50% of businesses suffer IT failures due to bad software updates

A survey reveals half of businesses have suffered at least one business critical IT failure as a result of installing a bad software patch.

The research also revealed that a quarter of those surveyed suffer recurring IT failures and lost productivity resulting from software bugs and incompatibilities introduced by badly developed software updates. The survey of 256 senior IT decision makers in the UK was conducted by research company Opinion Matters.

Commitment to deploying critical updates quickly is clear, with 90% of those surveyed applying patches within the first two weeks after they are released. However, for many the process remains a manual one, with 45% not using a dedicated patch management solution to distribute and manage software updates.

This lack of automation is a major contributing factor that explains why 72% of surveyed decision makers do not deploy within the all-important first 24 hours after a critical patch is released to the public.

Additional key findings

  • 51% of those surveyed said their organisations did not have a rigid policy regarding the installation of critical software updates
  • 25% of respondents have suffered multiple IT failures as a result of buggy patches or compatibility issues created by a software update
  • The legal (43%) and healthcare (40%) sectors struggle the most with recurring IT problems caused by bad patches
  • The personnel sector is the biggest user of dedicated patch management solutions, due to the lack of dedicated on-site IT support in most recruitment offices
  • 29% of the survey group consider security to be the most important benefit of prompt software patching
  • Improved productivity within the IT department, added security and compliance are the main drivers for investment in patch management solutions

The stark figures revealed by this research reinforce the importance of testing patches before deploying them in a production environment. Patch management solutions help keep the balance between maintaining productivity – testing patches to make sure they do not interfere with the business environment – and applying security patches in a timely fashion to avoid compromising security.

Patch management solutions can also roll back problematic patches and get the company back to work in a fraction of the time compared with a manual uninstall process or, worse still, a PC rebuild.

Small companies with nine users or less are the quickest to deploy patches, with 45% deploying within 24 hours. Slowest to deploy are companies of between 250 and 500 users, with 63% taking up to a week to deploy known patches.

The legal and construction sectors are the most conservative when deploying patches, with 71% of each vertical taking up to a week to deploy a patch. HR businesses are the most proactive, with 50% deploying in the first 24 hours, closely followed by financial services with 46% deploying inside a day.

The research revealed a clear shift within the financial services sector, which following the implementation of stringent compliance regulations such as Sarbanes-Oxley and Basel II, has moved from being cautious regarding IT change to being more open to deploying updates and critical patches as soon as possible in order to reduce the risk of data loss, theft or reduced oversight over financial activities.

Cristian Florian is a product manager at GFI Software. Starting as a software developer, he developed his career step by step gaining more than ten years of experience in security and software development.