As software technologies continue to grow in power and complexity and microprocessors continue to shrink, we are witnessing the rapid expansion of software into virtually all areas of our business and private lives. Today, it is found in cars, traffic lights, household appliances, communications and transportation systems, hospitals, airplanes, medical devices, next-generation payment cards, business supply chains, and enterprise management systems. Software is truly becoming ubiquitous. This article illustrates the consequences of software failure, the dynamic process of risk analysis, and the importance of the right business decision.
As business' reliance on software grows, so do the business-related consequences of software failure. In today's rapid-paced business environment, software must work. In fact, if your software fails, your company may be right behind it.
The term essential software refers to software that must be reliable, safe and secure. Nearly every large enterprise relies on essential software that is either embedded in its products or driving its eCommerce business systems and operations. The next wave of the Internet revolution will see the emergence of mission-critical eBusiness software running business-to-business (B2B) transaction engines, Internet-enabled smart cards and devices, and intelligent manufacturing and supply chain automation systems. Medical devices running embedded software will also become more commonplace. Software has become the very heart of the new economy, and business risk management must include software risk management (SRM).
First, the Bad News
The consequences of essential software failure can be dramatic. At the extreme, the failure of essential software in a safety-critical system, automobile brakes for example, can result in loss of life. From a business perspective, the financial consequences of essential software failure can be severe as well. They include:
- Revenue loss in the millions when software fails or key information is stolen or compromised
- Brand damage and severe market impact when software does not work as advertised or security vulnerabilities impact consumer trust
- Liability costs when consumers cannot complete online transactions or when software embedded in airplanes, automobiles, pacemakers or nuclear reactors causes injury or death
- Productivity loss when software malfunctions or ceases to function altogether
A few examples show, in no uncertain terms, that software risk must be managed like other serious business risks:
- Hershey's sales for Q3 1999-the company's peak shipping period-dropped more than $150 million (12 percent) from the previous year because of an enterprise software glitch that prevented Halloween candy from being shipped. As a result, the candy maker's net income for that same period was down 19 percent from 1998. 1
- Online auction giant eBay experienced revenue loss of nearly $4 million in the form of customer credits when a software problem caused a 22-hour system outage in June 1999. 2 The lost revenue was just the beginning of eBay's problems; the impact on investor confidence resulted in a loss of $5.7 billion in market capitalization. 3
- In 1999, the U.S. Securities and Exchange Commission fielded over 20,000 investor complaints related to software problems in online trading-a dramatic increase from the roughly 1,000 complaints filed in 1998. 4
- The former parent company of bankrupt pharmaceutical distributor FoxMeyer is suing SAP for $500 million because the vendor's enterprise resource planning software allegedly brought FoxMeyer to a virtual standstill. 5
- The Standish Group estimates that software problems accounted for $85 billion in lost productivity in U.S. companies in one year alone. 6
Even dot-coms with little tangible equity are concerned about software quality. After all, when a business spends millions to build its brand, it makes sense to invest in reliable, safe and secure software to protect that brand. Brand awareness and consumer confidence are all too easily eroded, and often software problems are to blame.
Need more proof?
- A software glitch allowed H&R Block's online customers to view other clients' tax returns, causing a loss of credibility for the Web-based service offering and damaging the venerable firm's reputation. 7
- Online music retailer CDUniverse's reputation was damaged when a security flaw in its software was exploited by a hacker who stole 300,000 credit card numbers and published them online, complete with the cardholders' names and addresses. 8
Light at the End of the Tunnel: Assessing Software Risk