The cost of using unlicensed software

Findings in Software Management: Security Imperative, Business Opportunity, the 2018 Global Software Survey from BSA | The Software Alliance, complement the results of Microsoft's recent Asia PC Test Purchase Sweep, which showed that as many as four in five PCs (83%) come with pirated software.

Tarun Sawney, Senior Director – Asia Pacific, BSA, noted that unlicensed software continues to be widespread. Unlicensed software accounts for 37% of software installed on personal computers globally – a 2% drop from 2016. The commercial value of unlicensed software remains significant though it dropped 8% in constant currency, at US$46.3 billion globally.

While unlicensed software is a selling point for various merchants around the world, the BSA says that malware from unlicensed software costs companies worldwide nearly US$359 billion a year, and that CIOs say avoiding data hacks and other security threats from malware is the No. 1 reason for ensuring their networks are fully licensed. On the flip side, companies which implement a software asset management (SAM) and software license optimisation programme can increase profits by as much as 11% and save up to 30% in annual software costs.

Source: 2018 Global Software Survey from BSA. Rates of unlicensed software installation in the Asia Pacific region for 2017.

Sawney also shared that the Asia Pacific region has the world’s highest percentage rate of unlicensed software use and greatest amount of dollar losses. More than half (57%) of all software is unlicensed in the region. The commercial value of unlicensed software in this region fell to US$16.4 billion, compared to US$19.1 billion in 2015, but remains the highest in the world.

Within the region:

▪ Bangladesh has the highest rate of unlicensed software use at 84%, followed by Indonesia and Pakistan, both at 83%

▪ Japan and New Zealand, both at 16%, and Australia with 18%, have the lowest rates of unlicensed software use. All three economies registered a 2% decrease, which can be partly attributed to the growing use of the cloud and software subscription services among enterprises

▪ All Asia Pacific economies surveyed had showed a decline in the rate of unlicensed software use with China and Vietnam registering the biggest drops. China decreased its rate from 70% in 2015 to 66% in 2017, and Vietnam went from 78% in 2015 to 74% in 2017.

▪ Significant decreases in shipments (-22%) and installed base (down 17%) in Hong Kong and Singapore (-13% and -12% respectively) helped intellectual property protection efforts in both these economies

According to the survey, a decline in both enterprise PC shipments and the PC installed base, and a drop in the consumer share of PC shipments across many economies in the region, have influenced the statistics. Other factors include increased enforcement and legalisation efforts by governments in Asia Pacific, and an increase in the use of software-as-a-service (SaaS, or cloud) subscription models.  

Sawney introduces the BSA at Microsoft's Digital Trust Asia event in Singapore.

In the Middle East and Africa, unlicensed software rates are just behind that in Asia Pacific at 56%, but with the software valued at just over US$3 billion. In Yemen 88% of software is unlicensed, while in Iraq that figure is 85%.

Source: 2018 Global Software Survey from BSA. Rates of unlicensed software installation in the Middle East and Africa region for 2017.

Sawney explained that rates are falling partly because companies are more more aware of the risks now. There is a high correlation of 0.78 between unlicensed software and malware encounters in each country, the IDC study has found. The economic costs of addressing malware attacks are now at US$10,000 per infected PC in enterprises worldwide, he added.

"CIOs recognise the link between malware and unlicensed software. Previously they couldn't be bothered," he said.

Another reason could be legal consequences. He lauded China for opening courts dedicated to intellectual property cases, making those infringing software licences much more accountable. "In China these courts are making laws that is good IP law. Based on the decisions that they are making they are very effective. For the 1^st time we are seeing decisions that are consistent," he explained.

"Previously nothing happened, now you will be found out. There was a legitimate threat to them for using unlicensed software, not a cybersecurity threat, more of a legal threat."

Many factors have to come together to create the right environment for enforcement, he added. The legal system must move forward at the same rate as technology, and there have to be people specialised in intellectual property law, he said. In addition, courts have to have enough capacity to actually hear each case.

