There are a variety of reasons that companies continue to run outdated software and equipment, not the least of which is that upgrading IT equipment and the software that runs on it takes time, interrupts the work being done, requires that staff learn how to run the new systems, and costs money that the businesses choose not to spend. The irony is that the desire for a company to save money by not upgrading its Information Technology actually causes costs to rise -- sometimes by over 50% -- when the company is (almost) inevitably breached by hackers, ransomware or other kinds of malware. So what is the cost of running old software?
Minimizing The Costs Of A Data Breach
This data, along with a long list of other fascinating findings, comes from a report by Kaspersky called “How Businesses Can Minimize The Cost Of A Data Breach.” The Kaspersky Global Corporate IT Security Risks Survey was conducted in June 2020 and included interviews with 5,266 IT business decision-makers in 31 countries. Within the test groups were two sizes of organizations: Small and Medium sized Businesses (SMBs) with between 50 and 99 employees, and Large Organizations with over 1000 employees. Whether your company fits inside or outside of these ranges, the conclusions of this research most certainly apply.
Consequences Of Not Keeping Software Up To Date
The Kaspersky survey found that almost half of all organizations have out of date technology, including old software, amounting to about a third of both SMBs and Large Enterprises with unpatched, outdated operating systems. But what is the cost of running old software?
Not keeping software updated leads to data breaches. In fact, businesses with old, out of date software are over twice as likely to suffer a data breach: Among survey respondents, 29% of companies with up to date software suffered a data breach, while 65% of companies running old software suffered breaches.
We recently wrote about the C-suite Cybersecurity Risk, which focused on how the most likely targets of a hack -- the company’s senior management -- are most likely to request, require and demand that they have more relaxed security requirements including being allowed to run old software.
One interesting finding of the Kaspersky report is that among companies that allow their C-suite to use outdated technology, the likelihood of a data breach increases to 77%, making them nearly 2.7 times more likely to be breached than a company that keeps their software up to date.
Poor Reasons For Not Updating Software And Technology
Of course, there are good reasons for running old software and other technology, but it’s unlikely to outweigh the increased costs of a data breach once hacked.
- Among the respondents, nearly half (48%) reported having in-house apps that cannot run on new devices or operating systems.
- The same percentage simply reported that some employees refused to work with the newer technology, and so the organization made an exception.
- And over one third -- 34% -- said that their C-Level staff were excluded from planned updates.
- Only 18% said they just don’t have enough resources to update all the systems at once.
The Cost Of Running Old Software
Being more likely to suffer a data breach is a bad enough penalty for running old software. What makes it even worse is that once the company is breached, the costs of the breach are higher by a large margin than they otherwise would have been. Large enterprises spent an additional 51% to repair and remediate their networks and data, which represented an increase in costs from $836,000 to $1,225,000. In other words, a $425,000 difference.
SMBs had an even more dramatic increase in costs on a percentage basis, spending an additional 54%, raising the costs of a data breach due to running old software from an average of $74,000 to a cost of $114,000.
Calculating The Risk Of Running Old Software And Technology
If we multiply the expected percentages by expected costs, we get a more realistic assessment of the expected risk of each course of action to each organization, so let’s do a little math on these survey results.
For Enterprise Businesses, the share of the risk for each organization is:
- With updated technology: 29% multiplied by $836,000 is $242,000.
- With old software and technology: 65% multiplied by $1,225,000 is $796,250
That’s a difference of $554,250, a 329% increase in expected costs.
For SMBs, the share of the risk for each organization is:
- With updated technology: 29% multiplied by $74,000 is $21,460..
- With old software and technology: 65% multiplied by $114,000 is $74,100
That’s a difference of $52,640, a 345% increase in expected costs.
Is The Cost Of Running Old Software Worth It?
In both cases, the risk of expected costs more than triple. An organization's IT and C-Suite leaders are ultimately responsible for deciding whether or not to eventually absorb the cost of running old software or to upgrade their software and other technology and avoid the higher costs of a data breach. We think you know which we would recommend for you and all our clients.
The hard truth of the matter is that there are costs to good cybersecurity that you need to weigh against the increased risks and costs of a data breach. But there are ways to minimize the costs of good cybersecurity as well.
At Digital Uppercut, we have clients that include medical offices, law firms, CPA firms, manufacturing plants, food processors, and many more. And for all of them, we specialize in maintaining, securing, upgrading and monitoring our clients’ IT infrastructure and networks. We can protect your company, too. Contact us today by using our online contact form or calling us at 818-913-1335.