You might think that the short-term savings of time and money achieved by cutting corners on quality assurance are worth it, but the risk could end up costing you more than you think. In 2017 software failures affected 3.6 billion people, and cost $1.7 trillion in financial losses.
It can be tempting to use lazy software testing processes to save time, but it’s robbing Peter to pay Paul. If you are continuing to use old tests for new software so that you don’t have to design a new test for each software, the older the test gets, the less effective it becomes. If you’re designing the same tests that aren’t rigorous enough for your new features or environment, then you are putting your business at risk. Put simply, if your software isn’t failing tests, then you’re probably failing at testing it.
Testing processes aren’t the place to save time and effort. They should try and expose vulnerabilities so that they can be fixed before the user is affected. Lazy testing techniques mean that a small glitch or bug could permanently damage the brand image, cost millions of dollars, or yes, even potentially cost someone their life.
IT Risk to Brand and Image
One of the most famous security breaches in recent history is the Equifax leak of 145.5 million people’s personal information. On May 14 2017, a vulnerability in the Equifax framework was exploited to expose first and last names, Social Security numbers, birth dates, and addresses of millions of consumers. The information gained in the hack left these individuals exposed to identity theft and could ruin their financial record.
In the 10 days after the hack was publicized, YouGov, a company that measures brand perception, reported that Equifax’s score dropped 33 points, from around a neutral perception to a very negative one. In fact, the blow to reputation was larger than any other high-profile breach. This may be in part because Equifax was alerted to the vulnerability and scanned twice for the problem but found nothing. The vulnerability was only patched after the hack. Proper software security testing rather than a simple automated check might have exposed the vulnerabilities that compromised private information.
Since the hack, the Equifax brand has become synonymous with security breach. They even created an entirely separate website dedicated to finding out if customer’s data was affected, and if so, what next steps should be taken. Some of controlling brand image is linked to how you respond to an attack or bug, but wouldn’t it be easier if you didn’t have a problem to begin with?
IT Risk Leads to Financial Loss
An effort to save money ended up costing British company Provident Financial more than two billion dollars. The subprime lender offers high-interest credit to people in financial difficulty who cannot secure a traditional loan through a bank. In 2017 the company implemented a new scheduling software hoping to streamline home visits by its customer experience managers (CEMs), who travel door to door selling loans and collecting debts. Instead, software bugs in the new system began scrambling timetables and routes, as well as scheduling appointments to homes already visited by colleagues. Along with declining collection rates, CEMs began to feel frustrated when they couldn’t do their jobs properly. In the end, the glitches and subsequent loss of profit led to Provident Financial losing 66% of its stock market value in a day with shares plunging from more than $22.00 to under $8.00.
IT Hardware Risk Leads to Bodily Harm
The U.S. Food and Drug Administration recalled nearly half a million pacemakers, devices which control a patient’s heartbeat. Six types of the devices, made by Abbott Laboratories, were pulled after it was exposed that a vulnerability could leave them open to wireless hacking or computer viruses.
Security testing could have shown that the pacemakers’ points of entry were left exposed to those with malicious intent, but because of weak testing, patients that used the technology were faced with monumental life-threatening implications