The Upgrade Looks Expensive Until You Price the Alternative

Old cloud environments don’t send you an invoice, which is exactly what makes them easy to keep. They don’t show up as a line item or announce themselves as a liability. They just sit there, humming along, looking fine, while the vendor quietly stops patching them, vulnerabilities accumulate, and the gap between “running” and “protected” slowly widens.

5 minutes

Old cloud environments don’t send you an invoice, which is exactly what makes them easy to keep.

They don’t show up as a line item or announce themselves as a liability. They just sit there, humming along, looking fine, while the vendor quietly stops patching them, vulnerabilities accumulate, and the gap between “running” and “protected” slowly widens.

The cPanel incident last month made that invisible price tag suddenly very visible. Attackers exploited a critical vulnerability (9.8 out of 10 severity) and walked into unpatched servers without a password. 70 million websites were in the blast radius. The businesses hit hardest weren’t running reckless operations, many of them were just running old ones with older versions of cPanel that had aged out of support and, with it, out of any patch protection whatsoever.

The emergency fix that went out April 28th didn’t apply to them. There was nothing to install.

That’s what old systems actually cost, and it’s not $75 a month or even $1,500 a month. IBM’s 2025 annual report puts the average cost of a data breach for U.S. companies at $10.22 million, and that’s the average across companies of all sizes.

The Math Most People Are Doing Wrong

Someone finds out what it costs to move from their current hosting to a modern, fully supported platform. Say, from $75 a month to $250, or from $1,000 to $1,500, or from $10,000 to $20,000 at the enterprise level. The immediate reaction is sticker shock. The old plan works, the new one costs more, and the math feels obvious.

Except it isn’t, because that math is missing most of the numbers.

The real question isn’t what the upgrade costs. It’s what staying put is already costing, invisibly, with compounding interest, every month you wait. That logic holds at any budget level. While the scale changes, the math doesn’t.

Running the Real Numbers

Start small. The $75-to-$250 hosting upgrade: $175 more per month, $2,100 per year, $6,300 over three years to be on a current, supported, patched platform.

Scale it up. A $1,000-to-$1,500 upgrade is $500 more a month, $18,000 over three years.

Go enterprise. Even at $10,000 to $20,000 a month, you’re looking at $360,000 over three years to stay fully current, supported, and protected.

Now price the alternative at any of those levels. Even a modest breach involves forensic investigation, emergency response, downtime costs, customer notification, regulatory exposure, and reputational damage that’s genuinely hard to quantify. IBM’s 2025 report puts the average U.S. data breach at $10.22 million. Five percent of that is $511,000, which is more than the three-year enterprise upgrade cost before you’ve paid a single lawyer or notified a single customer.

The math works at every level, because the cost of the breach doesn’t scale with your hosting bill, it scales with the value of what you’re protecting.

And that’s before accounting for the other hidden costs of old: slower performance quietly dragging down conversions, compatibility issues with newer tools and integrations, technical debt that turns every future change into a bigger project than it needs to be. The cost of staying put isn’t only about what can go wrong. It’s also about the growth you’re leaving behind every day you’re not on a cloud environment built for where you’re going.

On Migration

This is where the most hesitation lives, and it’s fair, migration has a reputation. It sounds like downtime, disruption, and a months-long project nobody has bandwidth for.

A few things worth knowing about migration done right:

If a vendor can’t walk you through their migration process in detail before you sign anything, that’s a signal. A good hosting partner has a documented, clear process. They can walk you through exactly what happens, when, and what you’ll need to do. You should feel confident going in.

There are no hard migration costs from Nexcess. What you’re managing is the transition period, running old and new environments concurrently while everything moves over. For simpler setups that can be quick. For more complex environments it might span a few months, but “a few months of parallel running” is a very different conversation than “we can’t afford this.”

Migration is something we take seriously. It’s a planned, well-executed transition, and any downtime involved should be known, scheduled, and short. When it’s executed well, most customers are genuinely surprised by how manageable it is.

If your current vendor can’t give you that kind of clarity, find one who can.

Getting Honest

The upgrade looks expensive because it’s the cost you can see. The risk of staying put feels manageable because it’s the cost you can’t.

That asymmetry is exactly how businesses end up on the wrong side of an incident like cPanel.

The honest version of the math is what does your current hosting cost, including the exposure you’re carrying? What would a breach actually cost your business? And how does that compare to being on a cloud environment that’s current, supported, and protected?

If you’ve never run those numbers, that’s the place to start. And if you want to think through what an upgrade actually looks like in terms of real process, real timeline, and real costs, that’s exactly the kind of conversation we’re here to have.

This is the second piece in our Price of Old series. Part 1: The cPanel Incident Exposed a Gap Most Businesses Don’t Know They Have. Part 3: The cPanel Incident Was the Validation You Couldn’t Get Internally. Part 4: Your Cloud Environment Should Be the Last Thing on Your Mind.

Get hosting news and tips straight to your inbox

Join our community today.

Want to run the numbers on your own setup?