Professional Documents
Culture Documents
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
Background on the Booz Allen Hamilton Outsourcing Security
Survey
As the use of outsourcing continues to grow, so too do risks to customer and company data
that companies must rely on their outsourcing vendors to protect
In order to better understand how companies are managing the information security and data
privacy risks of outsourcing, Booz Allen Hamilton surveyed senior executives involved in
defining and managing their companies’ outsourcing strategies
The survey, which reflects the responses of 158 executives from companies across a range of
industries, June-December 2005, was designed to provide insight into:
– Senior Executive perspectives on the magnitude of information security risk involved in
outsourcing relationships
– How companies approach the evaluation and monitoring of outsourcing vendors’ information
security capabilities
– The information security and data privacy challenges that the outsourcing industry must
address in order to maintain the trust and confidence of customers and clients
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida 1
Key Takeaway: Companies using outsourcing are increasingly
concerned about information security
Executive Summary
While security is a complex issue, respondents almost unanimously agreed on the need for
standards and auditing mechanisms
These mechanisms are particularly needed in some key countries where respondents do not
trust the current legal and regulatory infrastructure (e.g. India, China)
Support is growing for government involvement in setting and enforcing security standards
Like financial markets, outsourcing security can benefit from public - private partnerships to
provide regulations, standards and audit capabilities
Outsourcing buyers seem willing to pay a premium for improved security capabilities
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
2
Services, pricing and security capabilities are the top three
evaluation factors when selecting an outsourcing partner
When selecting an outsourcing partner, what are the most
important evaluation factors?
Geographic factors 17
0 50 100 150
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
Note: Respondents were asked to select all that apply
3
Companies are more concerned about cyber threats than physical
breaches and natural disasters
Non-cyber
Threats
Compromise of operating continuity due to external 56
factors (natural disasters, political instability, etc.)
0 https://www.redscorpionsecurity.in/
50 100 150
#Security_services_in_Delhi
Note: Includes only # of respondents who answered “Very Important” in each category #Security_company_in_Noida
Note: Respondents were asked to select all that apply
4
Increased awareness of security risks has led many companies to
review their outsourcing strategies in the last year
No Yes
37%
No Yes
42%
58%
63%
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
5
The security risk is perceived as significantly higher for providers
with offshore operations
Do you perceive a greater or lesser risk of security threats
for outsourcing providers located offshore?
No basis
Much Lower 1% for comparison
4%
Moderately Lower 2%
Same
28%
17%
Much Higher
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
6
Providers with operations in India, Asia and South America are
particularly challenged by a legal and regulatory perception gap
Which geographies have a robust regulatory and legal infrastructure? Major Findings
7
Providers’ security capabilities matter more than providers’
security budgets ….
How important are the following security factors when evaluating and managing an outsourcing relationship?
0 20 40 60 80 100
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
Note: Includes only # of respondents who answered “Very Important” in each category #Security_company_in_Noida
Note: Respondents were asked to select all that apply
8
…however defining, monitoring, and integrating security
management in outsourcing contracts is a growing challenge
Which factors present the biggest management challenges in
evaluating and managing security in outsourcing relationships?
0 20 https://www.redscorpionsecurity.in/
40 60 80
% of respondents putting factor in top 3
#Security_services_in_Delhi
#Security_company_in_Noida
9
Companies want more 3rd party audits and independent security
evaluations of outsourcing providers
What tools do you feel are most important to use in evaluating
the security capabilities of outsourcing vendors?
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
Note: Respondents were asked to select all that apply
10
The US government could play an increasing role in creating
security and privacy regulations for outsourcing providers
Two thirds of
34% respondents are open to
some form of US
regulation of security
standards
11
Outsourcers should work with associations and governments to
define and establish security regulations and standards…
#Security_services_in_Delhi
#Security_company_in_Noida
12
…while leveraging external auditors for monitoring
0 20 40 60 https://www.redscorpionsecurity.in/
80
#Security_services_in_Delhi
# of Respondents expressing preference
#Security_company_in_Noida
13
Investments should be prioritized for security training and
awareness, new technologies and improved policies/procedures
0 20 40 60 80 100 120
# of Respondents expressing preference
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
Note: Respondents were asked to check all that apply
14
Buyers may be willing to pay a premium for improved security
capabilities — challenging the industry to demonstrate ROI
Would you be willing to pay 10% to 15% more for outsourcing services
if you thought it would ensure superior security?
