SettleTop Report Finds that Only 5% of Organizations have a Dedicated Senior Software Risk Leader that Reports to Top Management

NEWBURYPORT, Massachusetts., September 26, 2024 -- SettleTop released the first edition of the annual Global State of Software Risk (GSSR) Report. The research highlights that 95% of organizations do not have a dedicated Senior Software Risk leader that reports to the senior management or board level on software risk. 

In the 2024 GSSR Report, the SettleTop Research team, along with SNL Partners, a VC firm focused on disruptive technology solutions, conducted more than 150 interviews with senior executives and mid-level professionals across a range of markets including aerospace, automotive, financial, healthcare, manufacturing and government (local, state, federal) in both the US and throughout Europe.  The report centered on the importance of software risk within an organization and across their respective software supply chain – specifically how organizations prioritize supply chain risk and their general readiness in dealing with software risk.  

Every organization is a software operation, whether directly or indirectly.  This can range from organizations developing their own software, to those simply leveraging 3rd party software tools for their operations. Software has been fundamental in driving productivity and revenues for many years.  Yet, challenges can arise when software is not properly assessed, monitored and maintained.  This creates an enormous burden on an organization to gain visibility into the ever-changing risk profile within one’s software supply chain, particularly as an organization's technology stack becomes increasingly more complex with new technologies being introduced such as artificial intelligence (AI) and machine-learning (ML) tools. Even with data breaches and ransomware events on the rise, most organizations today still prioritize revenues and capabilities over risk. 

"This year's GSSR report illustrates an increased awareness and financial impact of software risk by organizations, in light of software events such as SolarWinds and CrowdStrike, yet how this is prioritized at an organization’s management or board level is still limited," said Sunny Ahn, Co-Founder at SettleTop. "Software needs to be continuously monitored as it can have an enormous impact on an organization’s bottom line and reputation.  Identifying, tracking and managing software risk will be necessary in strengthening the security of one’s software supply chain.”

Additional key findings from the 2024 GSSR report include:

• Software risk isn’t a corporate-level priority, yet. Culture change is required. For many organizations, software risk is still viewed as a cost center – it can be complex, expensive and extremely time-consuming to manage.  72% of participants agree corporate culture must change in order for an organization to prioritize software risk – this requires top leadership commitment.

• Context matters when it comes to risk management – there is no ‘silver bullet’ solution.  The mission of an organization will dictate how risk is defined and should be managed.  There is no ‘silver bullet’ solution that solves for software risk.  75% of participants agree that software risk requires a combination of organization’s context + technology + human expertise + policy to be effective.

• Software Risk is a journey - often starts at a program level, then business unit, and eventually across the organization.  Most organizations have incorporated some form of software risk analysis, particularly at a program or project level.  Many large commercial organizations have already incorporated Open-Source Program Offices.

• AI is the next great opportunity and threat to organizations. 65% of participants believe that AI is the next biggest risk area for organizations moving forward… many do not have policies or procedures internally on how to deal with AI. 

To learn more about the 2024 Global State of Software Risk (GSSR) Report, download a copy of the report here.

About SettleTop
SettleTop is a Software Risk Intelligence company provide visibility into a software supply chain.  The Company’s products are focused on identifying, tracking and managing software risk for commercial and government organizations.  SettleTop's SBOM (Software Bill of Materials) Vendor Management Solution provides simple baseline views of 3rd party software vendor's SBOMs on compliance and risk. Learn more at www.settletop.com.