Risk Management Series - Part 2: The Six Hidden Costs of Obsolete Technology

Posted by Laura Mauersberger on September 25, 2017


In the previous blog series, we covered proactive technology risk management, outlining the risks of  not knowing an applications' true lifecycle, and the effect it has on their supporting technologies. In this article, we will cover the six hidden costs of obsolete technology.


Inability to support business

While the costs of IT outages in terms of lost revenue are the most obvious ones, there are further aspects to consider. Today’s businesses are strongly interconnected via systems. So IT outages can seriously affect up-and-downstream processes. This multiplies the cost that occurs for resolving the incident. And while IT resources are tied to fixing the problems, other workforces may stay idle, as they are unable to continue their work.

These direct costs can already add-up to high amounts, but it let’s think one step ahead. How much competitive advantage is lost, as the business cannot react adequately to new opportunities because it is tied to old technology? How high are the opportunity costs of IT reacting to problems of outdated technology that could be spent on building technology that actually puts the business at an edge?

Security vulnerabilities

Vendors constantly release upgrades and patches to their software and with good reason. The complexity of modern software comes with almost unavoidable security flaws. Using older technology means to expose your company’s systems to known flaws and attacks

that no defense is in place for. The fast and iterative improvements of technology mean that technology today tends to be much more reliable than just a few years ago. Abacus4 estimates that between 70% and 80% of the top 10 malware detected by a company could be avoided if their technology was updated correctly.

Lower IT flexibility

Despite being end-of-life, many companies still hold onto Windows XP as they have built an entire ecosystem around it. This prevents them from moving forward with modern technologies, as they are incompatible or tie resources in refitting modern technology to old infrastructure. This limits enterprises’ flexibility in all kinds of areas, like data analysis for better decision-making, communication, or the development process of new applications.

Higher complexity

When it comes to the retirement of old technology, CIOs have to carefully balance two aspects. On the one hand, they need to “keep the lights on”. They need to make sure, above everything else, that IT operations are running smoothly. As the old proverb says, you should

never change a running system. There is, of course, some truth in this, as an upgrade to newer technology usually is accompanied by some kind of interruption. But keeping the status quo comes at the cost of increased complexity. Suddenly, the organization needs to manage and train for a whole zoo of technology and at one point in time, Oracle database versions for e.g. Oracle databases 9i, 10g, 11g, and 12c need to be supported.


Lack of skills and support from vendors

The longer technology is used, the fewer employees will actually be knowledgeable about it. It is a common phenomenon that the maintenance of legacy software depends on few veteran employees that still have the necessary knowledge. In addition, vendors understandably focus their resources on their latest products. As a consequence, they may charge for extended support and information on products becomes less accessible.

Compliance issues

Businesses need to comply with a number of regulations from HIPAA over PCI to FISMA. While compliance does cost money and in terms of technology requires an accurate view of applications and technology, the cost of non-compliance is typically higher. As a rule of thumb, experts say that the cost of non-compliance is 2.5 higher than the cost of compliance.


New Call-to-action