Explore:

The 2018 BSA Global Software Survey was released in June 2018. Download the report (PDF)

Read the WorkSmart Asia blog post about the PC Test Purchase Sweep

*BSA’s Global Software Survey, conducted in partnership with IDC, estimates the volume and value of unlicensed software installed on personal computers in 2017, across more than 110 national and regional economies. It also reveals key attitudes and behaviours related to software licensing, intellectual property, and emerging technologies based on a global survey of more than 20,000 respondents and nearly 23,000 responses from consumers, employees, and CIOs.

Singapore police raid local computer vendor, find counterfeit Microsoft software

Microsoft has called on consumers and small businesses to be wary of the unintentional purchase and use of counterfeit software. This advisory was issued following a raid of a computer vendor located at Kembangan Plaza yesterday by the Intellectual Property Rights Branch (IPRB) of the Singapore Police Force. 

It is understood that the company operating at the shop had advertised the sale of unauthorised “Microsoft license keys”, claiming they were genuine. Customers could also purchase branded computers and laptops bundled with counterfeit software at highly discounted prices via an online store. These computers were sold with fake Certificates of Authenticity that could mislead customers into believing the software installed were genuine.

During the raid, the authorities also seized 43 units of laptops installed with suspected counterfeit copies of Windows 7 Pro and Office Enterprise 2007 and affixed with fake Certificates of Authenticity. The total commercial value of the seized goods is estimated at S$80,000. The Lenovo, Dell and HP laptops seized are believed to be originally preinstalled with DOS operating systems.

Pirated software often leads to increased security risks and threats from malware and viruses. Honest computer vendors are also put to a disadvantage as they are unable to compete with dealers offering counterfeit software that are often lower in cost. In this case, Microsoft was alerted by a concerned computer vendor when their customer demanded a refund of a genuine copy of software he bought because he claimed the same software was sold by the raided vendor at a cheaper price.

Roland Chan, Senior Director, Compliance Programs – Asia-Pacific, BSA | The Software Alliance (BSA) said, ”Most people do not know what is installed on their systems, and that needs to change. While Singapore has one of the lowest rates of unlicensed software use in the Asia-Pacific region, it is still important for both consumers and businesses to be vigilant in view of the security and malware risk counterfeit software potentially brings. 

"According to our BSA Global Software Survey, the risk of security threats from malware is the chief reason why computer users around the world avoid the use of unlicensed software. Among the risks associated with this, 64% of users cited unauthorised access by hackers as a top concern and 59% cited the loss of data. Consumers and business should actively take steps to prevent the potential risks at hand and to protect themselves from unwanted exposure to potential loss of privacy and data.”

Singapore has one of the most stringent copyright laws in the world. Offenders, if found guilty in the court of law for the manufacture for sale, sale of infringing copies and possession or importation of infringing copies, are liable to a fine not exceeding S$10,000 for each infringing copy, up to a total of S$100,000 per charge, or imprisonment for up to five years. Offenders may also be liable to both a fine and imprisonment if found guilty.

The recent raid was one of several that has been conducted by the authorities in recent months. In September this year, a 20-year-old man pleaded guilty and was fined S$20,000 for selling unauthorised software products or license keys in several local online websites, the maximum fine under the Copyright Act for a first-time offender.

Jonathan Selvasegaram, Corporate Attorney at the Microsoft Digital Crimes Unit (DCU) said, “Software piracy is a major concern for everyone, because of the damage it could cause for unsuspecting users. Such software could expose computers to spyware, malware and viruses that can lead to identity theft, loss of personal data, and unexpected system failures. The risk is very real as this has dangerous repercussions, especially for businesses where operational disruptions caused by malware and viruses could potentially lead to heavy financial losses for them. 

"In fact, a quick anti-malware scan on a new branded laptop purchased earlier from the raided vendor revealed that it contained adware. While good adware can enable you to enjoy apps for free, bad adware can turn your system into a zombie computer that is part of a botnet and is sending out spam, phishing emails, and even attacking other computers. The DCU team hopes to be able to examine the computers seized by the Police in greater detail once the case is over.

Selvasegaram made the remarks in reference to a joint study conducted by International Data Corporation (IDC) and the National University of Singapore (NUS) released in March this year which found that enterprises in Asia Pacific (APAC) are expected to spend nearly US$230 billion to deal with issues caused by malware deliberately loaded onto pirated software. Breaking this down further, the majority of the cost (US$170 billion) will go into dealing with data breaches, while the remainder will be utilised to deal with security issues. 

