PHOTO: All Rights, Microsoft Corporation
According to an article in Computer Weekly, most data breaches (63%) are traceable to poor outsourcing decisions. Computer Weekly was quoting data from the 2013 Trustwave Global Security Report, which surveyed 450 global data breach investigations; the report found that nearly two-thirds of the breaches were traced to outsourced IT operations or administration.
According to this report, half of the FTSE 100 companies reported real or potential security and cyber risks in their annual reports, making security a high level risk. However, as we have discussed very often in this blog, the main focus of many outsourcing contracts is cost. Innovation, and apparently security, is discussed far less. The contract will have many clauses about cost and payment, but very little on security.
There's an old Russian saying, "When all you have is a hammer, you treat the world like a nail." When your procurement office negotiates a contract, they do not understand the security issues your network must deal with. In fact, most IT departments do not have sufficient expertise to defend their corporations against modern cyber threats, like a network attack from the Chinese government.
What should you do to protect your firm? I've been told, "When you don't know what you're doing, make sure that you work with someone who does." However, having worked on a LOT of outsourcing contracts, I would add this, "When you work with someone who knows that they're doing... listen when they tell you that you have a problem!"