IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Companies that outsource are most vulnerable to hacking

Organisations that admit to being frequently hacked outsource large chunks of their code, a report claims.

A report from leading analyst firm Quocirca has revealed that 90 per cent of companies that fall victim to computer hacking outsource more that 40 per cent of their code.

At the same time, outsourcing is reported to be on the up, with 78 per cent of companies who consider software development to be critical choosing to outsource. Despite this, security appears to be left out in the cold, with 60 per cent of these companies choosing to outsource failing to mandate the need for security to be built-in, while 20 per cent have no consideration for security at all.

The Quocirca report, supported by Fortify Software, was carried out amongst 250 C-Level executives and IT directors in the UK and Germany, working in companies with more than 1,000 employees.

Other statistics already reveal that the software application layer is where hackers gain access to critical data, with NIST (National Institute of Standards and Technology), stating that 92 percent of vulnerabilities affecting computer networks are contained in software applications.

As outsourcing increases, these sensitive areas are being developed outside of companies direct control, and despite the presence of service level agreements, there's no way of guaranteeing the integrity of applications.

In 2007, TS Ameritrade was forced to disclose that personal details regarding 6.3 million customers had been leaked through vulnerability caused by a backdoor created by an outsourced programmer.

"These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code," said Howard Schmidt, a former cyber security advisor to the White House, now working for Fortify Software.

In the report, financial services companies were revealed to be the most likely to outsource, and of these 72 per cent said that more than 40 per cent of code is written externally. Other areas which major on outsourcing was the public sector, while at the other end of the scale, just seven per cent of utility companies do so.

Fran Howarth, principal analyst at Quocirca and author of the report said: "The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely. Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications-without which they could be playing into the hands of hackers."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022