Financial Markets Projects. Scoped. Delivered. Done. Contact Us 02-9280-4443

dedication group
newslettersarticles  

Name:
Email:

resources

resources

> More articles and tips

Software Blackmail - Will you be a victim?

Through our engagements; we have seen a number scenarios where software and/or hosting providers are demanding extortive payments from their clients in exchange for business continuity. These clients are faced with having a key business system turned off if they don't agree to pay their software provider a large lump sum settlement.

This article describes these scenarios, and how to protect yourself if you find yourself in this situation.

Caveat: we'd like to clarify that Dedication Group works with a fantastic group of companies in the software industry, and the great majority of providers you will encounter most certainly do not fall into this category. This is an unfortunate tiny subset of the industry who are not helping anyone.

Why Do They Do This?

Essentially, these providers are looking for an Exit Strategy from their business or industry. They may have realised that their business is centred on a single product and/or one or more significant clients; but not a business which is attractive for a Trade Sale to a complementary purchaser. This results in the provider using their clients to fund their exit strategy; rather than selling their business as a going concern. Given these motivations; the provider is not fazed by the impact to their reputation from holding their clients to ransom.

How To Spot a Potential Blackmail Situation

We have found that the type and size of their client business is not a factor in this situation arising. That is, there appears to be no particular business profile which could be deemed a soft-target. Instead, we have identified the following characteristics which should serve as red flags, and prompt further analysis:
  1. The provider's business has not grown significantly beyond their offering to your business
  2. Your system has quite sophisticated functionality, or large amounts of intellectual property embedded in the software
  3. Your system is custom-built for a particular purpose. That is, the system is most certainly not off-the-shelf, generic software which can be easily replaced by a commercial offering
  4. The system is hosted externally to your business, more importantly, by the same company who built it originally
  5. The system is a critical part of your business. It is no secret to anyone that the loss of the system would be detrimental to your business

Decisions To Be Made

There are many factors to consider when faced with a "pay up or else" ultimatum, and regardless of the situation; a decision must be made. Recognise that:
  • If the cost of replacing the system is far in excess of settling with the provider; consider arranging a payment structure which ensures your business can move forward. The years of IP embedded in the system will be difficult to replace easily and quickly. Always get legal advice to ensure you explore the legal implications of your actions, and whether there are remedies available to you.
  • If the choice has been made to replace the encumbent system based on the cost-benefit of replacing it (and for the sheer principle of the matter!); the replacement project needs to progress as a matter of urgency, but must be planned and executed properly. Simply put; undertaking system replacement projects whilst under pressure are significantly more difficult than greenfield development projects. Replacement projects involve the added layer of data migration, not being able to consult the previous vendor, having to reverse-engineer the system functionality and logic, and the potential risks to the business of losing the system before you're ready with the new one.
If you are faced with this situation; call us at Dedication Group. We have experience dealing with these situations.

Proactive Strategies To Protect Your Business

The following strategies are useful for protecting your business from having your critical business systems disabled, and for managing external providers in general:
  • Where software has been built specifically for you, especially with limited re-sale potential; obtain copies and ownership of the software source code in addition to the finished product. Recognise that there may be a non-trivial cost to obtain these files.
  • Ensure your providers use technologies for which it's easy to find replaceable resources; such as Java, .Net, PHP, and C/C++. Esoteric technologies make it difficult to slot in new technical resources quickly and cost-effectively.
  • Have specific clauses in your agreement with the provider that there will never be a terminal value of the product, and that, in the event of a wind-up of the provider; all rights to the software will transfer to your business. If you're in doubt; consult a lawyer specialising in software contracts.
  • Obtain regular backup copies of system data in non-proprietary formats; such as flat-files (TXT, XML) or common database technologies (MySQL, Sybase, SQL Server, etc).
  • Document the system functionality; both technically and from the user's perspective. This functionality can be reverse-engineered after the system has been built - but may be impossible after the system has been turned off! Also, every time a new release of the system is received; update your documentation of the system; including taking screenshots of all screens. Documenting system functionality is also a great way to lower the cost of introducing new staff to the system.

Is your business at risk of being held to ransom?