Inside the Shadow IT epidemic — How bad is it?

How do you measure a problem you can’t see?

That question lies at the heart of Shadow IT: the phenomenon of employees at companies across the country downloading software-as-a-service applications and cloud-based platforms without the consent or approval of their IT departments.

By all accounts, it’s pervasive. By definition, it happens in the shadows. So how do you know how pervasive it really is?

A few organizations have taken a stab at measuring the Shadow IT phenomenon across industries and companies. The numbers imply that the issue is far bigger than many of us realize. And it’s putting companies and their data at risk.


Here’s a look at Shadow IT by the numbers:

  • 40%: That’s how much IT spending is happening outside of IT departments, according to analyst firm Gartner. But that estimate varies. Some sources say the real number is closer to 30%, while others say it could be 50% or higher. Whatever statistic you believe, the percentage is expected to rise. Software consultancy ServerCentral predicts that, within the next 10 years, 90% of IT spending will take place outside the IT organization.
  • 33%: Gartner estimates that by 2020, one-third (or roughly 33%) of successful cyber attacks on enterprises will target Shadow IT resources. When software comes into an organization without any review or protocols, it essentially creates an open window into your company — an easy entrance for those looking to steal data and other critical information. As one expert wrote in Forbes: “IT organizations have guidelines on how new software is introduced to the environment. …When we bypass these procedures, we risk potential threats and attacks to the environment, increasing the potential for data loss and compromise.”
  • 90%: UK-based IT company Logicalis conducted a survey of CIOs back in 2015 and found that 90% of CIOs worldwide were bypassed “sometimes” by line-of-business in IT purchasing decisions. If that sounds bad, consider this: 31% of CIOs were bypassed “routinely”. And that was four years ago. We can only imagine those percentages have gotten worse as the number of SaaS platforms on the market has exploded since then.
  • 7%: Cyber attacks and data hacks get a lot of news coverage, but in reality, those situations don’t pose the biggest threats to businesses. Just 7% of lost organizational data is actively hacked, while 81% of it is stolen or even inadvertently disclosed. That statistic is critical in understanding the risk posed by Shadow IT: In many cases, the people who download third-party platforms don’t understand the kind of access they’ve granted to critical company information. Either they’ve opened the door for the cyber thieves to walk right through, or they’ve handed over the goods themselves — without having any idea what they’ve done.
  • 98%: Cisco has found that, on average, large enterprises use more than 1,200 cloud-based services. Of those cloud-based services, more than 98% of them are Shadow IT. When you consider how much data is at stake in a large enterprise, that’s a problem of epic proportions.
  • 51: That’s the number of cloud services CIOs think are running in their organizations. The actual number, according to Cisco, was 730. That means companies are far more vulnerable than their most senior technology executives realize.


The numbers prove Shadow IT is most definitely a problem, bringing unnecessary risk upon companies of all sizes. At the same time, it’s just bad business to restrict the ability of your team to access the transformational power of technology. So, what can you do?

There are options available to help you gauge the prevalence of Shadow IT within the walls of your organization and, in the process, eliminate the risk associated with it. A service like SaaSTrax, for instance, can audit the platforms currently in use across your company. It can help you understand how they’re working with your company’s systems and data. It can help you determine whether they are worth the continued investment. And more than anything, it can help you manage the risk.


Want to learn more about how you can take action and change the numbers around Shadow IT? Sign up for a free trial today: