Why Shadow IT is the Finance Director's Problem

7 Minute Read

Shadow IT is the term used to describe technology that has not been purchased by the IT function. This sounds like something that the IT director should be concerned about, and while that’s true, this also has implications for the Finance Director. Why? Shadow IT can hurt the bottom line by adding ongoing and hard to quantify overhead, and has the potential to cause unexpected and significant one-off costs.

What is Shadow IT?

Shadow IT is any technology that employees or contractors have employed for business use without any oversight from the IT function. This can be hardware like laptops or phones, or, increasingly, software applications, usually cloud-based. Examples would include services like Dropbox or Google drive, or more specialised software for functions like sales and marketing, e.g., Zoho, Apollo, or Mailchimp.

Why has Shadow IT grown?

Shadow IT is not a new phenomenon – it’s been around for at least 20 years, marketing being an area where it was particularly common. With the advent of Cloud computing, shadow IT expanded rapidly. Employees could signup for software using a credit card and not require any support from IT as there was no installation of software required; they signed up, and it worked.

The Covid pandemic gave shadow IT another boost as employees suddenly found themselves working remotely and had to quickly find tools that allowed them to remain productive when away from the office. Zoom is probably the most obvious example of software that exploded in use, and often without any involvement from the IT function.

While the term shadow IT sounds somewhat negative, and as we’ll explore below, it can have negative financial impacts, the use of “unsanctioned” technology often happens for good reasons.

• IT doesn’t have the resources to support a business need – this was often the catalyst for marketing departments purchasing campaign management or content management tools in the early days of shadow IT. IT was resourced to support what were seen as the key back-office systems like Finance and HR, and couldn’t respond to additional demands.
• Things are moving too fast; this was a factor with Covid as mentioned above, but also applies to the speed with which new types of technology emerge. For example, social media wasn’t something that organisations concerned themselves with until relatively recently. Now tools are needed to plan and run social media marketing campaigns, understand sentiment on social media and run customer support efforts through social media to name but a few functions.  People working in organisations have had to move quickly to avoid losing out to competitors or disappointing customers, and not engaging with central IT functions is a way of saving time.
• Business functions may have very specific needs that aren’t catered for by the generic applications that are rolled out by the IT department. Now sometimes these needs are exaggerated and not meeting them has no meaningful impact on the business (so-called “gold plated requirements”, but in other cases these needs have to be met to provide competitive advantage, or for the business to even function. An example in this area would be Rebate management, something that is critical in some industries, e.g., Pharmaceuticals, Construction, and FMCG, but until recently was not catered for by the major software vendors.

As can be seen from the examples above, Shadow IT can have real benefits, allowing organisations to innovate faster and react to changes in the business environment. This increased agility and adaptability comes from not restricting the types of technology that can be employed, or the particular products that can be chosen. Many cloud software services can be trialled at little or no cost and then if they don’t work out another option can be tried in a similar way, so effective solutions can be found quicker than if a traditional, if more rigorous, procurement process is followed.

Why Shadow IT is going to increase

Generative AI (Chat-GPT, Claude, Gemini etc) has been the most publicised, and possibly hyped, new technology for a while. The jury is still out on whether it is going to be as transformative as some people believe, but it’s clear that it is already being used by lots of people, and that includes people using it for work-related purposes. As with other cloud software, access to generative AI tools is simple and doesn’t require any authorisation by an IT function. In the near-term it’s therefore probable that shadow IT is going to grow significantly, driven by the generative IT tools themselves, or the software services that are being launched that are based on these tools. If you are interested in a deeper dive on the implications of uncontrolled adoption of AI tools, this article from CIO magazine provides a good overview.

Why it is a problem for Finance Directors?

As shadow IT has the term “IT” in it, why isn’t it just the IT director’s problem? Why should a Finance Director be interested or concerned about it?

Firstly, there are some fairly obvious ongoing financial implications; there’s a whole category of cost that is at least partially hidden and which has limited or no governance around it. Typical cost impacts of shadow IT can include:

• Software is purchased, gets used for a while, and is then abandoned because another tool is adopted – but the subscription payments don’t get cancelled. Or whoever made the initial purchase leaves the company, and the recurring subscription payment is their legacy.
• Different employees purchase multiple software products are that have overlapping functionality, creating avoidable costs.
• More expensive subscription tiers are purchased than are really needed, e.g., a “Professional” subscription is taken out but the “Team” level that is half the cost would be completely acceptable. This usually happens because a particular function that sounds useful but in practice is just a “nice to have” is only available at a higher tier.
• Too many seats are purchased initially, or the number of seats doesn’t get reduced when a team downsizes.

It doesn’t take too much imagination to see why, with the commonly accepted figure for overspend on software (shadow or non-shadow) being30%, and with organisations on average spending around £2,000 per employee per year on software, that shadow IT can have a significant impact on the bottom line. And that’s just ongoing, low-profile costs.

When shadow IT goes wrong, then the costs can be in a lot more visible, and with a different order of magnitude. IT functions put a lot of effort into cybersecurity and in compliance with GDPR and industry-specific regulations. Someone signing up for the latest must-have AI helper usually doesn’t make that effort, or is even aware that effort might be required. There’s nothing to stop employees loading customer or other sensitive data into a software tool that’s hosted who knows where and has laughable levels of security.

In the case of GDPR, the Information Commissioner has the power to levy a fine of up to £17.5 million or 4% of annual turnover. Whichever is higher… That’s for “serious” data breaches. While high-profile organisations like BA (£20m fine) and Tik-Tok (£12.7m) are extreme examples of the financial impact of GDPR infringements, smaller organisations like a solicitors have had large (£115k) fines, and in this particular case it was due to a cybersecurity issue, not improper use of personal data by the organisation. While it’s unknown if the cybersecurity incident was related to shadow IT or not, the existence of shadow IT increases an organisation's “attack surface”, i.e., it provides hackers with more opportunities to access an organisation’s data maliciously, particular if the tools purchased by employees don’t have the security features mandated by the IT department. If you’re thinking that shadow IT is only an issue for large, sprawling organisations, this survey from Capterra demonstrates how it’s something that can impact small and medium-sized enterprises.

So, while shadow IT is primarily something the IT director has to worry about, it’s also got the potential to make the Finance Director’s life harder. As it seems increasingly likely that there are going to be additional costs imposed on businesses in the form of taxes (not taking apolitical position here, just reflecting some of the new chancellor’s recent comments) then now is a good time to be looking at shadow IT as a way of reducing costs.

What to do about it

The good new is that while some of the problems caused by shadow IT manifest themselves with the finance function, the solution can also be there. Exploration of invoice and expense data using proprietary tools that analyse and categorise software spend can identify opportunities to reduce shadow it (and other) software costs. This is a service that Costimised offers, and if you’d like  a no-obligation discovery call to get a sense of how much money you might be able to save please contact us at enquiries@costimised.com.

‍