Digital transformation done right (Bermuda)

Published: 5 Jun 2025
Type: Insight

As any specialised tech lawyer or technology consultant will tell you, digital transformation projects are not for the faint of heart.

The more innovative and untested the technology solutions are, and the more those solutions will radically transform your business, the higher the risk is of project failure.

Over the last ten years, there have been hundreds of news reports of failed digital transformation projects. There are now so many documented failures, no organisation can say they haven’t been warned.

The May 16 article in The Economist, titled “Why so many IT projects go so horribly wrong” is no exception.

Citing research published by an Oxford professor, the article points out that IT projects have unique risk management challenges.

That research discloses that the mean cost overrun for 20 per cent of all IT projects is 450 per cent, and that those risks exist because “IT projects reach deep into organisations, which means tech neophytes often call the shots”.

The neophyte risk rings true because very few IT executives will oversee more than just a few critical transformative projects in their entire career.

The many documented failures of transformative projects are exactly why a 36-page chapter of my 2021 book concerning IT project best practices is titled “Why Technology Projects Fail: Lessons Learned”, and why the next chapter in the book is titled “Dear IT Executive: Let’s Put The Lessons Learned Into Practice”.

Considering that there are so many digital transformation projects now being either considered or under way in Bermuda, including some highly innovative AI projects, The Economist’s article was a good reminder to flag a few common pitfalls to reduce project risk.

The most serious risk of digital transformation failure is not that project problems will cause project abandonment.

The real project risk to be managed is that the project will not achieve its organisation’s definition of transformative success, including: being on time; being on budget; materially achieving the desired operational functionality; ensuring mechanisms of performance verification; ensuring responsive and effective performance remediation; and achieving acceptable standards of security and operational resiliency.

One of the most common and serious mistakes that contributes to digital transformation failure arises when the proposed business innovations, including the desired operational outcomes, are not well defined as performance specifications, service levels and key performance indicators.

That mistake often occurs when transformative projects do not “separate design from build”, as separate and distinct phases of project implementation.

Practically speaking, organisations must first have a clear understanding of the house they want to build before they can select the technology that is best suited to deliver those innovative outcomes.

Since all digital transformation projects involve the procurement of either (or both) technology goods or services, it is essential that organisations manage risk with focused contracts that contain:

  • Terms for the commercial allocation of risk that are consistent with industry accepted commercial norms and practices. Off-the-shelf vendor contracts very rarely meet those criteria
  • Covenants concerning the vendor’s project expertise, experience, qualified personnel and professional qualifications that reflect the findings of rigorous vendor due diligence
  • A detailed technology solution definition so that both parties understand the required functionality of the procured solution
  • Provisions that separate business innovative process design services from all technology build services to permit key performance indicators and “value for money” verification
  • Provisions to ensure ongoing performance monitoring and verification, including effective service remediation
  • Day-to-day dispute or misunderstanding resolution mechanisms
  • Adequate technology support, update, enhancement, new release and maintenance provisions
  • Solution specifications to ensure enterprise interoperability, connectivity and compatibility, especially where digital solutions meet legacy systems
  • Terms to satisfy the organisation’s legal and regulatory requirements for cybersecurity, privacy, operational resilience and business continuity, outsourcing risk management and governance compliance

In fact, given the large number of publications about digital transformation, including essential AI contract terms and conditions, the abject failure of organisations to contractually consider all of those risk management issues may constitute some degree of malfeasance or misconduct by those who are managing those projects.

As I suggest in my 2021 book, digital transformation projects are like icebergs: only 10 per cent of the project risk is visible to inexperienced executives and the other 90 per cent of project risk, which can sink any digital transformation project, lurks below the surface.

Remember my book’s chapter nine title: “Dear IT Executive: Let’s Put The Lessons Learned Into Practice”.

First Published in The Royal Gazette, Legally Speaking column, June 2025

Share
More publications
050-Insolvency-Restructuring-Grid-Image
13 Jul 2026

Bermuda: Restructuring & Insolvency

This country-specific Q&A provides an overview of Restructuring & Insolvency laws and regulations applicable in Bermuda.

Appleby-Website-Regulatory-Practice
10 Jul 2026

It’s healthy to sometimes disagree with regulators

At some point, almost every regulated business will disagree with its regulator.

Appleby-Website-Privacy-and-Data-Protection
8 Jul 2026

Bermuda Privacy Commissioner Signals Shift to Stronger PIPA Enforcement

The Office of the Privacy Commissioner (PrivCom) has issued its first annual report since Bermuda's Personal Information Protection Act 2016 (PIPA) came fully into force, with the reports content signaling a transition from education and implementation to a stronger focus on enforcement.

Bermuda-1024x576-1
1 Jul 2026

A Forest for the Future

A first since the blight, the airport cedar forest is growing tall and standing strong.

Appleby-Website-Regulatory-Practice
1 Jul 2026

Complied out of business

Firms are complying themselves out of business because compliance no longer matches the evolving sophistication of the Bermuda Monetary Authority (BMA).

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

The long game: how Bermuda became the world’s life reinsurance capital

Ask a life insurer in New York, London or Tokyo where the liabilities behind their book ultimately sit and there is an increasingly good chance the answer is a 21-square-mile island in the North Atlantic.

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

Record H1’26 Cat Bond Issuance Driven by Rising Sponsor Comfort and Diversified Risk

With H1 2026 officially breaking the record for the most catastrophe bond deals to come to market and settle in the first six months of the year, a key trend driving this momentum is how comfortable sponsors have become with the mechanics of the overall cat bond space. This familiarity has ultimately encouraged a wave of new sponsors to enter the market, according to Brad Adderley, Managing Partner at law firm Appleby.

Appleby-Website-Employment-and-Immigration
12 Jun 2026

The Cost of Getting Employee Departures Wrong: Five Common Pitfalls for Bermuda Employers

Employee departures are an inevitable part of running a business, but the way they are managed can have significant legal, financial and operational consequences. In Bermuda, employers who approach terminations without adequate preparation may expose themselves to unnecessary disputes, regulatory issues, and reputational harm. Whether an employee is being dismissed for performance reasons, made redundant or departing as part of a negotiated exit, by recognizing the following common mistakes and taking a proactive approach, organizations can manage departures more effectively and reduce risk.

Appleby-Website-Privacy-and-Data-Protection
8 Jun 2026

It’s time to bridge Pipa compliance gap

A review of 200 publicly available privacy notices of companies in Bermuda has revealed that just one in nine are fully compliant with the Personal Information Protection Act 2016.

Appleby-Website-Privacy-and-Data-Protection
26 May 2026

Transparency is a legal requirement under Pipa

Major companies across the European Union have faced substantial fines between 2019 and 2024, estimated at a total of €930 million (about $1.08 billion), not only for cyberattacks or data breaches, but also for issues such as noncompliant privacy notices. A common theme in many cases has been a lack of transparency.