Read more about SaaS optimization: How to Stop Being a Target of Vendor Upsizing

Shadow IT Costs: Immediate and Lasting

5 min read Mansoor Ahmed

The amount of money spent on shadow IT is concerning, but it’s only the tip of a very dangerous iceberg.

We know that average enterprises spend over $4 million per year on SaaS (that they know of). We also know that shadow IT comprises 50 percent of IT spending. Given these two things, we can extrapolate that average companies are spending millions on shadow IT. 

Leaky budgets and out of control SaaS spending slow companies down, but shadow IT also creates increased exposure to cybersecurity threats that could sink a business. While considering the true cost of shadow IT, it is helpful to think of applications as investments, instead of simple expenses.

Shadow IT Costs vs. ROI

Shadow IT persists as a problem partly (largely?) because employees see value in procuring software on their own. And that means that some shadow IT is generating ROI. 

Employees don’t sign up for apps to intentionally hurt the company; they do it to become more productive. The issue is that they are not focusing on data leakage, redundant licenses, and the host of other problems that can come with unauthorized apps.

So, while eliminating shadow IT is a good idea, it might be worthwhile to first embark on a little discovery. What apps are being used, and where? Are those apps adding value to the organization? Is the issue about unauthorized apps, or redundant software and licenses?

Sometimes, curbing the costs of shadow IT just means making software that users are already using more “legitimate.”

Shadow IT Costs: The Full List

The complete costs of shadow IT might set a company back in terms of time, money, and reputation; business leaders who recognize each of these threat areas are more prepared to eliminate them. Consider:

Shadow IT Hurts Productivity

"Software that does not integrate with other systems smoothly can cause problems with compatibility, security, and information sharing." Click To Tweet

When an individual or a non-IT business unit procures software independently, they are likely to think about their needs without considering the greater technology plan. Software that does not integrate with other systems smoothly can cause problems with compatibility, security, and information sharing.

Shadow IT Opens the Door to Costly Cybersecurity Threats

When unauthorized devices and software make companies vulnerable to hackers, businesses may find themselves faced with costs that go even beyond the millions of dollars in wasteful spending. 21% of organizations have experienced attacks and other events because of technology that employees use without authorization from IT. Because the company’s security professionals have never been made aware of the shadow IT products, the products are not covered by the cybersecurity plan.

The average data breach costs an organization $4.24 million. This average is up from $3.86 million last year, partially due to the increasing prevalence of remote work. The average cost is $1.07 million higher in breaches involving remote work than it is in breaches where remote work is not a factor.

Time is Money and Downtime Costs Both

"The average ransomware incident results in 16 days of downtime." Click To Tweet

Security events disrupt operations, which is why they are so costly. For example, the average ransomware incident results in 16 days of downtime. To quantify the cost of downtime, consider the following stats:

  • The estimated average cost of downtime is as high as almost $9,000 per minute for large organizations.
  • Even for small businesses with less money to spare, the average cost of downtime is still $427 per minute.
  • A 14-hour outage cost Facebook $90 million in 2019 (nearly $6.5 million per hour, more than $100,000 per minute).
  • Average mid-sized companies spend $1 million per year on incidents, while larger organizations spend $60 million or more.

Cyber Attacks Cost More Than Money

"87% of consumers will avoid companies that do not handle data responsibly." Click To Tweet

The immediate cost of cyber events is already hard to swallow. Unfortunately, the other consequences of these breaches and attacks can continue to show up on the bottom line for years to come. When a business experiences significant downtime because of a cyber event, it appears unreliable, which hurts reputation. The brand can be damaged even more severely if it loses control of data during the event.

87% of consumers will avoid companies that do not handle data responsibly. Thanks to compliance regulations like GDPR, HIPAA, and CCPA, among others, it is relatively easy for these consumers to identify organizations with poor reputations for handling personal data appropriately.

Immediate costs and fines hurt right away, but a damaged reputation can have a devastating effect on a company’s value. It is difficult to assign a dollar amount to reputation, but possible–Verizon knocked $350 million off of the price of Yahoo! because of data breaches.

Redundant Licenses

Even putting aside the risks that come with a security breach, there is the issue of redundant licenses. Multiple teams or departments might all have their own licenses for the same software, and paying a premium for those licenses. Those should really be consolidated to save costs.


Finally, there is a heavy cost associated with shelfware: Software that gets purchased and then seldom or never used. If that software is on a subscription model, the tab can keep running, even if the software is not provided any real value to the organization. But if no one in the organization knows that it’s there, who is going to both cancelling it?

SaaS Cost Optimization: First Steps

Again, shadow IT has an ROI. Which means that proper SaaS cost optimization will increase that ROI. Your first steps should include:

Discovering SaaS Usage

If employees are signing up for SaaS apps on their own, there will be no way of knowing this without doing an explicit discovery. It is worth investing in a tool to do this.

Optimizing SaaS Licenses

SaaS license optimization is possible when leadership has a big picture view of SaaS usage, and then uses that to cut or consolidate unused licenses. For example, if most employees never record their Zoom meetings, it is unnecessary to pay for storage for their subscriptions.

Negotiating SaaS Contracts

When employees sign up for SaaS on their own, they simply agree to the click-through agreement. Those agreements might not be optimal for the organization as a whole. When new IT solutions are procured through the proper channels, there is an opportunity for business leaders to negotiate more favorable terms.

About Quolum

Quolum is a full-stack SaaS Spend Management product. Its data-driven renewals, spend controls, license monitoring, contract oversight, and a buying concierge helps companies save millions of dollars in spending.
Quolum is ideal for companies that have hundreds of SaaS tools. Finance, Procurement, IT Teams, and departmental spend owners use Quolum to help manage SaaS sprawl and remove shelf-ware.
Talk to us to get a demo of the product. You can start seeing savings in just a few weeks. No spreadsheets are required.