Legacy systems are everywhere, quietly powering core operations in some of the world’s largest enterprises. But behind that familiarity is risk. In this episode of The Business of Cybersecurity, Paul Savill, Global Practice Leader of Networking and Edge Compute at Kyndryl, joins me to break down why aging infrastructure is becoming a major liability in today’s security posture.

We talk candidly about the security implications of 44 percent of enterprise technology being “out of life” and unsupported. Paul shares how that vulnerability becomes even more exposed as IoT devices proliferate and AI-powered attacks grow more sophisticated. It’s no longer a question of whether legacy tech is a problem, but how long organizations can afford to ignore it.

This conversation moves beyond the buzzwords and straight into the operational reality. Paul explains how Kyndryl’s post-IBM spin-off transformation included shifting to a cloud-first, zero trust model—and why that decision was just as much about improving agility and cost control as it was about reducing risk.

We also explore the human side of cybersecurity. Paul outlines how Kyndryl’s internal phishing simulations and scenario-based training have led to a measurable increase in employee-reported incidents. It’s a compelling argument for why building a cybersecurity culture beats any off-the-shelf solution.

From AI-enhanced social engineering threats to the disconnect between IT and OT teams, this episode highlights the practical steps business leaders can take to modernize without compromising day-to-day operations. If your cybersecurity strategy still depends on outdated tools and last year’s training modules, it might be time to rethink the foundation.

For more insight, check out the Kyndryl Readiness Report at kyndryl.com,