The Risks of Using Outdated Technology

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free

The Risks of
Using Outdated Technology

by James G. Barr

Docid: 00021025

Publication Date: 2009

Publication Type: TUTORIAL


When faced with an uncertain economic environment, enterprise leaders
often emphasize operational economy. In particularly hard times, this can
result in hiring freezes, staff furloughs, and even layoffs. Before
invoking such extreme measures, however, enterprises will often look to
defer, reduce, or eliminate non-staff spending that is deemed
discretionary. One manifestation of this phenomenon is elongating computer
“refresh” cycles and delaying software updates, even for
vendor-recommended revisions. Be aware that while no type of enterprise
investment should be immune to cost-cutting, there are risks associated
with maintaining outdated information technology.

Report Contents:

Executive Summary

[return to top of this

When faced with an uncertain economic environment, enterprise leaders
often emphasize operational economy. In particularly hard times, this can
result in hiring freezes, staff furloughs, and even layoffs. Before
invoking such extreme measures, however, enterprises will often look to
defer, reduce, or eliminate non-staff spending that is deemed
discretionary. One manifestation of this phenomenon is elongating computer
“refresh” cycles and delaying software updates, even for
vendor-recommended revisions.

Be aware that while no type of enterprise investment should be immune to
cost-cutting, there are risks associated with maintaining outdated
information technology. Among the most critical factors to consider are
increased service disruptions and deceased security.1

In addition to financial considerations, there are other reasons commonly
cited for not replacing outdated technology:

  • Insufficient time, with other tasks like software
    development taking precedence.
  • Unfamiliarity with new and emerging technologies,
    making implementation problematic.
  • Loss of productivity, as users and customer support
    personnel must take time to receive the requisite technology training.
  • More technical problems, as new “bugs” are revealed
    and resolved.
  • Potential customer impact, leading to lost revenue
    or even lost customers.

Enterprise executives also express concern about adopting new or updated
technology prematurely, before “others” have an opportunity to demonstrate
that the technology is safe and reliable.

Although there is every reason to exercise caution when it comes to
replacing “tried and true” technology, these enhancements should not be
approached with an overabundance of caution as the risks of maintaining
outdated technology may be greater than the risks of moving forward with
new and improved systems and software.

for Maintaining the Technology Status Quo

[return to top of this

While enterprise executives understand the importance of information
technology to their business, maintaining the technology status quo can
seem acceptable, even prudent. The following are six reasons executives
might cite for “standing pat” technologically.

Reason 1: Upgrading technology is costly

While it may be argued that not upgrading technology is costly in the
long run, upgrading technology is costly in the short run. Faced with
competing fiscal priorities, an enterprise may elect to delay the
procurement of new or updated software or hardware, especially if the
consequences of any delay are not obvious or readily quantifiable.

Reason 2: We’ve overspent on technology in the past.

Overspending can be the consequence of making tactical, rather than
strategic, purchasing decisions.2 Take backup systems,
for example. Each of several branch offices purchase their own data
archiving device. While the approach is tactically sound (sound from
the perspective of each individual office), selecting a multi-office,
cloud-based solution – the strategic play – is generally cheaper and
produces a more reliable and maintainable solution.

Reason 3: Selecting the right technology is hard.

Agreed! That’s why proposed technology procurements should be
subjected to rigorous evaluation. The RFP (Request for Proposal) process
is favored because it requires requesters to identify and prioritize their
real requirements.

Reason 4: Security spending is futile.

According to Jeff Dodd of OnsiteRIS, “Many mid to large size companies
under invest in security based on the assumption that they’re not at
significant risk.”3 Others assume that if large – and
presumably sophisticated – information infrastructures like those
belonging to Target and Sony can be hacked, then “resistance is
futile.” Both assumptions are dangerously wrong.

Reason 5: The workplace isn’t the workplace anymore.

