This year is shaping up as the third disappointment in a row for corporate technology spending. After a weak first half, it'll take a surge from now to December for this year's total to merely equal U.S. businesses' 2002 tech spending of $312 billion. That's quite a comedown from 2000's 11.5% increase, the last time tech demand was really robust -- and improvement is going to come slowly. "There isn't the urgency of the late 1990s to spend on information technology," says Stephen Minton, an analyst at tech consultancy IDC. "There are no revolutions like the Internet."
And yet, tech suppliers that happen to be in the right spot will do much better than average this year. These include outfits whose products perform mission-critical work or play a crucial cost-cutting role. This year, those traditional bright spots in a down market are joined by one other: Software and hardware that most major corporations will need to comply with a variety of new state and federal laws -- including those aimed at making corporate financial reporting more transparent. That could be significant enough to help push up overall tech outlays by as much as 4% in 2004, according to IDC.
LEGAL BENEFICIARIES. The law that may stimulate spending the most is the year-old Sarbanes-Oxley Act, which Congress passed in reaction to a rash of corporate scandals. It requires that by next June public companies document -- and continuously monitor -- the internal processes and controls they use to prevent several types of fraud. More than 85% of some 60 major companies recently surveyed by IT consultancy AMR Research expect the new regulations to require changes in their technology systems. AMR estimates that U.S. businesses will spend $2.5 billion this year simply investigating how to comply with the act -- and more next year on software and hardware to do so.
Thanks partly to the law, IDC expects the $1 billion market for analytical software designed to asses financial and business performance management to grow by 10% a year through 2007. One beneficiary would likely be market leader Hyperion Solutions (HYSL), whose revenues in the nine months ended Mar. 31 climbed 5%, to $372.5 million, while its profits hit $24.9 million, nearly triple the figure for the year-earlier period. Hyperion's shares climbed to their 52-week high of $38.06 in June before receding to about $33.50, and several investment houses, including J.P. Morgan, have initiated coverage. At the moment, 11 of the 20 analysts who follow Hyperion rate it a buy.
Larger companies are hoping to get some sales from Sarbanes-Oxley as well. This summer, database-software maker Oracle (ORCL) will release its Internal Controls Manager, which will allow companies to better document their business processes, such as the way expenses are approved. The software will also provide auditors with a list of risks -- such as employees who expense more than their receipts support -- says Steve Miranda, vice-president for applications development at Oracle.
SPILLOVER EFFECT. Sarbanes-Oxley could also spur hardware sales. Janice Malaszenko, vice-president for enterprise-platform delivery at Xerox (XRX), believes her company might need additional storage to maintain the extra information required for audits -- especially in the wake of Xerox' recent settlement with the Securities & Exchange Commission, which had accused it of financial fraud (Xerox hasn't admitted guilt). If other outfits follow Xerox' lead, that could prove a boon for storage makers like EMC (EMC) and storage-software makers such as Veritas Software (VRTS) (see BW Online, 7/7/03, "EMC Aims to Lasso Legato").
The new rules could even have an indirect effect on computer purchases: Today, the PCs in half of all U.S. businesses run on operating systems -- or OS, a computer's basic software -- older than Windows 2000, says Jeff McCrea, vice-president for the desktop-platforms group at microprocessor king Intel (INTC). And Microsoft (MSFT) has said that it'll soon stop supporting older versions, such as Windows NT 4.0. Thus, McCrea thinks many companies will soon have to upgrade to comply with Sarbanes-Oxley, which assumes that businesses have highly reliable computer systems.
Rob Enderlee, an analyst at tech consultancy Forrester Research, believes that by 2005 the government could mandate an OS upgrade for security reasons. While that sounds farfetched, Sarbannes-Oxley may add to the list of reasons for corporations to replace their PCs as they do an OS upgrade, McCrea says: A recent IDC survey of 1,000 U.S. companies showed that replacing aging infrastructure is now the No. 1 tech priority in 50% of them." [Sarbanes-Oxley] could have an incremental effect," says a spokesperson for Dell (DELL), the world's largest PC maker.
