IT security rides offshore outsourcing wave

The survey, released Thursday by the Computer Security Institute and the FBI, revealed dramatic changes in 2006 in the volume of offshore IT security work. Of the U.S. companies that indicated they farm out their security functions, the amount of work sent overseas in some cases doubled year over year.

Companies with an average revenue of less than $10 million outsourced 8 percent of their security functions overseas this year, compared with 4 percent last year, according to respondents. Midsize companies of $100 million to $1 billion in revenue also nearly doubled the work they sent offshore, from 7 percent last year to 13 percent this year.

Large corporations with more than $1 billion saw the biggest increase in outsourcing, sending 15 percent of their security functions offshore, up from 9 percent last year, according to the survey.

Although the volume of security functions sent overseas jumped significantly, the number of U.S. companies that use outsourcing has remained fairly stable. This year, 39 percent of the companies surveyed indicated they farm out varying degrees of their security work, compared with 37 percent last year.

In a preview of the survey last month, Robert Richardson, editorial director at the CSI, also noted that there was a decline in financial losses due to cybercrime in 2006 and fewer security incidents than in previous years.