February 5, 2025

The Hidden (Actual) Costs of Legacy IT Systems

The majority of the costs associated with legacy systems go unaccounted for. Learn how legacy IT systems, software, and hardware cost you more than you think.

On a warm summer afternoon in June, employees going about their day as usual start noticing PC screens turn black. By the time Maersk’s officials could understand what had happened, the shipping giant responsible for about a fifth of the world’s cargo was (almost) dead. In less than an hour, thousands of PC hard drives and IT infrastructures were irreversibly wiped out; employees were sent home without further notice, tens of ports around the globe rendered non-operational, and millions of dollars worth of shipments stalled indefinitely.

Maersk was hit by a ransomware attack called NotPetya — now infamous for being one of the worst cyber security attacks in history — resulting in about $300 million in losses. Thousands of other machines from hospitals to other enterprise giants like FedEx and Mondelez were also victims of this vicious computer program that irrevocably encrypted files, eradicating any data that once was meaningful.

Among the many lessons that the pandemic left us with, one of the most important ones is arguably this — most corporations are not ready for flexible work. A big part of the reason is literally the absence of flexibility, especially in the IT industry, which stems from legacy systems that are far too antiquated for the growing demands of modernization.

But what we also realized was that we need to be prepared. Abrupt lockdowns forced a remote work culture and although people have returned to pre-pandemic routines, the residue of what unpreparedness looks like has remained. Legacy technology is incapable of supporting modern needs and infrastructure, costing us more than we think it does.

Could all this have been avoided if it wasn’t for legacy systems?

The hidden costs of legacy systems

image depicting the hidden costs of legacy systems

The cost of vulnerability

Let’s go back to the ransomware attack on Maersk that almost irreparably paralyzed the company less than a decade ago. Ever since then, the shipping giant has taken its cybersecurity very seriously, investing billions in building a new infrastructure shifting from EDI (Electronic Data Interchange) to Blockchain. According to cybersecurity expert John Boles, Maersk could have avoided the attack altogether had it upgraded to its new IBM-based blockchain solution earlier. What’s more, these cybersecurity risks were revealed to the shipping company in March of the same year but it wasn’t taken seriously. Thanks to the attack, global shipping companies have become exceedingly diligent about possible data breaches.

Legacy systems are complicated and difficult to patch, leaving them vulnerable and susceptible to foreign malware. Once infected, it can be equally if not more difficult to patch and fix the breach before it causes irreversible damage. The credit reporting agency Equifax experienced something similar when it was unable to patch a data breach in its custom-built portal leading to the loss of 146 million individuals' sensitive personal information.

The “don’t fix what isn’t broken” mentality might’ve worked for you just fine but it’s not foolproof — it’s nowhere near it. Legacy IT systems are far from safe and unpatched vulnerabilities can cripple entire organizations from the inside leaving you with not enough options that can prevent or even repair malicious attacks.

The cost of unpredictability

From the moment we wake up till we go back to bed, we interact with hundreds of IT systems. The barista that prints a bill for your morning coffee; the voice assistant navigating you to work; the elevator that takes you to your office floor; the electricity you consume, the trash you recycle, the flight that takes you home for the holidays, the courier that’s routed and delivered to the right location. Everyday lives revolve around IT systems and we don’t know how many of these have turned legacy. Even one of the systems experiencing an outage can cause certain inconveniences. Inconvenience is bad customer service. Bad customer service is bad for business.

According to a report by Uptime, through a series of surveys done between 2020 and 2022, the proportions of managers and data centers that suffered a significant outage fluctuated between 60-80%. Most organizations have faced a system-related outage reportedly accounting for about 18% of all major outages. Cyber and ransomware attacks also accounted for about 11% of the total publicly reported outages in 2022 which rose from 8% in 2021, signifying an upward graph in the need for harsher security updates in legacy systems. What’s more, about 25% of the surveyed respondents said that these outages cost the company more than $1 million, and about two-thirds of the outages cost more than $100,000.

Outages in legacy IT systems aren’t easy to fix either. Numerous employees, system engineers, and experts spend hours patching updates to bring the system back online. The time that’s spent collectively could’ve been used for work that brings positive revenue to the company instead of resolving backlogs that shouldn't happen in the first place.

Which brings us to our next point —

The cost of productivity

Since 2010, the global expense of running IT systems has been approximately $35 Trillion, and about 75% of these expenses were towards operations and maintenance of these systems, most of which have become (or are becoming) legacy. According to a U.S. Government Accountability Office (GAO) report, $90 billion was spent on IT systems in 2019 and about 80% of that went towards operations and maintenance. Although not all of these expenses can be attributed to legacy IT systems, arguably, most of these expenses are for supporting antiquated software and hardware.

While maintenance costs are more explicit when it comes to legacy systems, the cost of an unproductive workforce not only fixing these systems but being set back because of them is a strong enough reason to reconsider your legacy infrastructure.

  • A tedious and repetitive training process to make your workforce familiar with legacy software, hardware, and systems.

  • Workarounds that exist only because of the limitations of such legacy technology. These workarounds can be demanding in terms of time and effort, leading to frequent frustrations.