Owing to the popularity of smartphones and tablets, which are gradually
replacing conventional desktops and workstations, thus liberating
employees from the physical confines of their cubicles, the era of the
virtual enterprise has arrived. The ability of enterprise staff to work
anywhere, anytime is improving enterprise productivity and employee
morale. It is also, however, creating confusion relative to IT investment,
with many enterprises uncertain about out to deploy technology in support
of this new Mobile First environment.

Reason 6: Collateral costs are a killer.

Even when hardware and software costs are deemed affordable, the
collateral costs – including on-going maintenance and training (technical
and user) – may make new technology cost-prohibitive.

Bottom Line

Within any enterprise, there are always reasons for avoiding new
technology. These reasons should be accepted or rejected only after
receiving serious scrutiny.

[return to top of this

Although the reasons for putting technology acquisitions and upgrades “on
hold” may seem reasonable – even compelling – such a posture can put the
enterprise at risk. The following are twelve reasons why.

Risk 1: Greater Downtime

All hardware-based technology, including information technology, is
subject to sudden and catastrophic failure. In many cases, age of the
components is a primary contributor. Even when backups exist, backup
technology can be extremely error prone. As a consequence, the loss of a
computer hard drive may result in unrecoverable data losses, especially in
the case of small businesses. Periodically migrating production data to
new systems and new drives will help minimize the threat.

Risk 2: Diminished Security

Hackers and other cyber miscreants are constantly exploring popular
operating systems and applications to discover and exploit security design
flaws. As countless data breaches have demonstrated, these efforts are
often rewarded.

The most effective technique for protecting enterprise software is
, in which IT and security personnel promptly
evaluate vendor-supplied software updates and security fixes. Applying
these updates and fixes, as appropriate, at the earliest opportunity is
considered an IT best practice.

Risk 3: No Support

To reduce their customer service obligations, technology providers frequently
decommission last generation hardware and software systems. In the last few
years, for example, Microsoft has ended support for Windows XP and Windows 7.

For customers, the expiration of vendor support is often apparent in
three ways:

  1. Problems are not fixed.

  2. Security holes are not plugged.

  3. Customer service is effectively canceled.

Complicating the situation, still-supported software may become
unsupported if run in an obsolete environment (such as Windows XP or Windows 7).

Fortunately, most vendors provide ample notice before discontinuing a
technology product or service. In most cases, this permits a smooth
transition to a replacement solution.

Risk 4: Expensive Repairs

Analyst Jeff Rapp reveals
that according to Cetan Corporation, "PCs more than 4 years old experience an
average of 21 hours of downtime per year, and
cost 50 percent more to repair
than the cost of purchasing a new [computer]."4

Moreover, once repaired, these legacy units are still slower, less capable, and
more vulnerable to cybercrime than fresh-off-the-shelf PCs.

Risk 5: Shaky Compliance

Regulatory compliance is among the chief concerns of chief
executive officers (CEOs). In the US, for example, enterprise chief
compliance officers (CCOs) must contend with statutes such as:

  • HIPAA – The Health Insurance Portability and Accountability

  • PCI or PCI DSS – The Payment Card Industry Data Security

  • GDPR – The European Union’s General Data Protection Regulation; and,
    most recently,

  • CCPA – The California Consumer Privacy Act.5

A key element in assuring compliance with these and other applicable
laws, regulations, and standards – particularly as they relate to the
provision of privacy and security measures – is maintaining modern technology.

Risk 6: Declining Productivity

Outdated technology can adversely affect enterprise productivity by
denying users new functionality and enhanced system performance. In some
cases, this leads to reduced competitiveness and lower profits. Rather
than being viewed as a cost center, technology should be seen as a prime
enabler of enterprise business, thus creating a bias in favor of
technology advancements.

