Poor software quality cost businesses $2 trillion last year and put security at risk

Dive Brief:

  • Poor software quality cost organizations across all U.S. sectors $2.08 trillion in 2020, according to a report published Wednesday by the Consortium for Information & Software Quality (CISQ). The estimated incurred costs stem from unsuccessful IT and software projects, poor quality in legacy systems and operational software failures.
  • Operational software failure is the leading driver of cost, reaching an estimated $1.56 trillion in 2020, a 22% increase since 2018. The cost of unsuccessful development projects totaled $260 billion in 2020, a 46% increase since the previous estimate in 2018.
  • Cost estimates for operational software failures may fall short in the context of a surge in cybersecurity failures throughout 2020, the report warns. Overwhelmed supply chains and e-commerce systems became prime targets for actors looking to exploit software vulnerabilities.

Dive Insight:

An undetected software flaw can trigger critical system outages. And misconfiguration of cloud platforms have resulted in data breaches and ransomware attacks, such as the 2019 Capital One data breach.

CISQ defines poor-quality software as products that don’t provide value to users, fail to meet profit goals, produce serious complaints and problems and fail to contribute in some way to the goals of humanity. 

In 2020, IT projects executed in haste as a response to the pressures of the pandemic contributed to an expansion in software failures, according to Herb Krasner, author of the report and advisory board member at CISQ. 

“There was a lot of software put together very quickly,” said Krasner, a retired software engineering professor at the University of Texas. “It was reactionary to what the situation was. That means that a lot more software was put into service over these last nine months or so than would have been otherwise.”

Companies struggle to deliver value at high speed without putting the quality of their software products in jeopardy, according to the report. 

“Software quality lags behind other objectives in most organizations,” according to the report. All these costs are a result of inattention to quality.

Often caused by malicious actors who exploit software vulnerabilities, data breaches cost organizations an average of $3.9 million, according to a report from IBM and the Ponemon Institute.

CIOs troubled by the cost of poor software quality can start by assessing what that cost is for their organization. Once leaders understand the scope of the problem, executives can “start to identify where the large pockets” of vulnerabilities lie within their organization, and prepare a plan of attack to remedy them, said Krasner.