We think there’s a dire need for more clarity in our industry. Too many IT leaders simply don’t know what’s going on in their environment. Whether it’s outdated ITAM practices or inadequate security coverage, this lack of vision is creating risk. It’s also costing the business and slowing the journey to next-generation solutions such as Copilot for Microsoft 365.
This isn’t just our opinion. We have the research to prove it.
Introducing Block 64’s Benchmarks for CIOs reports
For 12 years, we’ve used data to improve ITAM, security and modern IT outcomes for our customers. Recently, we decided to run an experiment. In April of 2024, we assembled all the data gathered in the previous four weeks from 351 North American businesses. This anonymized data set provides a solid sample of today’s technological landscape. It includes granular details and usage metrics from 250,165 end points.
In brief, this research serves as a wake-up call. It confirms our suspicions that most IT organizations need to close gaps across security, ITAM, SAM and modern workplace. Doing so won’t just prevent catastrophe. It will unleash the full potential of their business and people.
We’ve organized our findings into four sections below, starting with the most sobering: security.
Security: Most Businesses Are Critically Exposed
Although IT leaders in 2024 might say they take security seriously, our data paints a different picture. From widespread critical vulnerabilities to outdated operational software, businesses are dangerously close to suffering a major, disruptive hack. Here’s why:
- 1 in 4 endpoints are exposed to critical vulnerabilities: Our analysis reveals a disturbing fact: approximately 1 in 4 endpoints operate with a vulnerability score above 9 out of 10 on the Common Vulnerability Scoring System (CVSS). To clarify, a CVSS grade of 9 or above indicates critical urgency for remediation due to the potential for exploitable weaknesses. Our benchmarks show that 22% of endpoints have at least one such vulnerability. Worse, this issue affects 74% of all businesses surveyed.
- Half of critical Windows and SQL server installs are unsupported: The study revealed that half of IT servers are running unsupported mission-critical software like SQL and Windows Server. By the numbers, we found 48% of organizations running unsupported SQL and 58% running unsupported Windows Server versions. On an end point basis, 22% of SQL server installs, and 19% of all Windows Server installs are unsupported. Running these outdated products significantly increases the risk of security vulnerabilities and compliance issues, potentially leading to data breaches and operational disruptions.
- 57% of businesses have antivirus gaps: While only 1.25% of endpoints are missing antivirus software, the ramifications are disproportionate. This ostensibly small figure represents a significant security gamble, as it only takes a single compromised device to become a gateway for malicious actors. When you consider this from an organizational perspective, 57% of businesses have had least one endpoint that is unprotected by antivirus solutions, underlining a widespread security oversight across North America.
ITAM: IT Leaders Are Overpaying for Compute & Ignoring End User Needs
In today’s hybrid landscape, your productivity relies on having high-performance, low-maintenance work devices. As economic conditions demand smarter spending, there’s no excuse for unnecessary infrastructure costs. Yet, our data shows failing grades on both fronts. Employees are straddled with devices that are unfit for modern needs. Meanwhile, IT is significantly over-spending on compute, along with all the operational expenses that come with it.
- 44% devices are out of warranty: Our data depicts an IT landscape where 44% of endpoints are used beyond warranty. This suggests a widespread deficiency in lifecycle management. Indeed, 100% of all business surveyed was running at least one such out-of-warranty device. Such a scenario sets the stage for potential disruptions that proactive hardware refresh plans could avert.
- 9 in 10 servers use less than 25% of available resources: The Benchmarks data also revealed a pattern of underutilization, with 92% of all servers using less than a quarter of capacity for CPU or RAM. From an organizational perspective, 62% of North American businesses had at least one server that was severely underutilizing resources. This indicates an overprovisioning issue and hints at potential savings if IT environments were right-sized. These findings reveal an opportunity to explore cloud, virtualization, or hybrid solutions to increase efficiency and reduce costs related to power, cooling, and unused space.
SAM: Subscription Shifts Pose Challenges
There’s always a lot of disruption in the software asset management (SAM) world. Major publishers frequently make big changes to pricing and licensing models. Just how much these changes will cost your business, and what you should do about it, isn’t always so clear.