Risk 7: BYO Technology

The “bring your own” (BYO) movement, which began with enterprise
employees accessing enterprise information and IT systems over personal,
consumer-grade smartphones and tablets, has expanded to include
do-it-yourself “personal clouds” featuring Dropbox and other popular
consumer services. This “shadow IT” environment is generally not supported
by the enterprise IT department and often exists because the enterprise
has been slow to embrace new technology, encouraging users to “take
matters into their own hands.” As a matter of policy, the enterprise should
reclaim its decision-making prerogative relative to technology by
conscientiously examining new technological breakthroughs as they occur.

Risk 8: Loss of Competitiveness

In evaluating vendor “A” versus vendor “B”, prospective customers are
often mindful of the competitors’ technology. Providers that boast
“state-of-the-art” technology are better positioned to win deals than
providers endeavoring to “get one more year” from their legacy systems.

With respect to existing customers, analyst Jeffrey Keuber reported on a
Microsoft survey which revealed that "91 percent of people said they would consider going elsewhere to meet their needs
if an organization had aging tech."7 

Risk 9: Reduction in IT Responsiveness

As analyst Cole Humphreys observes, “Your ability to provide timely IT
solutions to your organization is greatly hindered with older
infrastructure.”8 Older technology offers fewer functions
and features from which to build modern applications.

Risk 10: Technology Roadblocks

As analyst David Elmasian warned in 2014, “a reliance on older hardware will …
hinder IT flexibility. Upgrades, updates, and reconfigurations will all
have to be made with the older hardware in mind. The older the hardware
gets, the more of a hindrance it becomes. Nowhere is this more evident
than in the … transition from Win XP in enterprise. Despite being
past [end of life], many companies still hold onto XP because they have
built their entire IT ecosystem around it, thus, preventing the company
from moving forward with newer, incompatible technologies, or tying up the
IT department into retrofitting technologies to work with XP.”9

In the intervening six years, the support situation has only
deteriorated. Not only do some XP users doggedly hang on to XP, but now some
Windows 7 users are refusing to migrate to Windows 10.

Risk 11: “Keeping the Lights On”

According to analyst Justine Brown, “Employing older technology can also
take a toll on IT staff. As technology ages, staff may need to perform an
increasing number of workarounds to ensure everything continues to perform
correctly. Such workarounds may slowly rise in number and become
increasingly complex, until an IT staff is spending an inordinate
amount of time just ‘keeping the lights on.’ Even worse, this
practice can have CEOs or board members convinced that new investments in
technology are not needed.”10

Risk 12: Recruitment & Retention

Expanding on Ms. Brown’s observation, most IT staff members like to “stay
current” with new and emerging technologies. If that desire is frustrated
by their employer’s refusal to integrate leading-edge IT systems and
services, some staffers – often the best technicians – will consider
changing jobs.

Analyst Jeffrey Kueber reported on a Harvard Business Review study which
revealed that:

  • "54 percent of US business leaders say
    company technology plays a key role in whether applicants accept their job
    offers or not;" and
  • "42 percent say outdated hardware hurts their ability to
    retain talent."11 

Risk 13: Reputational Risk

Information technology, particularly mobile technology, has become an
influential force in enterprise success. Realizing this connection, many
outside observers, especially customers, may begin to assess an
enterprise’s prospects based on their technology commitment, as evidenced
by the enterprise’s investment in the up-to-date IT tools like virtual
desktops or hyperconverged infrastructure. By operating with outdated
technology, an enterprise may signal that it’s not ready for today’s
business challenges, thereby damaging the enterprise’s brand.

Risk 14: Home Office Technology

Over the last several decades, many employees have transitioned from
full-time office work to part-time or full-time home work. The COVID-19
pandemic has accelerated this trend with the effect that more employees are
relying on personally-owned computer equipment than enterprise-issued.
Whereas enterprise-owned devices are often replaced on a set schedule,
employee-owned systems may not be similarly upgraded. As one example, office
PCs may be running Windows 10 while home PCs execute an unsupported Windows
7 operating system.


