Information Security a Top Outsourcing Concern

March 23, 2006 ( - Information security has become a top concern among companies evaluating current and potential outsourcing relationships, according to a new study by management consulting firm Booz Allen Hamilton.

According to a company press release, the survey found that information security is one of the top three most important factors in selecting an outsourcing partner, chosen by 50% of respondents, ahead of financial strength, business stability, and reputation. A majority (85%) of respondents said they may be willing to pay 10% – 15% more to be ensured of superior security.

In addition, respondents overwhelmingly indicated a greater concern over security risks with offshore outsourcing providers, according to the release. Seventy-six percent perceive a “moderately higher” or “much higher” risk of security threats with offshore providers. The study found that:

  • Just 5% of respondents believe that China has a strong regulatory and legal infrastructure, followed by South America (6%) and Southeast Asia (11%);
  • Only 27% of respondents believe that India has a robust legal infrastructure; and
  • North America is perceived to have a healthy legal and regulatory environment by 83% of respondents, followed by Ireland (52%) and the emerging EU countries of eastern Europe (42%).

Half of all respondents are skeptical of the security claims by outsourcing providers – 30% of respondents find security capability claims impossible to verify, and 20% find provider security claims not credible. Companies said that third party audits and independent security evaluations are the most important measures when seeking out security information on outsourcing vendors.

Eighty percent of survey respondents indicated that the biggest management challenge in outsourcing was obtaining agreements governing outsourcing relationships with security management requirements defined in the contracts. When asked who should be responsible for defining and establishing standards, over 50% of those who responded favored customer trade groups or industry associations, while an almost equal number said standards should be established by governments from within major industrialized nations. Two-thirds of survey participants positively view some US regulation of security and privacy standards for outsourcing providers.

The report further indicates growing concerns about cyber crime, customer data theft, and network security issues. Nearly 70% of respondents reported reviewing their outsourcing strategy in response to hearing of recent high profile cyber crime incidents. While two-thirds of companies consider the possibility of cyber threats “very important,” only 35% feel that way about physical breaches and natural disasters. Terrorism is viewed as a moderate to serious threat by 48% of respondents, while 91% were somewhat or very concerned about data theft or misuse.

Booz Allen surveyed 158 US-based senior executives, focusing on executives in frequently outsourced functions such as human resources and finance. Respondents represented a wide variety of industries and company sizes, and 87% are currently outsourcing or actively considering doing so.