Bad outsourcing decisions that have been made have caused nearly two-thirds of data breaches investigated by security firm Trustwave in the past year.

According to the report for 2013 Trustwave Global Security 450 global data breach investigations,63% were linked to a third-party component of IT system administration.

The investigations that were conducted had revealed that a third party responsible for IT system support, development or maintenance had introduced security deficiencies easily exploited by hackers.

The results is not suggesting that outsourcing is inherently bad, but that organisations that do get breached have probably made some bad outsourcing decisions. Typically, organisations do not price in the security risks when making outsourcing decisions or built security in to their procurement processes. Unfortunately, organisations that are being breached are typically not diligent enough in determining whether the third parties they are looking to work with will treat data security as seriously as they would themselves.

In addition to that, it is very rare for those responsible for IT security within an organisation to be involved in the procurement process. This due to the fact that outsourcing has a tending to lean focus on cost-saving and security is then overlooked.

Security does need to be more involved in procurement, particularly in defining what requests for proposals look like to ensure some security elements are included in the evaluation process.