A Guide to Successful Cyber Security and IT Projects & Why They Fail

The rate of cyber security and IT project failures is astounding. One recent publication by APE PM highlighted that 75% of business and IT executives think their software projects will fail despite one in six IT projects having an average cost overrun of 200%. And that’s only software projects – McKinsey stated that 70% of digital transformation projects fail to meet the anticipated goals and also reported that 17% of large IT projects go so terribly askew, that they threaten the company’s existence.

They’re not a complete failure (a percentage are), but they’re still falling short of the desired outcome.

With all that in mind (and more statistics to come), what’s causing so many cyber security and IT projects to fail? Read on to find out.

CONTENTS

1. An Introduction to IT Project Failures
2. Lack of Clear Objectives
3. Unrealistic Schedules
4. Lack of Resources and Budget Allocation
5. Poor Project Management
6. Stakeholder Disengagement
7. Frequent Changes in Requirements
8. Inadequate Risk Management
9. Poor Testing and Quality Assurance
10. Communication
11. Continuous Improvement and Learning

An Introduction to IT Project Failures

More statistics, as promised. One report by the International Data Corporation showed that 25% of IT projects fail, with large enterprises investing, on average, £60,000 to over £400,000 on IT projects. Then you have the 50% of projects that needed rework and further investment and the 20-25% which didn’t provide a return on investment.

That was in 2009 – we’re in 2024, and Gartner continues to show us how epic of a failure cyber security and IT projects can be, with one of Gartner’s latest publications highlighting that an overwhelming 80% of IT projects are considered failures by the business. With all that in mind, it’s no surprise that the cost of these failings is just as eye-watering. A 2020 study by independent IT consultancy 6point6 found that the total cost of unsuccessful project development was an estimated £37 billion.

Let’s move on to the causes.

Lack of Clear Objectives

A disconnect in objectives is one of the central reasons for IT projects to fail. Poor ideas can easily fall apart without the right direction. Unclear objectives increase the diversity of interpretations regarding what’s achievable for a project. That’s generally illustrated by the tree-swing analogy, where various stakeholders, sponsors, executives, and IT professionals have diverging views of good versus bad outcomes from a project. Fill a room with ten people, and we guarantee most of the room will have different opinions about specific project outcomes.

Solution: Clear, measurable goals must be present from the outset. Project managers can use the SMART criteria (specific, measurable, achievable, relevant, and time-bound). All designs should be with the run in mind, whether it’s running the services in-house or outsourcing. Check-in with these weekly to ensure everyone is on the same page throughout the lifecycle of a project.

There’s a few things we don’t recommend:

• Self-constructed solutions
• Using the “shopping list approach”
• Misaligned project goals

There’s a few things we do recommend:

• Clear governance
• Designing goals around what it takes to run critical services
• Generate a secure built-in design

Unrealistic Schedules

One of the most common mistakes with schedules is making them unrealistic. One study by the Standish Group found that less than a third of all projects finish on time, and most businesses think capturing time/costs against projects is their most substantial project management challenge.

To meet business demands or because the planning was too optimistic, in many cases, projects are squeezed into short timelines. That can result in team members burning out and cutting corners, which results in project delays. A report by the Project Management Institute (PMI) found that unrealistic timelines are responsible for a large portion of all failed projects.

Solution: Realistic scheduling is essential. Account for all variables like resource availability, potential risks, and external dependencies. Use professional services tailored to successful IT projects with expertise in managing full-scale IT projects. Base timelines on reality and adjust feature and service timelines as necessary. This in-built buffer for unexpected delays and weekly (or more frequent) checks on project milestones can keep schedules on track.

Lack of Resources and Budget Allocation

It is next to impossible for an initiative to succeed without the correct resources and budget. Part of the reasons for the 25% of failures reported by the International Data Corporation (IDC) were blamed, in part, on resource constraints.

Lack of funding or resources and transparency about the project scope and potential cost implications could cause a project to be delayed, less rigorously carried out, and eventually not meet its objectives. Businesses should also consider the cost implications of an ageing infrastructure, leading to security risks, threatened data integrity, and a lack of flexibility with newer technology that makes a lack of resources and budget allocation obsolete. Sometimes it’s not even about finding more money, it’s about optimising current spending for new initiatives and ,in turn, and updating ageing IT infrastructures with the necessary upgrades for successful IT project implementation.

Solution: Make sure projects are properly resourced. Before starting the project, perform an in-depth resource and budget evaluation and monitor the provision of resources consistently. Remember the statistic that IT projects go over budget by 200%, partly because of poor planning. Cost management also comes into play. That involves:

• Planning resources
• Estimating the cost of resources
• Considering the entire project budget
• Controlling the costs

Poor Project Management

Project management is the key to the success of any IT project. Scope creep, missed deadlines, and poor-quality deliverables are just a few common issues that plague your project in the absence of skilled project managers. A published article by CIO highlighted how a massive problem is poor project management that leads to IT professionals taking on work they don’t have expertise in because there’s no one else to do it. The result then feeds into missing schedule deadlines, poor project execution, and budget issues.