  • Unplanned downtimes and outages require expensive expertise to be fixed and everything else is stalled because of it, leading to unproductive hours on an organizational level. Losses unaccounted for.

  • According to an employee happiness report, about 52% of employees are unhappy because of the software and systems they’re using at work. About 25% have considered leaving their jobs because of it.

When your workforce is too busy dealing with the inadequacies of your systems, there’s hardly any room for innovation. Most of the time is spent sticking band-aids on wounds that need more attention than first-aid. All these costs are unaccounted for. Even a couple of hours every day spent dealing with incompetent legacy systems equals hundreds of hours a year almost wasted.

The cost of ignorance

Modern tech has become annoyingly fast-paced, but like it or not, you’ll need updated systems to stay competitive. Monolithic legacy systems are difficult to maneuver and much more difficult to scale. The everyday functioning of these systems might seem innocuous but they’re extremely rigid and tenacious towards change, tying down corporations with stagnancy. The lack of a dynamically adapting system forces it to become obsolete and inefficient, gradually limiting the things a company could do with it.

Legacy systems put you in a box — operations become unresponsive to change, decision-making is crippled, and a general lack of things you can do takes a heavy toll on innovative growth. And as you become accustomed to these inefficient systems, you pull away from an innovative thought process altogether. Take Sears as an example— the once leading retail company in the US had to file for bankruptcy in 2018, not being able to keep up with the changing landscape of the e-commerce business because of outdated legacy infrastructure. It’s not that they couldn’t change, it’s because they didn’t want to.

Legacy IT systems can become inefficient sooner than you know and not even trying to keep up with necessary change will force you into a corner. A corner that becomes difficult to get out of.

The cost of reputation

Severe and public IT outages usually make the news and it might even cause a dent in your reputation as a vendor. Reputation is directly responsible for business and once faltered, takes an indefinite amount of time to rebuild. How your brand is perceived in the public eye largely influences how people interact and even partner with you. It’s an unspoken rule of thumb to prioritize efforts toward brand-building because, like it or not, brand perception is stitched into the very fabric of decision-making; companies won’t see you in a respectable light if not for reputation.

Constant outages, security breaches, and customer service requests can pile up into dissatisfaction. Customers can see through your system’s limitations and it’s costing them more than just money to maintain this partnership.

Not just customer churn but also hiring and employee attrition can become worrisome if you’ve been in the public eye for not the right reasons, especially top talent that wants to be associated with reputable names.

Modernizing isn’t as easy as it seems, either

A lot of people talk about modernization as a solution for legacy systems but forget about what needs to be done to get there. Modernization certainly is the answer but it doesn’t imply uprooting complete systems from the ground and rebuilding newer ones with whichever new technology is popular. If that were the case, organizations would have more systems than people using them.

We forget that most legacy systems are often indiscernible messes created from data silos, duplication, and temporary fixes lying on top of each other. Why? Because it’s easier to fix something in the short term. Because a lot of managers and employees have their hands tied from daunting, larger-than-life legacy systems, the modernization of which is too demanding of an undertaking. Because these systems are home to countless functions created by folks — who don’t even work at the company anymore — only they can understand. Millions of data points across hundreds of applications running on dozens of IT systems spread across a global network of data centers — these infrastructural foundations are deeply intertwined and it’s much easier to keep them running than to replace them. And rightfully so.

Something as disruptive as complete system restructuring might even be counterproductive and in some cases cataclysmic, leading to data leakages, abrupt outages, and unforeseen disruptions for customers. The problem isn’t with legacy software & hardware but rather with not thinking about them or not prioritizing coordination early which has been the bane of the IT industry for decades now.

The solution: don’t let systems become legacy

If outright modernization isn’t the answer, what is? Truly the best way to deal with legacy systems is not to let them become legacy to begin with. The first step is being aware of the problem: legacy systems are obsolete and you will become too if you don’t do something about it soon. Systems should be thought of as ever-evolving along with everything else in an organization. Endurance isn’t built at once but it’s a continuous process that demands attention.

Building an enduring system requires not intermittent check-ins and maintenance from employees but rather an entire team dedicated to system innovation. Constantly testing, constantly improving, constantly bridging the gap between “what it was” and “what it should be”. Perhaps system engineers should be allowed to prioritize frequent and steady changes to upgrade outdated legacy systems. Perhaps you should invest more in nurturing DevOps teams. Perhaps this is a discussion for another post.

Read more about the topic
View all articles
How to Lose a Lead in Five Ways

Getting a highly qualified opportunity is hard but losing one can be easier than you think.

Read more

Everything you need to know about working with a Managed Service Provider (MSP)

Managed Service Providers (MSPs) can be extensions of your IT team and provide expertise and support where and whenever necessary. This guide helps you understand exactly when you need an MSP, how to evaluate them, and how to handle an MSP when you hire one.

Read more

Why shadow AI will outpace shadow IT—and what you need to do now

Shadow AI is spreading fast in organizations, creating unseen risks and new challenges for IT leaders. Learn why it’s more dangerous than Shadow IT, what’s really at stake, and how to turn Shadow AI from a hidden threat into a strategic advantage.

Read more

Home
About
Blog
Press
Contact Us

©  2025 Technology Match