Cyber security and Competitiveness of SME IT Outsourcing Vendors
Cyber security may be seen as a challenge within a Small to Medium-sized Enterprise (SME) context, even from IT outsourcing vendors’ point of view. However, it may also contribute to their competitiveness and have a positive ripple effect on a wider macro scale, even in the case of Malta. This article aims to indicate how such a proposition of value may be realised.
Over the past decade or so, Information Technology (IT) outsourcing has been a popular practice among business practitioners who seek services and/or products of third party suppliers to meet their organisation’s IT needs. They often do so for cost effectiveness purposes, based upon the premise that the IT outsourcing vendors have the necessary expertise and/or infrastructure not available in-house whilst they may be able to focus on their own organisation’s business developments.
Of course, this brings tremendous business opportunities for the IT outsourcing vendors, which are not fraught with challenges particularly if such providers are Small to Medium-sized Enterprises (SMEs) themselves as in the case of Malta. The wider macro perspective cannot be discounted either, particularly where opportunities for offshore IT outsourcing arise. The IT outsourcing industry which, by its very nature, is a global one, is currently undergoing a degree of turbulence which may hinder its ability to thrive. Current political and economic rethinking such as that in the UK and in the US, with related potential developments in trade agreements, regulations and tax regimes could pose an issue for those seeking to hire an offshore outsourcing firm. This may potentially lead to industry-wide ramifications on how related contracts are drawn up, with new termination rights and rights to insource, as offshore clients seek protection in the event of significant changes to the corporate climate.
Indeed, the competitiveness of IT outsourcing vendors, as SMEs, cannot simply rely on core capabilities and efforts, which can be particularly lacking or constrained in terms of, for example, availability of skills, efforts in research and development, financial depth and effort. It however calls for a dynamic internal capability within the organisations, that evolves out of well-conceived business and IT strategies along with organisation infrastructures that seek to exploit existing competitive advantages and compensate for resource constraints whilst seeking to deliver service and/or product through the IT outsourcing relationships. The smallness of such firms may allow for flexibility and agility in responding to opportunities and challenges occurring within the external environment.
Within the current global scenario one cannot ignore the challenges posed by cyber security – a factor which may pose a strategic opportunity for IT outsourcing vendors, to enhance their competitiveness. One may easily see the opportunity to offer security automation, intelligence threat and security solutions. However, what about current and emerging technologies such as cloud computing, and Internet of Things, among others, which provide other opportunities for IT outsourcing provision and for which data security concerns often arise? Hence, irrespective of the IT product/service offerings, primary focus should fall upon the relationship between the IT outsourcing vendors and their customers. The relationship adopted cannot be simply reduced to contractual terms, although such formalities are vital to enable clarity, transparency and accountability. The relationship needs to be looked at rather towards the ongoing nurturing of trust, to ensure its long-term sustainability and thus potentially contributing towards the vendor’s competitiveness in the process.
It may be argued that trust between the IT outsourcing vendors and their customers can be assured by a risk governance profile that factors in cyber security, on the premise that a security breach may have a negative impact between the customers and their IT outsourcing providers. Hence cyber risk assurance measures by IT outsourcing vendors such as enforcement of their internal information security practices, a focussed attention on their non-disclosure and Intellectual Property ownership policies, and the application of other data protective tools, among others, are highly commendable. Rather than being a potential entry point for cyber-attacks, IT outsourcing vendors will thus become a key ally in the increasingly relentless battle for data security. Ultimately such measures are likely to ensure a good reputation of the vendor; potentially leading to a more loyal customer base. However, this is only part of the pragmatic role for IT outsourcing providers, in conveying the message of the need for preparedness, response and resilience, among their customers in the light of the prevalent cyber threat landscape. Such need is especially of critical importance particularly among an SME customer base, where there is a global tendency for them to believe that they are the least prone to cyberattack as they are not in possession of substantial amounts of assets – or so they believe! Additionally, driven by frugality and inspired by cost savings and efficiencies from established or emerging technologies, such firms may be tempted to adopt them without little or no understanding of the cyber-attack surface, at the very least.
Primarily, this calls for a strong ethical posture that serves as an opportunity for IT outsourcing vendors to establish a trusted relationship with such customers, advising them at the onset on their present scenario, raising awareness about potential risks being overlooked and enabling a pragmatic, secure ‘balance of investment’ solution. Furthermore, in their outsourcing relationship with their customers, the IT outsourcing providers may take the opportunity to provide ongoing cyber related advice and guidance that keeps in view of each of their customers’ specific business and operational context as it evolves.
IT outsourcing vendors can thus complement further national cyber security awareness efforts and play a vital role in contributing towards cyber resilience and sustainability of the SME customer base as the core of the economy, as in the case of Malta. Additionally, the vendors would in effect, be enhancing value towards more meaningful and stable IT outsourcing relationships cemented by ongoing investments in trust with their customers. They would thus be ensuring their own organisation’s sustained long-term competitiveness in the process!
A list of references is available from the editor and will provided upon request