85% of respondents
55%
may be willing to pay
Maybe - would depend on comparison
some premium for
of security against other factors
improved security
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
15
Other Supporting Findings
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
16
Respondents viewed service disruption, loss of customer trust and
brand impact, and loss of intellectual property as equally important
outsourcing security risks
What do you believe are the greatest security risks and vulnerabilities to your business from outsourcing?
Other 5
0 20 40 60 80 100
https://www.redscorpionsecurity.in/
# of Respondents expressing preference
#Security_services_in_Delhi
#Security_company_in_Noida
Note: Respondents were asked to select all that apply
17
Companies are more concerned about theft or misuse of
outsourced data than they are about the threat of terrorism
From your perspective, how serious is the threat of How concerned are you about theft, misuse or damage
terrorism for the operations of domestic of company systems and data from outside/inside an
outsourcing vendors? outsource provider?
Serious Not
No Basis Threat Concerned
for Evaluation
9%
15% 9%
Moderate Somewhat
28%
39% Threat Concerned 63%
47% Very
Concerned
Low
Threat
Less than 50% view
terrorism as a moderate https://www.redscorpionsecurity.in/
– serious threat, while
91% were somewhat – #Security_services_in_Delhi
very concerned about
data theft or misuse
#Security_company_in_Noida
18
There is credibility gap in the security capabilities of providers,
with clients in some verticals more skeptical than others
Financial Services
15% Less than half of
25%
25%
financial services
For your industry, do you find the security capability respondents trusted
30% even the largest
claims of outsourcing providers credible?
30% providers’ security
Yes capabilities
Maybe, but no way
to verify or validate
claims 14%
30% 18% Government
Government
36%
25%
respondents were even
9% more skeptical with less
than 30% trusting all or
36% the largest providers
37%
20%
No Yes, but only
the largest 14% 67% of manufacturing
Manufacturing
24%
25%
respondents found
Half of 19%
Verification of
respondentsnd
https://www.redscorpionsecurity.in/
some degree of provider
compliance 2 security claims to be
discredit
most important #Security_services_in_Delhi
43% credible
outsourcers’
evaluation factor
security claims #Security_company_in_Noida
19
Over the next two years, respondents expect continued growth in
the outsourcing market, but are generally divided on whether
growth will occur in existing functions, or expand upstream
5%
Financial Services
95% of financial services
For your industry, what do you expect in the
respondents expect
outsourcing market in the next two years?
outsourcing market growth
50% 45%
Reduction in the to continue, but are
size of the market divided on expansion into
upstream functions
Slowing growth or market
stagnation
6%
7%
Government respondents
Government
27%
are less certain, with
36% almost 40% expecting
49% 9% market stagnation or
reduction
27%
38%
20
Survey Methodology and Demographics
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
21
Survey Methodology
Respondent Selection Method: Invitations to participate in the study were distributed via
email to a select group of contacts:
– Booz Allen current and former clients
– Other comparable senior executives gathered through selective acquisition
– Registered opt-in subscribers to email lists for knowledge@wharton and strategy+business
magazine
– Participants in Outsourcing Seminar as part of Conference Board’s 2005 BPO Conference
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
22
83% of respondents are currently outsourcing or actively
considering doing so
17%
NO
83%
YES
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
23
Over half of survey respondents were senior executives
Responses by Function
CXO*
Other
32%
53%
15%
Procurement /
Regulatory
Officer
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
24
The 158 respondents to the survey represented 12 different
industry sectors
Distribution by Industry
11%
4% Automotive
9%
Business Services (legal, accounting, architectural, engineering design)
Communications (telecommunication, Internet services)
17% Computer Services
8%
Education
Electronics
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
25
Survey respondents represented companies of all sizes
19% 8%
5%
39% <$100 M
<1,000
$100M - $1B 42%
18% 1,000 - 10,000
75,000+
24%
27%
https://www.redscorpionsecurity.in/
#Security_services_in_Delhi
#Security_company_in_Noida
26
For more information regarding this survey, please contact:
27