ACE Cautions Firms on Increased Network Risks from Outsourcing

London -- Companies that outsource their IT systems are increasing their potential vulnerability to security breaches causing possible long term damage to their business, according to London-based insurer ACE European Group Ltd. (ACE).ACE has uncovered a lack of awareness among many European businesses of the increasing risks that outsourcing poses to their networks. ACE is also aware that there is a degree of uncertainty among many businesses, both as to the level of protection given to their computer systems and the cover provided by their existing insurance policies.

"Outsourcing presents an additional challenge to the security of IT systems," says Shaun Cooper, ACE's senior network risk underwriter. "Outsourcing systems does not mean outsourcing the responsibilities for maintaining security. Businesses are not only dealing with their own employees but with those of a third party, often in another country."

While technology, such as firewalls and anti-virus software, is part of the solution, technology alone cannot guarantee network security, particularly in an outsourced environment, Cooper adds. "Businesses must look to alternatives, including transferring the risks to insurers, in order to reduce the impact of technology failure, human error or criminal activity."

An Economist Intelligence Unit survey in September 2005, sponsored by ACE, revealed that more than half of the European companies polled had suffered significant financial damage as a result of IT system failure, including damage or misuse of systems, by staff or contractors, during the previous twelve months. According to ACE, outsourcing computer operations increase still further the risk of security breaches as responsibility for the protection of the system cannot be outsourced in the same way.

Last year, the U.K.-based National Outsourcing Association (NOA) issued a press release responding to allegations that staff in an Indian call centre had sold data on U.K. financial services customers. While the NOA said it was unaware of any trends in security flaws in this type of outsourcing practice, it did point out that security should be of concern to any company and that they must ensure that offshore operations are managed particularly carefully.

Source: ACE European Group

For reprint and licensing requests for this article, click here.
Core systems Workforce management Policy adminstration Compliance Data security Security risk
MORE FROM DIGITAL INSURANCE