A study by Floowi found that leveraging trained project managers was linked to markedly better productivity by reducing duplication and keeping projects on target.

Solution: Provide professional project managers or at least project management training – a study by Floowi found that leveraging trained project managers was linked to markedly better productivity by reducing duplication and keeping projects on target. Introduce a strong project management framework or utilise IT project management services to build strong foundations with expertise that’ll generate a cohesive and collaborative project that’s easier to implement across the IT infrastructure. Guided by expertise and tools like project management software makes it easier to track progress, manage resources, and keep to schedules.

Stakeholder Disengagement

Stakeholder disengagement is a common issue in project failure. It’s consistently cited as one of the biggest frustrations, with over 33% of projects failing due to a complete lack of senior-level involvement. And don’t get us started on a lack of communication from stakeholders. While not specifically related to IT projects but rather business projects in general, people account for 80% of the factors contributing to a project’s failures.

Stakeholders often don’t participate and, therefore, may not see the projects until it’s too late, and they ask for unrealistic changes, resulting in budget and schedule overruns. These stakeholders must be part of the project.

Solution: Involve stakeholders from the start and keep them informed throughout the project. Identify key stakeholders and how you will need to manage them. We’d advise applying some stakeholder management techniques for reinforced engagement. Frequent reporting, meetings, and checkpoints ensure the stakeholders are up to date.

Frequent Changes in Requirements

The requirements of a project are one of the highest factors that can lead to disruption in even the most thought-out and planned projects. These changes may cause cost inflation, timeline delays, or additional complexity.

Solution: Set a change management process in place to manage changes effectively. Evaluate all changes on a change control board and let them have approval to fit well with the project goals without disrupting or derailing the plan. Clear processes for changes can also help set the correct expectations and ensure all parties are on a firm footing regarding what sorts of adjustments might also be approved or when.

Inadequate Risk Management

Risk is everywhere in any project – one study by KPMG found that 23% of IT projects fail because of a lack of risk management and 30% because of undefined risks or identification of opportunities. It’s essential to be aware of your risk profile which includes threats your business could be exposed to, using an evidence-based approach to improve cyber resilience and IT project outcomes.

Inadequate risk management will lead to unintended problems that delay and overrun the project costs. The Project Management Institute Pulse of the Profession report emphasises risk management as an essential element of successful project delivery.

Solution: Develop an advanced risk management plan and use a risk-based approach. Detectable risks and building countermeasures are essential. Ensure it is updated as needed for systematic risk management. Risk assessments are intended to prepare because – at the end of testing models or projects – flaws will emerge and likely drop on top of us. There’s an almost 0% chance a project will finish without additional risk identification and necessary resolution.

Poor Testing and Quality Assurance

We wouldn’t say this one is as common – we’re in 2024, and surely all cyber security and IT partners are running projects with testing and quality insurance. We’d say the issue is more failing to rigorously test and quality assure. Technically an IT/AI project, Google recently released its long-awaited AI Overviews project with an epic fail – they were biassed and outright inappropriate AI responses resulted from a lack of robust testing on the system mimicking millions of inputs.

A lack of thorough testing accounting for all possibilities can lead to your product not meeting user expectations and even critical failures. It can easily result in an expensive rework and even reputational damage for the organisation. In the Capgemini World Quality Report, it is revealed that testing is one of the leading causes of project failures due to inadequate or poor quality control measures.

Solution: Plan time and resources for adequate testing and QA. Leverage automated test tools where possible for increased efficiency and accuracy. Include testing as part of the project timeline, not an afterthought. Quality assurance reviews and user acceptance testing should ensure that the ultimate deliverable meets these specifications.

Communication

Good communication is essential for successful IT projects. In failed projects, poor communication could easily result in misunderstandings that fuel the misalignment of objectives and ultimately contribute to missed deadlines. According to the study published by the Project Management Institute, 1 out of every 3 project failures lack communication at the core of the problem.

Solution: Encourage your project team to communicate openly. Leverage collaboration tools like Slack to enable information sharing and keep everyone up-to-date. Have frequent check-in meetings to review (like we suggested in previous sections), discuss issues, and ensure everyone is on the same page.

Continuous Improvement and Learning

Successful projects adopt the attitude of always learning and improving. Retrospectives are essential – they help organisations recognise patterns and common challenges, allowing for optimised best practices so the same issues can be avoided in future projects.

Solution: Have post-project debriefs to see what worked well and what could have been done differently. Keep information about downfalls and successes to apply it to future project plans.

The list of reasons why cyber security and IT projects fail seems extensive, doesn’t it? It’s insane to try and comprehend how much money and reputation are sacrificed by a simple lack of oversight in most cases.