A magnifying glass hovering over a business blueprint, revealing green legacy COBOL code beneath cracked modern infrastructure. A gauge indicates critical risk, with callouts for undocumented business logic, talent pipeline gaps, and AI's limitations in code translation.
| |

COBOL Is the Asbestos of Programming Languages

ByJohn Mecke

And Your M&A Due Diligence Is Missing the Real Exposure

The Metaphor Everyone Is Getting Right — And the Conclusion Everyone Is Getting Wrong

COBOL modernization due diligence is the hidden liability sitting inside your next acquisition. Wired’s recent feature frames it precisely: COBOL is “digital asbestos,” almost ubiquitous once, now incredibly difficult to remove. The metaphor is apt. But the market is drawing the wrong conclusion from it.

In late February 2026, Anthropic published a blog post describing how Claude Code could be used to analyze and refactor COBOL. IBM’s stock dropped 13% in a single trading session — its worst single-day loss since October 2000. The market’s reading: AI has solved the COBOL problem. Modernization is now cheap. The mainframe era is over.

That reading is wrong. And for M&A buyers, PE portfolio managers, and enterprise CTOs evaluating acquisition targets, that misreading carries a specific financial cost.

The same pattern keeps repeating. One AI announcement triggers a market repricing. The repricing outpaces actual operational reality. Buyers who believe the headlines inherit liabilities the sellers never properly disclosed. We have documented this dynamic in our analysis of AI productivity claims and AI sales tool ROI. The COBOL modernization narrative follows the exact same structure.

The Scale of the Problem Your Due Diligence Is Missing

Before addressing the AI modernization claim, it is worth establishing what COBOL actually is in operational terms today.

COBOL — Common Business-Oriented Language — was first proposed in 1959. Of the 300 billion lines of code written by the year 2000, 80% were in COBOL. Today, COBOL processes approximately $3 trillion in financial transactions on any given day. More than 43% of global banking systems run on COBOL. Government systems — unemployment insurance, motor vehicle records, social security — depend on it.

These are not legacy edge cases. They are mission-critical systems that process an extraordinary volume of real economic activity, every day, at a reliability and scale that modern platforms have not yet demonstrated the ability to match.

For M&A practitioners: any acquisition target that provides software to, integrates with, or directly competes against the banking, insurance, government services, or healthcare sectors is likely carrying COBOL exposure. That exposure typically does not appear as a line item in the CIM, the management presentation, or the technical due diligence report.

Figure: COBOL Modernization Services Market Size 2024–2030. Alt: Bar chart showing COBOL modernization market growing from $3.12B in 2024 to $6.08B by 2030 at 11.7% CAGR

Why the AI Modernization Promise Is Real — In One Place Only

The Anthropic announcement that moved markets described using Claude Code to parse COBOL codebases, map dependencies, and assist in refactoring logic into modern languages like Java. This capability is real. IBM’s watsonx Code Assistant for Z performs similar work with a 20-billion-parameter model trained on COBOL-Java pairs. AWS has mainframe migration programs. Microsoft offers COBOL modernization tooling. Kyndryl runs large-scale migration engagements. The idea that AI helps with COBOL code analysis is not new.

What AI does well in COBOL modernization: it accelerates code analysis, helps map dependencies, generates documentation, and assists in initial refactoring. This primarily addresses the code translation component of a modernization project.

What AI does not solve: the 80% of modernization cost that has nothing to do with code translation.

What AI Cannot Automate in COBOL ModernizationBusiness logic extraction: decades of undocumented business rules embedded in procedural COBOL that exist nowhere outside the code itselfBehavioral equivalence validation: proving mathematically that the new system produces identical outputs to the old system across all transaction typesRegulatory compliance testing: validating that modernized systems meet current BFSI, government, and healthcare regulatory requirementsData migration: moving decades of structured data from mainframe formats to modern architectures without loss or corruptionOrganizational change management: retraining staff, rewriting operational procedures, managing parallel run periods, and managing failure modes

Every serious modernization practitioner agrees on this. As Mitch Ashley of the Futurum Group noted in his analysis of the IBM market event: modernization “also requires business scoping, behavioral equivalence validation, data migration strategy, and organizational change.” These are not secondary concerns. They are the primary cost drivers.