[return to top of this

The ultimate aim of risk management is not “managing” or containing,
risks. The aim is to eliminate or, at minimum, mitigate such risks. There
are four recognized methods of mitigating risks:

  1. Risk Avoidance – Refraining from participating in
    “risky” activities.
  2. Risk Reduction – Limiting the severity of
    risk-related losses.
  3. Risk Toleration – Learning to accept certain
    risk-related losses.
  4. Risk Transfer – Transferring risk responsibility to
    another party (or parties).

Enterprise executives who choose to delay the introduction of new or
updated technology are effectively employing a
strategy. Enterprise executives who elect to
embrace new technology may pursue:

  • Risk Transfer – Engaging cloud providers as
    de facto technology decision-makers.
  • Risk Reduction – Injecting discipline into
    the technology management process by instituting
    lifecycle management practices, and establishing technology
    leadership by naming a chief technology officer.

Delegate Technology Decisions to Cloud Providers

According to cloud solutions provider Cetan Corporation, “The advent of
cloud computing has made staying up-to-date with technology much more
manageable for companies. When you delegate your IT infrastructure to your
cloud provider, upgrades and patches become their problem, not yours. Your
people have fast, reliable access to applications and information from
anywhere at any time.”12

Practice Technology Lifecycle Management

Ideally, the technology lifecycle management (TLM) process should inform
all enterprise technology decisions. In addition to standard elements –
like selection, implementation, and training – the process should

  • How a particular technology – or technology solution – should be
    evaluated over time.
  • What conditions would warrant a technology upgrade – for example, a
    critical security fix.
  • What conditions would warrant a technology replacement – for example,
    the need to satisfy an emerging business requirement.

Importantly, the rationale for retaining or replacing enterprise
technology should be well established, thus avoiding the inadvertent accumulation of
outdated technology.

Budget for Home Office Maintenance

Provide regular home office workers with the funds and technical
expertise required to replace or upgrade any obsolete hardware and software.

Appoint a Chief Technology Officer

To help ensure enterprise executives are informed about the latest
technologies and technological trends (like the emergence of edge
computing), enterprise officials should recruit a Chief Technology Officer (CTO).

The CTO, whose position is distinct from the Chief Information Officer
(CIO), can avoid the distractions of everyday technology issues, and
concentrate on how the enterprise’s technology environment could – and
should – evolve over the next five to ten years.

The CTO can also lead the technology lifecycle management process.

[return to top of this


1 “The Risky Business of Outdated Technology.” Abacus Data

2 "Five IT Mistakes to Avoid: Expert Insight on Determining
Technology Need." Brother International Corporation. 2015.

3 Ibid.

4 Jeff Rapp. "The True Impact of Running Older, Outdated Technology."
ARCIS Technology Group Inc. August 20, 2020.

5 “Fast Guide to Regulatory Compliance.”

Jeff Rapp. "The True Impact of Running Older, Outdated Technology."
ARCIS Technology Group Inc. August 20, 2020.

7 Jeffrey Kueber. "How Much Is Your Outdated IT Equipment Costing
You?" Wipfli LLP. November 4, 2019.

8 Cole Humphreys. “The Risks and Hidden Dangers of Outdated
Technology.” Rackspace, US Inc. June 4, 2014.

9 David Elmasian. “Three Risks and Dangers of Outdated
Technology.” Managed IT Support, Boston MA | Applied
Synergy Group. July 1, 2014.

10 Justine Brown. “Risk and Repeat: How Outdated Technology
Can Devastate a Business.” Industry Dive. July 27, 2015.

11 Jeffrey Kueber. "How Much Is Your Outdated IT Equipment
Costing You?" Wipfli LLP. November 4, 2019.

12 “Cloud Computing.” Cetan Corp. 2016.

About the Author

[return to top of this

James G. Barr is a leading business continuity analyst
and business writer with more than 30 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying
, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at

[return to top of this