Cisco is rolling out a sweeping initiative—called “Resilient Infrastructure”—after years of watching organizations gamble with old routers, network switches, and network-attached storage that still sit at the heart of critical systems.
The logic has always been familiar: replacing equipment costs money; keeping outdated technology is easy. In reality, these aging devices often run on insecure configurations and, worse, are no longer supported with software patches. That makes them perfect targets at a time when attackers can use generative AI to rapidly hunt down weaknesses.
Cisco says the goal now is to force this conversation out of the IT basement and into the boardroom, according to Wired. The programme includes research, direct outreach, and a significant shift in how Cisco handles legacy equipment. The company has begun introducing explicit warnings on devices nearing end-of-life. Customers who update an old device or try to enable known insecure configurations will be met with clear alerts. Over time, Cisco plans to strip out historic settings entirely, removing compatibility options that are no longer safe.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026): big discounts for early bird.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab: From Technical Design to Deployment (next edition begins Jan 24 2026).
“Infrastructure globally is aging, and that creates a ton of risk,” said Anthony Grieco, Cisco’s chief security and trust officer. “This aging infrastructure wasn’t designed for today’s threat environments. And by not updating it, it’s fostering opportunities for adversaries.”
The initiative leans heavily on fresh research commissioned by Cisco from UK-based advisory firm WPI Strategy, which examined the risk posed by outdated equipment across the “critical national infrastructure” of the United States, United Kingdom, Germany, France, and Japan. The findings were striking: the UK faces the highest relative risk, closely followed by the US. Japan sits at the opposite end of the spectrum, benefiting from consistent upgrades, a decentralized infrastructure, and what the report describes as “a stronger, more consistent national focus on digital resilience.”
Across all five countries, the study reinforced the same uncomfortable truth—many cyber incidents aren’t the product of sophisticated zero-days. Instead, attackers regularly rely on known vulnerabilities that remain unpatched simply because systems are old. In other words, the failures are avoidable.
Eric Wenger, Cisco’s senior director for technology policy, says organizations often mistake inaction for cost-savings.
“The status quo is not free—there is actually a cost, it’s just not being accounted for,” he says.
He believes the industry must treat aging digital infrastructure as a high-level business risk, not a technical footnote.
“If we can help elevate this risk to something that is treated as a board-level concern, then hopefully that will underscore the importance of making an investment here.” As he puts it, “we’re not making it hard enough for the attackers.”
Cisco understands the perception problem. Founded in 1984, the company’s hardware underpins networks around the world, which means pushing for upgrades can look suspiciously like pushing for sales. Wenger argues the reality is simpler: whether a customer buys new Cisco hardware or picks a rival vendor isn’t the point.
“Look, we don’t make money on the stuff that we sold two decades ago,” he says. “What we’re selling now is innovative and cost effective, but we’re not going to win everyone over. We need to start the conversation either way.”
Grieco, who has been making the same case for nearly a decade, points out that the message hasn’t changed. Back in August 2016, he wrote in a Cisco blog post: “Systems that were designed, built and deployed in decades past didn’t anticipate the hostile security environment of today. Until now, very few have thought about securing infrastructure because they didn’t think adversaries would target these systems and devices, or they had ‘higher priorities’ to fix. This must change.”
The urgency is rising because generative AI is reshaping the cyber threat landscape. AI can’t yet stitch together multilayered attacks on its own, but it’s already making certain jobs easier. Social engineering scripts can be generated instantly. Vulnerabilities can be analyzed at machine speed. Malware can be refined with minimal effort. This gives unskilled attackers new capabilities and allows sophisticated hackers to automate work that once took days.
That’s why Cisco’s campaign carries a sharper tone than before. The company wants executives to stop treating legacy equipment as harmless leftovers from a slower era.
“It’s time to give people a jolt about the silent risk of aging infrastructure,” Grieco says. “We’re going to make it loud.”