Figure: AI Impact on COBOL Modernization Cost Components. Alt: Two-panel chart: left shows COBOL developer talent pool declining 10% annually; right shows AI reduces code translation cost by 85% but has minimal impact on business logic extraction and regulatory compliance

The Talent Crisis That Compounds Every Quarter

The Wired article identifies the workforce dimension accurately: the pool of developers proficient in COBOL is shrinking rapidly. The average COBOL developer is 55 years old. Roughly 10% of that workforce retires every year. COBOL is no longer taught in mainstream computer science curricula. There is no natural replacement pipeline.

This creates a compounding problem that AI does not solve: the faster the talent pool shrinks, the more undocumented institutional knowledge disappears permanently. Undocumented business logic cannot be reverse-engineered if the people who wrote it are gone and the code that encoded it was never adequately commented.

The COVID-19 pandemic provided a sharp illustration. Early in the pandemic, New Jersey’s governor made an unusual public admission: the state had run out of COBOL developers. Its unemployment insurance systems, written in COBOL, needed to be updated to handle the influx of hundreds of thousands of new claims. No one was available to do the work. By one estimate, COBOL inefficiencies cost the US GDP $105 billion in 2020 alone. New Jersey eventually built a new unemployment system — but the backend still runs on a mainframe running the old language.

For M&A practitioners, the talent dimension creates a specific due diligence obligation: when evaluating any target with COBOL or mainframe exposure, you must assess not just the technical architecture, but the human infrastructure that maintains it. A system that works today but has no qualified maintainers is a ticking clock on the cap table.

The M&A Due Diligence Implications: What Acquirers Are Missing

Our M&A due diligence checklist identifies technical debt as one of the most commonly understated or concealed liabilities in enterprise software acquisitions. COBOL and mainframe exposure is a specific and severe version of this problem. Here is what a comprehensive technical due diligence assessment should include for targets with legacy exposure.

1. Dependency Mapping

Which systems does the target’s product depend on, integrate with, or sit on top of that involve COBOL or mainframe architectures? This mapping often reveals exposure that target management has not surfaced — not necessarily due to concealment, but because it is simply how their infrastructure has always operated.

2. Undocumented Business Logic Assessment

What percentage of the business logic governing the target’s core transactions exists only in the COBOL codebase? Is there documentation? Who wrote it and when? Are any of those developers still employed or accessible? This is the single highest-risk dimension of COBOL technical debt.

3. Talent Inventory and Succession Risk

How many engineers within the target organization can read, maintain, and modify the COBOL systems? What are their ages, tenures, and departure risks? Is there a knowledge transfer program in place? Firms with one or two COBOL-proficient engineers carry concentration risk that can materially affect post-close integration.

4. Modernization Roadmap and Cost Estimate

Has the target produced a formal modernization roadmap? Have they engaged third-party assessors, such as IBM Consulting, Accenture, Capgemini, or Kyndryl, to estimate the total cost and timeline? A credible modernization estimate for a mid-size financial system typically runs 18–36 months and costs in the tens of millions. Any target presenting lower estimates without credible third-party backing should prompt scrutiny.

5. Regulatory Compliance Exposure

COBOL systems in banking and insurance operate under strict regulatory frameworks. Modernization projects that fail to properly validate behavioral equivalence have triggered regulatory actions, fines, and remediation requirements. Acquirers should confirm whether the target’s COBOL systems have been assessed against current regulatory standards.

Figure: COBOL Technical Debt M&A Due Diligence Risk Matrix. Alt: Scatter plot risk matrix showing COBOL due diligence factors by discovery difficulty and impact on deal value, with undocumented business logic and talent pipeline gaps in the critical risk quadrant

The Market Context: A $13 Billion Problem Growing at 10% Per Year

The mainframe modernization market is expected to grow from $8.39 billion in 2025 to $13.34 billion by 2030 at a 9.7% CAGR, according to MarketsandMarkets. The COBOL Modernization Services segment specifically is growing at 11.7% annually, from $3.12 billion in 2024 to a projected $8.59 billion by 2033.

This market is not growing because the problem is getting easier. It is growing because the problem is getting more urgent. The combination of a shrinking talent pool, increasing regulatory pressure, and accelerating AI adoption in adjacent systems is creating a forcing function that financial and government sector organizations can no longer defer.

North America leads this market, accounting for approximately 38-42% of global COBOL modernization spending — driven by the concentration of legacy COBOL systems in US banking, insurance, and federal government agencies. Nearly 70% of IT budgets in large enterprises remain tied to maintaining outdated systems, crowding out the capital investment available for modernization.

