Fragmented DevOps & poor developer experience cost millions

New research from Harness indicates that inefficiencies in DevOps processes and a fragmented developer experience are costing enterprises significant amounts each year through lost productivity, release delays, and increased security risks.

The research findings are detailed in The State of Software Engineering Excellence 2025 report, which surveyed more than 650 engineering leaders in the US and UK. The report highlights notable discrepancies between the aspirations for software engineering and the existing shortcomings within many organisations' daily operations.

Manual interventions

The data shows that manual intervention remains a common element in many DevOps processes. Specifically, 64% of organisations continue to use manual steps for infrastructure code deployment, while half of application deployments are not fully automated. This reliance on manual work extends to code review procedures, with 61% of participants stating that code reviews typically take more than a day to complete.

The results regarding incident management tools and environments are also notable. Over half of engineering teams lack key tools to support incident management, and 67% report that they cannot build and test their development environment within 15 minutes. This underlines persistent inefficiencies hindering speed and quality across software development pipelines.

Developer experience

The findings illustrate systemic issues in the developer experience. For instance, 29% of teams operate without a software catalog, and just 21% have catalogs that automatically update with changes. This means developers often need to spend time sourcing basic system information, which negatively affects productivity and extends delivery times.

Upskilling and reskilling opportunities also appear to be lacking; only 19% of surveyed leaders indicated that their organisation maintains a structured skills development curriculum for engineers. Such a gap in continual talent development may expose organisations to difficulties keeping pace with technological changes.

"What we're seeing is an epidemic of engineering inefficiency that's holding back innovation across the industry. Organizations are burning through millions of dollars in developer productivity while simultaneously exposing themselves to significant security and operational risks," said Martin Reynolds, Field CTO at Harness and creator of the Engineering Excellence Maturity Assessment.

Planning and scope challenges

Planning processes were identified as another area of concern. One in four engineering leaders reported that more than 70% of their project requirements lacked clearly defined acceptance criteria. Over half have experienced average scope creep above 20% in recent sprints, a factor often leading to costly rework and frustration among developers.

Security and resilience

The report highlights security as a significant area of risk. According to the study, 38% of build pipelines do not have security scan gates, and nearly one in ten organisations permit critical-severity bugs into production systems. Additionally, 45% of respondents said it takes longer than seven days to resolve high-severity security issues, increasing organisational vulnerability to cyber threats.

The data also suggests gaps in security training. While 56% of developers receive updated security training annually or semi-annually, nearly a quarter report receiving no security training at all. This lack of training can compound organisational risks, particularly given the rise in software supply chain attacks.

"In an era where software supply chain attacks are making headlines weekly, these gaps represent existential threats to business continuity. Organizations are essentially flying blind when it comes to understanding what's actually in their software and how vulnerable they are to attack," said Reynolds. 

Economic impact

The aggregate financial impact is significant. Organisations face millions in annual productivity losses attributed to slow onboarding, manual build processes, and deployment bottlenecks. Including the costs of security incidents, outages, and employee retention challenges, losses can extend to tens of millions for large enterprises.

The report suggests a platform-centric strategy as a potential remedy. By consolidating developer experience, security, and operational functions within a unified software delivery platform, companies can automate processes, reduce friction, and address security risks more effectively. Features such as automated pipeline creation, intelligent testing, and integrated security scanning were identified as essential to improving efficiency and reducing risks.

The research was based on responses from engineering leaders who completed the Engineering Excellence Maturity Assessment, which evaluates maturity across five key dimensions: Developer Experience, DevOps Modernisation, Optimisation, Quality and Resilience, and Secure Software Development. The authors argue that taking a more structured, platform-driven approach could help organisations close performance gaps and improve both quality and security outcomes.