A legacy system is an older application, platform, or control environment that is still in use, often because business operations depend on it. These systems usually carry tangled dependencies, outdated interfaces, and limited flexibility, which makes change risky and slow.
In cyber security, legacy systems matter because they can be hard to patch, difficult to monitor, and expensive to replace. Attackers often target them through weak authentication, unsupported software, or forgotten integrations that bypass modern controls. Defenders must treat them as high-risk assets: segment them, restrict access, inventory every dependency, and wrap them with compensating controls such as strong identity checks and logging. In modernization projects, legacy systems are the main reason new cloud or AI layers can inherit old security and data problems instead of fixing them.



