With Halloween just around the corner, the real frights are already here for IT leaders. A new study of 500 ITAM and SAM professionals across six continents has uncovered some genuinely alarming trends, the kind that keep CIOs and IT directors up at night.
Conducted by the ITAM Forum and Azul, this research paints a stark picture of organizations struggling with software licensing compliance, bleeding budget on preventable costs, and scrambling to maintain control of their IT estates. Here are the most stunning findings that demand immediate attention.
1. The Half-Million-Dollar Compliance Problem
27% of organizations spend more than $500,000 annually resolving licensing issues.
This isn't just about buying additional licenses. These costs include audit penalties, emergency procurement, legal fees, and countless hours of staff time spent firefighting compliance gaps. For many mid-market organizations, this represents a significant chunk of their entire IT budget, money that could be driving innovation instead of covering preventable mistakes.
Even more concerning: 54% spend over $100,000 per year on these issues. When you factor in the fully-loaded costs, including operational disruption, reputational damage, and opportunity cost, the real impact is far higher.
2. Compliance Is the Top Challenge (And It's Not Getting Easier)
37% cite license compliance as their number one issue in managing software licenses.
This isn't surprising when you consider the complexity of modern IT estates. Organizations are tracking software across hybrid environments (on-premises, multiple clouds, and remote workers), while vendors constantly change their licensing terms. The result? Even well-resourced IT teams struggle to maintain an accurate picture of what they have, what they're using, and whether they're compliant.
The complexity shows: 29% report difficulty tracking license usage across different environments, and 25% struggle with complex licensing metrics like per-core or per-user models. When you can't see your full picture, you can't protect yourself.
Modern organizations need unified IT visibility across their entire IT stack, covering software, SaaS, cloud, and entitlements, to eliminate blind spots that lead to costly compliance gaps.
3. Organizations Are Auditing Themselves to Death
81% perform software audits at least twice a year. 25% audit continuously.
The frequency of audits reflects the high stakes of non-compliance. But this constant state of audit readiness takes a serious toll. Organizations report that audits disrupt daily operations, consume significant staff time, and require cross-departmental coordination that pulls resources away from strategic initiatives.
This finding aligns with our recent research on the software audit surge, which found that 62% of companies faced vendor audits in 2024. The audit burden is only intensifying.
The challenges don't stop there:
- 26% struggle to maintain accurate software usage records
- 23% face ambiguity in licensing terms and conditions
- 23% cite limited internal resources to manage compliance effectively
- 23% report disruption to day-to-day operations
When a quarter of your team is constantly preparing for or conducting audits, you're not driving innovation. You're just trying to stay compliant. Continuous compliance monitoring automates this burden, freeing teams to focus on strategic work.
4. The Oracle Java Audit Situation
73% have experienced an Oracle Java audit within the last three years.
This statistic alone should alarm any IT leader using Oracle Java. Nearly three-quarters of organizations have been audited, and given Oracle's aggressive enforcement of its new employee-based pricing model (introduced in January 2023), these audits often result in substantial unexpected costs.
As we explored in our recent post on major software licensing changes in 2026, vendor licensing shifts like Oracle's are creating massive disruption across the IT landscape.
What makes this particularly risky: Java is deeply embedded in business-critical applications across virtually every enterprise. You can't just rip it out overnight. Yet 96% of organizations express at least some level of concern about Oracle's pricing and licensing policies, and only 4% are "not at all concerned."
The market has responded decisively: 79% of organizations have either already migrated off Oracle Java, are actively doing so, or are planning to. This represents a massive shift away from a vendor that once dominated the enterprise Java market.
5. Managing Audits In-House (Without the Resources to Do It Well)
Three-quarters of organizations manage license discovery and software audits primarily or entirely in-house, yet they lack the tools and resources to do it effectively.
This finding reveals a dangerous gap between responsibility and capability. Organizations are trying to manage complex, high-stakes compliance processes internally, but they're hamstrung by:
- Poor team alignment (27% cite difficulty aligning IT, development, legal, and procurement teams)
- Lack of automated tracking tools (21%)
- Insufficient internal resources (24%)
- Ambiguous licensing terms they struggle to interpret (23%)
The result? Organizations are exposed to compliance risk despite their best efforts. Not because they aren't trying, but because they're under-resourced for the complexity of the task.
6. Security Risks Lurk in Unpatched and Unsupported Software
The ITAM study found that 40% of ITAM/SAM professionals report that their activities support security initiatives by identifying software that is no longer supported and needs to be patched or updated.
Organizations struggle to track which software versions are running across their estate, leaving them exposed to known vulnerabilities in outdated or end-of-life software. When you lack visibility into your software inventory, you can't identify security risks until they've already become incidents.
This challenge is even more severe than many realize. Our own research found that 74% of endpoints have at least one critical vulnerability (CVSS 9.0+), vulnerabilities severe enough to warrant immediate attention. Yet many organizations don't even know about them until it's too late.
ITAM and SAM professionals are increasingly involved in security initiatives, with 44% engaged in cloud security monitoring and 41% identifying vulnerabilities. But here's the problem: most security tools are reactive, alerting only after a threat is detected. By then, attackers may already be close.
Organizations need proactive security with upstream visibility—catching vulnerabilities at the discovery layer before they become incidents. Without it, you're always playing defense.
7. The Hidden Costs Go Beyond Money
While the financial impact of poor software asset management is staggering, the operational costs are equally damaging:
- Over 30% report unexpected budget impacts from audits
- More than 30% experience disruption of operations across the entire organization
- Projects get stalled, vendor relationships become more challenging, and teams are forced to shift from strategic work to compliance firefighting
When your development teams, IT staff, legal department, and procurement team are all pulled into resolving licensing issues, the opportunity cost is immense. Those are hours that should be spent building better products, improving customer experiences, and driving competitive advantage.
As we noted in our analysis of how much IT leaders waste on cloud, SaaS, and hardware budgets, the true cost of poor visibility and inefficient asset management extends far beyond the line items on your budget.
What This Means for IT Leaders
These findings aren't just statistics. They're warning signs that your organization may be more exposed than you realize. The combination of rising software costs, increasing compliance complexity, frequent audits, and critical security vulnerabilities creates a perfect storm of risk.
The path forward requires three things:
- Visibility: You cannot manage what you cannot see. Real-time, automated asset tracking across your entire estate—on-premises, cloud, and hybrid—is no longer optional. Unified IT visibility gives you the complete picture you need.
- Expertise: Whether you build internal ITAM/SAM capabilities or partner with experts who live and breathe software compliance, you need specialized knowledge to navigate today's licensing landscape. Block 64's ITAM platform is purpose-built for mid-market organizations that need enterprise-grade visibility without enterprise complexity.
- Strategic Action: Particularly for Oracle Java users, the time to act is now. With 96% expressing concern about Oracle's pricing and licensing, and two-thirds estimating 40%+ savings with open-source alternatives, migration should be a strategic priority.
The organizations that will thrive are those that treat software asset management not as a back-office compliance function, but as a strategic capability that protects the business, optimizes costs, and enables innovation.
The question isn't whether you can afford to invest in better ITAM and SAM practices. It's whether you can afford not to.
Want to learn how Block 64 helps organizations gain complete visibility across software, SaaS, cloud, and entitlements, eliminating blind spots and reducing waste by up to 30%? Get your first insight in 15 minutes with our free trial.