Almost half of FTSE350 companies have no software escrow agreements in place, a study has shown.
That is despite the fact that the lack software availability presents a high risk for these companies, which include some of the largest and most highly regulated in the UK.
Escrow agreements ensure companies will have access to vital source code if software suppliers go out of business, get acquired or face legal disputes, but 46% of FTSE350 companies are unprotected, according to research by NCC Group.
Software validation and escrow ensure organisations can continue to maintain and support essential software applications in the long term by storing application source code with an independent third party.
This form of protection allows the user to legally redeploy software in the event that the original supplier is no longer able to provide it.
Although 54% of FTSE350 companies have escrow agreements, most protect only a small percentage of their business-critical software, the study found.
In contrast, most FTSE100 companies recognise the importance of escrow from an audit, compliance and business continuity aspect, with 82% having at least one escrow agreement in place.
Mark Ormerod, group managing director, escrow at NCC Group, said the lack of protection among the wider FTSE350 is extremely concerning, particularly in light of the challenging economic environment and the ever present cyber security threats.
"The issue also appears to be too low on the auditing agenda. Software supplier and availability risks should be established steps in the overall due diligence process, not merely tick boxes that get lost in an auditor's report," he said.
NCC Group saw a 150% increase in source code requests from clients in 2009, compared with 2008, due to recessionary pressures, and merger and acquisition activity within the software supplier community.