encountering the last few years, helping our customers align their plans and make sure they're complying with federal grants.” “We’re seeing grants that have very specific stipulations around cybersecurity,” agreed Troxel. “In some cases, to secure funding, you have to demonstrate that you have good cyber hygiene in the execution of that grant.” The results are also indicative of the continual need to secure cybersecurity initiatives and the monetary requirements to reach the necessary minimum level of protection.
Large increase
Slight increase
Stay the same
Slight decrease
Large decrease
38.8%
28.6%
6.1%
0.7%
However, once most organizations establish baseline capability, the question of how much is enough will become more common.
Cybersecurity funding continues to increase.
Where does your organization need the most assistance in securing funding for cybersecurity? Please select up to 5.
Understanding which grants we qualify for
Awareness of available grants
Develping a cybersecurity funding strategy
Assistance applying for grants
Determining the ROI of security solutions
Leadership support/making the case to leadership
Complying with funding requirements
None, do not need assistance
45.6%
44.9%
19.0%
15.0%
10.2%
2.0%
“Governments have not gotten to the point with their general fund revenues or general fund appropriations to implement their full cybersecurity programs,” said SHI Sr. Director of Government and Education Affairs Jeff Strane. “So, they're looking out for grant support as they need it, realizing they need to do something to fill the funding gap.” The focus on funding correlates with the earlier findings, where respondents said inadequate funding was a key barrier in addressing cybersecurity challenges. Grant funding can help state and local agencies close the gap and further their critical cybersecurity goals. However, procurement plays an integral part in not only securing funding but also moving forward with cybersecurity investments at a pace and method that mitigates risk. Troxel noted an important dynamic: “We're seeing procurement offices going back to doing RFPs [and pre-COVID processes]. But at the same time, the biggest concern of our customers is the more rapidly evolving threat landscape. I think the collective approach of procurement professionals being more focused and careful on acquiring things at a time when cyber incidents and the use of technology across lines of business is accelerating, is making it harder for government IT leaders to achieve their goals.” “Now that we’re going back to business as usual in a post-COVID world, how do we take the streamlined processes and approvals forward and still maintain some of the more rigorous, structural aspects?” Sander expanded.
Cyber never sleeps – government agencies must remain agile against threats, strategic in budget, and prepared with a future-ready strategy.
When asked about the cybersecurity programs and projects that are likely to have an increased investment in the next 12 to 18 months, the respondents weighed in on several focus areas, including application security, cloud security, cyber incident response plans, endpoint detection and response (EDR), email security, and identity and access management (IAM). Most respondents report that they've made investments in all major cybersecurity areas aside from secure access service edge (SASE). In most of the below cybersecurity areas, the highest responses indicate the agencies have made investments in these areas and are often expecting to spend even more. Per focus area, the largest amount of respondents (40.1%) made an investment in email security, while the top answers for future investments reflected plans to focus on IAM (36.7%), cloud security (34.7%), and cyber incident response plans (34.7%). Sander shared a significant takeaway: The majority of areas the agencies plan to work on in the next 12 to 18 months are not specifically technology focused but instead internally focused.
“There’s an emphasis on response plans and email, which is an individual employee focus. There's certainly a technology component, but it's more of this kind of integrated programmatic approach. And it’s people-intensive,” said Sander. “Identity and access management falls into that too.” SHI experts also predict that there will be different results in artificial intelligence and machine learning in a year. According to Troxel, “While cybersecurity regarding AI may currently be within the realm of the IT experts like CISOs, and CIOs, the rest of the management structure will grow in involvement and focus in the coming months and through 2024.”
What are the cybersecurity programs/projects that are likely to have an increased investment in the next 12-18 months?
From continual cyber threats to compliance challenges, organizations face a high-risk, highly critical cybersecurity landscape – and the ever-present theme of complexity means a well-established security program is a must.
State and local government agencies weighed in on their security program and strategy. When asked to select all cybersecurity frameworks their organizations rely on, NIST Cybersecurity Framework/NIST 800-53 came out on top at 40.1%. – a great indicator that a large group of respondents have a methodology in place to help understand, manage, and reduce their cybersecurity risk. The data shows state respondents are over twice as likely as city respondents and about 1.5 times as likely as county respondents to say they're relying on the NIST framework. Respondents also reported relying on CIS Critical Security Controls framework (26.5%), while only about 16% say they are using a Zero Trust framework. However, nearly a third (32%) selected ‘do not know’ regarding their current frameworks. SHI can help bridge the gap with our program strategy and operation solutions. We work with you by evaluating the current state of your security program against industry practices and cybersecurity frameworks with strategy and assessment workshops. We’ll develop a comprehensive security program strategy to help you manage risk, maintain compliance, and improve cyber maturity.
Does your organization rely on any cybersecurity frameworks? Please select all that apply.
NIST Cybersecurity Framework/ NIST 800-53
CIS Critical Security Controls
Zero Trust
ISO/IEC 27001
Custom framework
None
40.1%
26.5%
15.6%
8.8%
2X
State respondents are over twice as likely as city respondents and about 1.5 times as likely as county respondents to say they're relying on the NIST framework
Solve what’s next with SHI
The candid insights of state and local government leaders told us cybersecurity is growing: in its complexity to manage, in evolving threats, in proliferation of devices, in security funding needs, and in program strategy requirements. Yet, the intricate web can be simplified – think of SHI as your personal technology concierge. SHI’s security solutions can address your organization’s cybersecurity challenges with insight, expertise, and resources. From protecting your attack surface and improving security maturity to easing procurement and funding, our experts understand today’s cybersecurity environment and how to support and achieve your strategic objectives. Our seamless selection, delivery, and financing options simplify hard decisions for business leaders and IT procurement – helping you select, procure, deploy, and manage with ease. The result: end-to-end visibility, protection, and response across the enterprise.
Start your cybersecurity transformation journey
SHI aligns security experts with your strategic objectives to solve cybersecurity challenges. Contact us today to get started.