For PE investors building platforms in financial services software, healthcare technology, or government SaaS: this market growth represents both an opportunity and an obligation. It is an opportunity because modernization-enabling software companies — API abstraction layers, automated testing platforms, behavioral equivalence validators — are commanding strong multiples. It is an obligation because platform roll-ups in these sectors will eventually inherit the COBOL exposure of their acquired companies.

Our analysis of AI valuation dynamics in enterprise SaaS M&A has documented how AI-adjacent narratives inflate seller expectations beyond what deal data supports. The “AI solves COBOL” narrative is the latest iteration.

The Core M&A Risk: Pricing Targets As If Modernization Is SolvedTargets with COBOL-dependent systems or COBOL-dependent customers are often valued as if AI has eliminated the modernization liabilityThe $105 billion GDP cost of COBOL inefficiency in 2020 was a crisis event — not a ceiling; routine inefficiencies are ongoing and unquantifiedDeal structures rarely include reps and warranties specific to legacy technology modernization costsPost-close integration plans that assume AI-accelerated modernization timelines are systematically underestimating cost and durationFederal agencies: the 10 most at-risk legacy systems cost $337M per year to maintain, consuming ~80% of their IT budgets

What Acquirers, CTOs, and Investors Should Do Now

The goal is not to avoid targets with COBOL exposure. Many of the most valuable enterprise software companies in banking, insurance, and government sit atop or alongside COBOL-based infrastructure. The goal is to price that exposure correctly.

The practical framework:

  • Expand your technical due diligence scope to include mainframe dependency mapping as a standard requirement for any target in BFSI, government, healthcare, or insurance. Our M&A due diligence checklist provides the framework; COBOL exposure assessment should be added as a dedicated workstream.
  • Request a third-party modernization cost estimate. Do not accept management’s internal estimate without independent validation from a systems integrator with COBOL modernization experience. A credible estimate requires source code analysis, dependency mapping, and regulatory compliance review.
  • Assess the human infrastructure, not just the technical one. The talent inventory — who maintains these systems, what they know, and how transferable that knowledge is — is as important as the code inventory. Consider knowledge transfer obligations as a deal condition.
  • Adjust deal structure to reflect unquantified legacy risk. Where modernization cost cannot be precisely estimated, deal structures should include escrow provisions, earnouts tied to successful migration milestones, or indemnification clauses covering post-close remediation.
  • Separate AI-assisted from AI-solved. AI tools genuinely accelerate code analysis and initial refactoring. They do not address the extraction of business logic, behavioral validation, or regulatory compliance. Any modernization estimate that does not include these components is incomplete.

For SaaS founders positioning for acquisition: if your product integrates with or depends on mainframe or COBOL-based infrastructure, get ahead of this. Commission a formal modernization assessment now, before an acquirer’s technical diligence team identifies the exposure. As we have noted in our SaaS exit strategy analysis, being able to answer hard questions before they are asked is one of the most effective ways to protect deal value.

Conclusion: The Asbestos Metaphor Works — In Both Directions

The Wired comparison to asbestos is precisely right. Asbestos was once considered a miracle material — cheap, fire-resistant, ubiquitous. Its removal became enormously expensive, not because removal technology was unavailable, but because the full scope of the problem only became visible when removal began. Contractors who quoted based on visible surface area learned, expensively, about what was inside the walls.

COBOL is the same. AI tools are improving code translation. They are not improving business logic extraction, behavioral validation, or the organizational complexity of replacing systems that process $3 trillion in daily transactions.

The market repricing triggered by a blog post was a sentiment event, not an operational event. The contractors who quote COBOL modernization for a living know this. Acquirers and investors who price deal targets as if the blog post were the operational reality are accepting liabilities that are not in the price.

As we have documented across our analysis of AI productivity claims and enterprise AI security risks: the gap between AI narrative and operational reality is where the real M&A risk lives. COBOL modernization due diligence is where that gap is widest right now.

Is Your Next Acquisition Target Carrying Hidden COBOL Exposure?DevelopmentCorporate LLC provides M&A advisory and technical due diligence for enterprise SaaS transactions. We help buyers identify legacy technology liabilities before they become post-close surprises.→ Contact us at DevelopmentCorporate.com

Similar Posts