Abandoning Security and Accessibility to Save Money Is Like Stopping the Clock to Save Time

In this fast-paced world, websites and applications serve as the face of businesses, connecting them to their customers. However, some organisations make a critical mistake: they cut corners on security and accessibility to save costs. This decision is akin to stopping the clock to save time - counterproductive and ultimately harmful.

For over 23 years I worked in a successful web agency where we had a whole range of clients, from those with long-term, complex projects with big budgets which had the time and money to plan, test and deploy properly to the smaller businesses with modest budgets needing their projects live quickly and cheaply. 

Everybody who has managed projects at any level understands what I call the "Project Management Triangle" also known by those who like to make themselves sound proper knowledgable as "the triple constraint". 

This illustrates the interconnectedness of three critical factors:

1. Time - Representing project deadlines and schedules.
   
   
2. Cost - Refers to the budget allocated for the project.
   
   
3. Features - This encompasses the project’s goals, requirements, and deliverables.

Balancing these factors is essential, as changes in one area will impact the others. Effective risk management, prioritisation, and transparent communication with stakeholders are key benefits of understanding this triangle. 

But smaller budgets mean more compromises, and clients are usually stuck on Cost and Time but happy to discuss features... When faced with the option of removing that cool feature thought up by the CEO or marketing team or putting less effort into Security or Accessibility, in my experience they choose to spend less on the latter. 

This is because they don't feel that they will see any immediate benefits from making the site secure (I mean, a good programmer will make sure the site can't be penetrated right?) or indeed, why would we need to make the site accessible? (I once had one client who sells cars shouting me down with "Blind People Don't Buy Cars").

Of course, a good development team will put into place best practices when it comes to mitigating network, database and code vulnerabilities such as cross-site scripting and SQL Injection but nowadays, with so much reliance on third-party integrations and cloud-based systems, you need lots of research and testing to make your site or app as secure as it can be, and that takes time... Which either means more cost or fewer features. 

As far as accessibility is concerned, when it comes to cost, many clients feel that features built into browsers and devices are enough to say that their sites work and are relatively accessible. But even simple things like the colours you are using within your site can exclude a bulk of users from navigating your site or app with ease. For example, did you know that between 5% and 8% of men and up to 1% of women are colour blind, meaning you can effectively alienate up to 10% of your customers if you get it wrong! 

It's generally not the client's fault, they are driven to get the project working with as little stress as possible, and they don't reason the implications of the options, focussed on getting it live for customers, shareholders, stakeholders or management, and they are project managers, not development specialists. So, if you need to have that discussion with a client, please make sure you push the importance of security and accessibility audits. Having a data breach can permanently harm your company and the trust your customers have in you as well as handing you a legal nightmare. And having a site that doesn't at least comply with WCAG AA level will alienate quite a percentage of your customer base. 

Don't think of security and accessibility as an expense, it’s an investment in your organisation’s longevity and reputation. 

So when it comes to choosing between cost, time and features... Choose wisely!