The study, titled The Link Between Pirated Software and Cybersecurity Breaches, also revealed that 65% of APAC consumers surveyed said their greatest fear from infected software is the loss of data, files or personal information, followed by unauthorised Internet transactions (48%) and potential identity theft (47%).

According to the study, government officials also expressed concern about the potential impact of cybersecurity threats to their nations. The survey outlined that APAC governments are most worried about the unauthorised access to confidential government information (57%), the impact of cyberattacks on critical infrastructure (56%), and the loss of business trade secrets or competitive information (55%). It is estimated that governments worldwide could lose more than US$50 billion to deal with the costs associated with malware on pirated software.

Microsoft reminds buyers and retailers to ensure they obtain their software products only from trusted vendors and local authorised sources. To guard against the unintentional purchase and use of counterfeit software and to find out how to verify the origin of Microsoft products, consumers can visit this Microsoft website.

Six in 10 software installations in APAC are unlicensed

The rate at which PC software was installed without proper licensing in Asia Pacific was 62% percent in 2013, the highest such rate across the world, and amounting to US$21 billion in lost revenues, says the BSA Global Software Survey. 

In the Middle East and Africa, the percentage was 59%, compared to 60% in Central and Eastern Europe and 59% in Latin America. North America scored 19%, Western Europe 29%, to arrive at a global average of 43%.

The chief reason computer users around the world cite for not using unlicensed software is avoiding security threats from malware, says the BSA. Sixty-four percent of users globally fear unauthorised access by hackers as their top concern and 59% cited loss of data. 

While IT managers around the world did express concern that unlicensed software may cause harm, fewer than half say they are 'very confident' that their company’s software is properly licensed. Only 35% of companies have written policies in place requiring use of properly licensed software, BSA found.

“Users realise that unlicensed software can introduce malware and leave them vulnerable to hacker intrusion and data loss, yet many fail to do anything to protect themselves or their organisations. Given that the global cybersecurity threat environment has been worsening, this lack of attention to software compliance is deeply worrying,” said Roland Chan, BSA Senior Director of Compliance Programs, Asia Pacific.

According to a recent report from the Economist Intelligence Unit, more than 75% of organisations suffered a security incident in the past two years that caused major system disruptions or resulted in loss or theft of sensitive data. BSA member Symantec labeled 2013 the “Year of the Mega Breach” and noted that there was a 62% increase in the total number of data breaches from the previous year, with eight of the breaches that occurred exposing more than 10 million identities each.

“To prevail, organisations must manage and optimise their software assets properly to derive the greatest possible value from them,” added Chan.

Among the findings in BSA’s Global Software Survey: 

• Most economies in the Asia Pacific region made some progress, including China, where 74% of PC software was installed without proper licensing in 2013, down from 77% in 2011. 
• The aggregate rate of unlicensed installations in the region rose, as the biggest and fastest-growing markets were those where the rates of unlicensed software use were significantly above the regional mean; their size drove an increase in the average for the region as a whole. 
• In the Middle East and Africa, the regional rate rose to 59% percent in 2013 against 58% in 2011, with a similar dynamic to that in Asia-Pacific. 
• Yemen scored the worst with 87% of software installations in 2013 being unlicensed, and UAE had the lowest score of 36%. Paradoxically, the value of the software concerned amounted to US$9 million in Yemen, but US$230 million in the UAE, pointing to a widely different mix of software in use in both countries. Turkey however had the most unlicensed software downloaded in terms of commercial value for the Middle East and Africa region - US$504 million in 2013.
• The pattern was similar for Japan, which scored the lowest at 19% of software installations being unlicensed, against Bangladesh being the worst offender at a rate of 87% of software installations being unlicensed. The commercial value of the unlicensed software amounted to US$197 million in Bangladesh, and in Japan, US$1.3 billion. The value of unlicensed software for 2013 was highest in China for Asia Pacific, coming to nearly US$8.8 billion.

BSA’s Global Software Survey is available here. Real-time threat attempts can be viewed here.

*Graphs from BSA.