Fixing the tech without breaking the bank

In our work with universities, we see many clients with technology-related risks and financial sustainability on their strategic risk registers. Ideally, an institution with a robust risk management framework should be able to group issues across multiple strategic risks and understand dispersed risks.

In the context of financial challenge, there are multiple ways that under-investment in technology can contribute further to financial risk. The 2025-26 financial year may not bring the IT budget required to improve, replace, update or change IT systems as planned, even though these are necessary for effective service delivery, business efficiency and customer satisfaction.

The question to answer is: how can those risks be identified, managed and mitigated? How can risk professionals and IT teams work together to achieve the best (agreed) outcomes?

Here are five ways in which under-investment in IT can contribute to financial risk and how you can mitigate it without an unrealistic investment:

1. Increased maintenance costs: Outdated systems often require more frequent repairs and maintenance, which can be costly. If the IT budget does not allow for necessary improvements or updates to IT systems, these systems may become inefficient and hinder effective service delivery, business efficiency, and customer satisfaction.

Where possible, we’re seeing clients consolidate core systems to save money, and investing in maintaining remaining core technologies. For example, rather than having different room booking applications for different use cases, align business processes so that one core system can be invested in.  

2. Security risks: Outdated technologies are more vulnerable to cyber-attacks, which can lead to data breaches and financial losses. We all understand the importance of using resilient and secure platforms to ensure business continuity without disruption, but cyber security is expensive, right?

Often your best protection from cyber risks is the human firewall. Upskilling your staff is a crucial but often overlooked way to mitigate security risks. It doesn’t require a large investment in new technologies either.

3. Inefficiency and productivity loss: Older systems can slow down processes and reduce productivity. Integration can free up time for university staff to spend with students or on other value-adding tasks.

Many of our clients are not making the most of the tools they already pay for, and we’ve built automations for clients in just a few days. Institutions need to leverage the technologies they’re already paying for to alleviate the administrative burdens on their staff and allow them to spend more time supporting students and colleagues.

4. Compliance issues: Outdated technologies may not comply with current regulatory requirements, leading to fines and penalties. Information governance is always a key topic in enterprise risk and the institutions in the sector have run afoul of the ICO in the past.

There are several ways to address this risk that don’t involve huge investment. As with cyber security, training and communication for staff can be a step in the right direction, but consolidation can also help by reducing the number of systems containing sensitive commercial or personal data.

5. Missed opportunities for innovation: Risk and technology professionals share a common understanding that is really important in the discussion of risk: doing nothing is also often a bigger risk than doing something.

This is particularly the case in Higher Education where research and the expansion of knowledge is inherently about doing things that are new and breaking barriers. By not being open to new technologies institutions are going to be left behind and increase their risk of financial challenges.      

In an era where financial pressures are intensifying across the UK higher education sector, ignoring technology risk is no longer an option—but neither is spending beyond your means.

The good news is that mitigating IT-related risks doesn’t always require large-scale investments. With the right approach, universities can reduce risk exposure through smarter use of existing resources, better collaboration between IT and risk professionals, and strategic decisions that focus on efficiency, consolidation, and upskilling.

By aligning risk management practices with realistic technology strategies, institutions can safeguard service delivery, reduce inefficiencies, and maintain compliance—while also laying the groundwork for future innovation. It’s not just about fixing the tech; it’s about making it work harder, smarter, and more sustainably in a sector that can’t afford to stand still.