Companies are more concerned about theft or misuse of outsourced data than about the threat of terrorism. They also perceive a significantly higher security risk to data in working with offshore providers than with those in the US, because of lack of trust in developing countries' legal and regulatory environments.
Most respondents say they would be prepared to pay 10%-15% more to be assured of higher security, and they rank the issue as more important than the financial strength, business stability and reputation of prospective partners.
At the same time, many companies are sceptical of the security claims of outsourcing providers and say that security management requirements need to be defined in contracts.
They also regard third-party audits and independent security evaluations as important and want to see industry standards defined and established.
Information security risk: a top concern among outsourcing executives
Booz Allen Hamilton, 23 March 2006
Review by Steve Lodge.