The report says that outsourcing in itself is not necessarily risky but that bad decisions are being made. Part of the problem, according to Trustwave is that service providers do not necessarily view security as being as important as their customers.
"The third-party evaluation process tends to be focused on costs and service level agreements, without security being a real consideration," said John Yeo, Trustwave's European director.
John Worthy, technology partner at law firm Field Fisher Waterhouse, says when outsourcing IT CIOs should ensure security is bound into the contract, that the contract can be adjusted to reflect new developments in technology, and that security can be regularly monitored.
Read more about the Trustwave research: Bad outsourcing decisions cause 63% of data breaches
Let me know your views on outsourcing and security. Remember when you outsource you are not necessarily outsourcing risk.