Our Benchmarks report underlines the need for businesses to get on top of two major recent licensing adjustments from VMware and Oracle. Here’s why:
- VMware’s new licensing will have wide-spread impact: Shortly before Broadcom finalized its acquisition of VMware, VMware announced it would end perpetual licensing. This change took effect in December 2023. Now, VMware products are available exclusively through a subscription model. Analysts say this shift could potentially double the costs for businesses compared to previous licensing agreements. According to our data, more than 80% of virtual endpoints are running on VMware. Fifty percent of all customers (or, 177 total) are running VMware as their primary virtual technology. Especially for those businesses, it’s time to understand exposure to price increases – and build an optimized plan forward.
Related: Read our guide to VMware licensing changes.
- 63% of businesses face Java licensing risk: Oracle’s Java licensing saw a significant shift in January 2023, moving from a processor-based to a per-employee licensing model for Java Standard Edition (SE). Companies, especially those with extensive employee bases but minimal Java utilization per employee, could see their expenses surge, potentially by up to 90%.Our research shows that 63% of customers reviewed had a commercial version of Java installed. Add to that Gartner’s estimate that 1 in 5 organizations will face down an Oracle audit by 2026 and the call to action is clear. Businesses must clarify their current Java position and make plans to avoid unnecessary risk.
Related: Read our Oracle Java licensing guide
Generative AI: Get Ready for Copilot Before You Dive In
The excitement around Copilot for Microsoft 365 isn’t just hype. Business leaders see these tools as a chance to bolster productivity and stay competitive. But that doesn’t mean all organizations are ready to dive in and start experimenting today. Our research reveals businesses have to focus first on clarifying their licensing position, crafting clear use cases and standardizing usage of Microsoft 365 tools. Here’s why:
- Most Microsoft 365 users aren’t using everything they own: Microsoft 365’s penetration is extensive, yet usage rates for the suite are potentially too low, with less than 30% of users leveraging the full suite of tools. For example, of the 238,224 Microsoft 365 users we surveyed, 41% were not using Teams and 29% were not using Outlook. This underutilization signals a potential challenge for integrating new solutions like Copilot —especially if investing in such premium add-ons doesn’t translate to actual usage. As we have been saying, encouraging widespread engagement with existing M365 applications is crucial to capitalize on investments in emerging technologies effectively.
Related: Read our guide to getting ready for M365 Copilot adoption, or take a look at our free Copilot readiness assessment.
- Most businesses still have on-premise Office: On the same topic, 68.4% of businesses persist with on-prem Office installations, suggesting a possible dint to efficiency and flexibility. Moving to cloud services like Microsoft 365 could offer significant cost savings and productivity enhancements, especially as on-prem versions age and miss out on the latest features.
Where do CIOs go from here?
These Benchmarks for CIOs offer a sobering overview of the IT status quo, emphasizing the urgency for strategic action in a number of areas. From security, to ITAM, SAM and modern workplace, there is plenty of work to do. Today.
We see a precarious security landscape with one in four endpoints presenting critical vulnerabilities. Significant underutilization of hardware is evident, with 92% of servers operating at less than 25% of their total capacities. The transition to subscription-based software also presents hurdles, as 63% of businesses are entangled in Java licenses that could lead to severe financial penalties. Finally, readiness for generative AI technologies, such as Copilot for Microsoft 365, might be lacking. Only 30% of businesses using Microsoft 365 are maximizing the platform’s capabilities, signaling a need for further adaptation and integration efforts to leverage these advanced tools effectively.
Here’s the good news: Fixing all these issues starts simply by gaining a clear picture – and custom, actionable insights for what is at risk and what you should do. And that’s exactly what the Block 64 Insights & Analytics platform offers you and your technology partner. To find out more and request a free trial, please visit Block64.com.
Subscribe to our newsletter on LinkedIn
Thought this was interesting? There’s plenty more research, news and advice for IT professionals on our LinkedIn newsletter. Sign up today.