Software failures can carry catastrophic risks, says Jon G. Hall as he announces the BCS IT Leaders Forum report: Digitalisation – software risk and resilience. Along with many findings, the report offers practical advice for IT professionals.

Recent events – the pandemic, global supply chain disruption, extreme weather – have strained the UK to breaking point. No one can fail to be aware of the consequences of lack of resilience in our economy and society. Digital systems are already a critical part of society and the economy – we all depend on services supplied by digital systems.

Their range is wide – there are very few people who do not use digital services – whether its bus arrival information or satnavs, credit cards or bank accounts, self-check out in the supermarket or staff scheduling in service industries. This is great as it provides people with information and services they did not have before.

But.

There is growing evidence that service breaches are increasing in scale and duration. Some are due to network failures but increasingly they are caused by software failures. Systems are increasingly complex and interconnected. Organisations are increasingly dependent on systems built out of a myriad of software components from a multiplicity of sources.

Major shocks

This means that failure causes and modes are harder to predict. The risks are similar to those from global warming or pandemics, in that major shocks are certain, but not their location or timing.

The BCS ITLF has set up a working group on software failure and digital systems’ lack of resilience. Its first publication, a think piece, estimates the cost to the UK economy. The costs, the report finds, are already comparable with those of road accidents – but these are decreasing while software failure costs are increasing.

For you

Be part of something bigger, join the Chartered Institute for IT.

As an IT professional, you will be more or less aware of these risks, but risks from software failures have, for a long time, been the elephant in the board room. Wider awareness by senior professionals is needed before most organisations have adequate policies and processes to prevent software failures and are able to mitigate the consequences of these.

We aim to increase this awareness, with IT professionals as the vector, and so our recommendations are for IT professionals to instigate action in their networks of IT and other professionals. This will allow boards to reach more informed decisions in relation to software risk and the resilience of their organisations.

And elephant in the boardroom

The think piece gives four recommendations for action, to mitigate failure and increase resilience. The overall aim is for deep planning throughout society to prevent software failure and to increase resilience after software failures.

It calls for a broader and deeper understanding of causes and mitigation of software failure – skills in the IT profession and more widely. We need integration of software risk into organisational and societal planning.

The report suggests also that we need to involve quality and risk professionals who have not been looking in this direction. And we need to explore insurance initiatives focusing on both prudential and systemic software risk.

We will be talking about these ideas at a joint event with the National Preparedness Commission, The Elephant in the Room – Software, in a Long Finance webinar on 23 November 2022 and a BCS virtual event to plan the next steps, on 6 December 2022. View FS Club events

This is our call to action for IT leaders: to engage with others to increase the UK’s digital resilience.