Exclaimer, a Boston-based provider of email signature management solutions, has announced the results of the 2025 Build vs buy: The true cost of DIY IT solutions report, delivering a global view of how IT and security leaders are reassessing the true cost, risk, and return of building software in-house versus buying from trusted vendors. And the results are not good – at all. The findings, based on insights from over 2,000 IT and security decision-makers, reveal that 71% of in-house builds are eventually abandoned. This insight, which Exclaimer termed “The DIY Mirage”, reveals the false sense of control and efficiency that fades as maintenance demands, compliance risks, and long-term costs grow.
The research also reveals regional differences: UK teams are more likely to build in-house to meet compliance and data residency requirements (33%), while US teams build primarily for integrations with legacy systems (28%). However, that speed often comes at a cost as US IT leaders report higher rates of downtime from internal tools (74% vs 50% in the UK). Some build entire tools using templates and scripts in an effort to automate updates. It often feels like the efficient, pragmatic thing to do, although the failure rates suggest it is not.
“We commissioned this report to bring clarity to a question every IT leader faces: do you build, or do you buy?” said Paul Hammond, Chief Product & Technology Officer, at Exclaimer. “The data shows that while building in-house can feel like control, it often comes at the expense of time, security, and scalability. At Exclaimer, we’ve seen how easily operational burden creeps in when IT teams are forced to maintain tools that were never meant to scale. This research helps organizations see the full picture, that true efficiency isn’t about owning every line of code, but freeing teams to focus on growth and innovation.”
The research comes from a background of managing email signatures is one of those seemingly minor IT jobs that seems easy on the surface. However, what starts as a script or mail flow rule quickly turns into a brittle, time-consuming system that IT teams struggle to maintain. And when internal builds break, the fallout hits productivity, security, and compliance. As compliance expectations are updated and cloud platforms like Microsoft 365 and Google Workspace continue to evolve, in-house solutions struggle to keep up. What started small quickly becomes a liability, especially when email signatures are tied to regulatory, legal, or brand-critical communications.
The findings point to a widening gap between perceived efficiency and real outcomes regardless of region. Nearly half of IT teams still prefer to build their own tools, but only 8% of those projects are delivered on time and just 11% stay on budget. In reality, more than half take 1.6 to 2 times longer than planned, and almost half of all in-house IT projects (46%) end up costing close to twice what the organization originally budgeted for.
The hidden demands soon follow as 63% of teams say they spend 10–50 hours per month maintaining internal tools, and 66% require an additional $20,000 to $100,000 a year to keep them running. With 64% of organizations reporting security-related downtime and 31% citing compliance and data protection challenges as key barriers, what starts as a cost-saving initiative quickly turns into a long-term liability rather than a strategic advantage.
The data also reveals that delivery performance remains a global weak spot. Only 6% of US builds finish on time compared with around 11% in the UK, while 89% of US projects exceed budget versus 84% in the UK. Despite the regional differences, both markets underestimate the time and cost required to maintain home-grown software. In heavily regulated industries like manufacturing and finance, 83% of internally -built tools are eventually abandoned, which underscores how complexity and compliance pressures make homegrown systems difficult to sustain.
Seven in ten IT and security leaders (71%) admit they’ve built a tool in-house only to abandon it later. Among the most senior roles, that rises to 81% of CIOs and 73% of CTOs, showing that even the best-resourced teams struggle to sustain what they start. Security perceptions also diverge sharply: UK leaders are more likely to say vendors offer greater protection (51%), while US leaders express stronger confidence in their own builds (59%). The result is the same on both sides as downtime remains a universal challenge.
Add up the hours, the headcount, the time diverted from other priorities, and what started as a quick fix turns into a long-term time sink. It’s not just about how much the tool costs to build—it’s about what teams stop doing to support it. Email signature tools built on PowerShell are especially fragile. Microsoft Exchange EOL updates recently rendered many older scripts invalid, forcing teams to rebuild or start from scratch.
The report identifies a clear trend towards specialist vendors. When asked why they choose to buy rather than build, IT leaders pointed to speed (30%), access to expertise (29%), and reliability (28%) as key drivers.
While reasons for the shift towards buying differ by market, the direction teams are taking is clear. UK teams, driven by regulatory pressure (33%), are turning to specialist vendors for compliance and control. In contrast, US teams, historically more speed-oriented (23%), are now finding that vendor partnerships offer faster scalability and reduced maintenance. Both regions show a decisive shift: buying for efficiency now outweighs building for control.
Another problem is that most DIY signature tools don’t meet enterprise security standards. They lack the audit trails, certifications, and visibility that regulators (and security teams) expect. For instance, 71% of CTOs say vendor solutions are more secure than internal builds. DIY systems rarely meet GDPR, SOC 2, or ISO 27001 standards. And when a homegrown system fails, the liability falls squarely on internal teams.
“As organizations race to modernize and scale securely, we’re seeing that IT leaders recognize that buying from trusted partners delivers faster deployment, predictable performance, and built-in compliance without the constant drain of maintenance and patching,” Hammond indicated. “The research shows that these partnerships now represent trust, visibility, and control, backed by enterprise-grade governance and security. The question is therefore not whether IT teams can build, they must decide when they should.”