Tweet Compliance and Enforcement, Cybersecurity

New BSA Survey: Organizations Can Combat Cyberattacks by Avoiding Unlicensed Software

BSA GSS 2016Organizations worried by the ever-increasing threat of cyberattacks should start by looking inward. One of the first, critical steps an organization needs to take is to ensure that all of the software running on its own network is legitimate and fully licensed.

Doing so matters, as highlighted in Seizing Opportunity Through License Compliance, this year’s Global Software Survey from BSA | The Software Alliance. As that study demonstrates, use of unlicensed software is strongly linked to the introduction of malware and all of its dangers.  And once into a network, cybercriminals and malicious hacking can do significant harm.

In 2015 alone, cyberattacks cost businesses more than $400 billion. And it’s not just the immediate fallout that’s an issue. Breaches to a company’s security can have a powerful ripple effect. Enterprises can suffer damage to their reputation, and irreparable harm to hard-earned customer confidence. Even one successful cyberattack “can do serious harm to a company’s reputation and credibility,” notes the 2016 Symantec Internet Security Threat Report.

The good news is many companies do recognize the threat. In fact, this year’s survey found:

  • Some 49 percent of CIOs identified security threats from malware as a major threat posed by unlicensed software.
  • In a survey of workers, 60 percent cited the security risk associated with unlicensed software as a critical reason to use legitimate software.

But the bad news is that knowing about the threat is not the same as effectively working to prevent it. The global business community may be aware of the dangers of unlicensed software, but companies continue to allow it onto their networks at an alarming rate.

On this front, this year’s Global Software Survey from BSA found:

  • Thirty-nine percent of software installed on computers around the world in 2015 was not properly licensed.  This represents only a modest decrease from 43 percent in BSA’s previous global survey in 2013.
  • Even in certain critical industries, where much tighter control of the digital environment would be expected, unlicensed use was surprisingly high. The survey found the worldwide rate is 25 percent – a full one in four – for the banking, insurance and securities industries.
  • CIOs estimate that 15 percent of their employees load software on the network without their company’s knowledge, but nearly double the percentage of workers say they are loading software on the network that their company doesn’t know about.

It doesn’t have to be this way. There are four concrete steps organizations can take to curtail the use of unlicensed software and avert a host of associated cyber dangers.

The first step is to gather and maintain reliable and consistent data to assess whether the software running in your network is legitimate and fully licensed. Ensure that your biggest problem isn’t already sitting in your systems.

Next, consider your current and future business needs and align them to the right software and the right licensing model. Ensure you are getting the appropriate value for your expenditure.

Third, establish and implement policies and procedures to manage the lifecycle of your software — from procurement, to deployment, and retirement. Effective software asset management (SAM) practices need to support the business and in turn management needs to support the SAM process.

And fourth, integrate SAM practice into your organization’s internal control environment across the entire business. This includes educating employees on the proper use of software and the legal, financial, and reputational impact their software related actions can have on the organization.

Effective SAM practices are particularly powerful tools because they help organizations keep an ongoing inventory of what software is on their network and guard against unlicensed software use. SAM practices can also result in significant savings by driving out hidden inefficiencies from over-licensing applications or unused software.  In fact, studies have shown that properly managing software can lead to cost savings as high as 25 percent.

To read BSA’s full Global Software Survey, including estimated rates and commercial values of the unlicensed PC software installed last year in more than 100 countries around the world, visit

Jodie Kelley


Jodie L. Kelley leads BSA’s domestic and international compliance & enforcement programs including its copyright-enforcement activities, its compliance policy work, its efforts against Internet crime, and its educational programs to promote software license compliance and respect for intellectual property. Kelley serves as BSA’s general counsel for all corporate matters and manages BSAs’ compliance & enforcement programs and counsel in Asia, Europe, the Middle East, Africa, and the Americas. Representing the largest copyright-based industry, BSA operates in more than 60 countries worldwide.

Prior to joining BSA, Kelley served for six years as Vice President and Deputy General Counsel of Fannie Mae, a government-sponsored enterprise chartered by Congress to provide liquidity, stability and affordability to the US housing and mortgage markets. There, she was responsible for managing the company’s litigation portfolio and its responses to various governmental inquiries. She also was responsible for advising the company on issues including antitrust and anti-fraud. Previously, she was a partner at Jenner & Block in Washington, where she specialized in civil and regulatory litigation and handled cases before trial and appellate courts and regulatory agencies throughout the country.

Kelley is a native of New Orleans, and a member of the Board of Directors of Commonwealth Academy. She earned her JD from Harvard Law School and BSS from The Pennsylvania State University.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × four =