REPUTATIONS AT STAKE. Adding to the urgency may be California's new information-security law, which took effect on July 1 and requires companies to notify their California clients if the companies have reason to suspect that a customer's data -- such as an account number or a Social Security number -- may have been stolen. The law allows individuals to bring civil suits against companies that don't reveal such a problem. But "the prime risk is the harm to reputation," says Deborah Birnbach, partner at law firm Testa, Hurwitz & Thibeault in Boston. "People don't want to do business with you if your systems are vulnerable."
The California law already may have stimulated a small boom in security software. Privately held Liquid Machines in Lexington, Mass., booked a 50% sales increase in this year's second quarter vs. the first mainly because of the legislation, says CEO Jim Schoonmaker. And in July, Liquid Machines will release a new iteration of its software specifically designed for compliance: The product will not only track sensitive data to see who looked at it or pasted it into other applications but it will also show if the data was printed, Schoonmaker says. The law could also lift bigger security-software players, such as Check Point (CHKP).
The California law eventually could have a wider effect. On June 26, Senator Diane Feinstein (D-Calif.) introduced a bill in Congress that would fine businesses that fail to notify customers of security breaches. The penalty: $25,000 per day of delay. Whether it'll pass isn't certain, but just the talk surrounding the bill is putting a stronger focus on security, as is Washington's homeland defense initiative and the new HIPPA legislation (Health Insurance Portability & Accountability Act), which protects the security of individual medical information.
SPENDING TO SAVE. Northwestern University and its associated hospital in Chicago will spend much of their nonoperations-related technology budget over the next year or two on additional firewalls, intrusion-detection software, and switches that control access to its wireless network, says Mort Rahimi, vice-president for information systems and technology at Northwestern. Two years ago, the school had only 1.5 positions related to IT security, but in 2004 four staffers will do the job, he says.
Corporations are also willing to spend on software and gear that promise to cut costs, increase productivity, or boost revenues. Medical-supplies distributor Owens & Minor (OMI) is installing systems that let track inventory and orders over the Internet. The idea is to allow for faster adjustments to business conditions, says David Guzman, Owens & Minor's chief information officer. This approach should allow it to quickly integrate new customers or suppliers into its systems or introduce a new service, he says.
Many other companies are finding that outsourcing some or all of their technology tasks cuts costs, says John Nyland, general manager for the public sector at IBM Global Services (IBM). His division has just signed up three New York-area hospitals for its outsourcing services.
Reducing expenses is also vitally important for companies that still run their own systems. Thus, PeopleSoft (PSFT) has come up with ways to cut the effective cost of its products while avoiding a huge revenue hit. For the past two years, it has run special labs, in which its software can be tested, customized, and burned onto a CD that's sent to the customer, says Mike Gregoire, PeopleSoft's executive vice-president for Global Services. Previously, this testing to be done at the customer's site. The labs have saved some clients about 25% in implementation time and 35% in costs, Gregoire claims.
"LIFE-AND-DEATH MATTER". Companies will most easily loosen their purse strings to buy mission-critical gear. Despite the slight decrease in the tech budget at Oregon Health & Sciences University (OSHU) for the fiscal year that started July 1, the Portland (Ore.) university and its hospital plan to replace many servers and other key hardware in the next year because the equipment's three-year warranties are expiring, says John Kenagy, OHSU's CIO. "We can't have any down time," he says. "It's a life-and-death matter." He expects to replace his existing gear with products from server king Sun Microsystems (SUNW) and networking giant Cisco Systems (CSCO).
One big downer for tech players is that increased demand for hardware will be significantly offset by heavy discounting that's cutting prices by double-digit percentages in some cases, says IDC's Minton. OHSU's Kenagy says he'll probably wait until the end of his suppliers' fiscal year, when the prices tend to be lowest, to make his purchases.
It's also unclear, even now, what ultimate impact this variety of factors will have on tech demand over the next 18 months. Yet it is clear that without them, tech outfits would be more vulnerable. Until the day that broadly higher capital spending puts a jolt back into the overall economy, the mantra will be: Things could always be worse. By Olga Kharif in Portland, Ore.