Security concerns bedevil Chinese outsourcing

Security concerns bedevil Chinese outsourcing

U.S. companies might hesitate to send IT work to China in light of new reports on cyberespionage programs there.

China's plan to create a substantial outsourcing industry was hit with another blow last month with the release of a report that laid bare, in ways never seen before, the extent of the security risks of working in the country.

Ten years ago, there was wide expectation that China would emerge as India's top competitor in the third-party IT services provider market. Since then, China has created an outsourcing industry, but it certainly hasn't thrived.

Jimit Arora, a vice president at business consultancy Everest Group, puts the value of China's IT and business process outsourcing (BPO) market today in the $4 billion to $5 billion range. That figure amounts to about half the annual revenue of Tata Consultancy Services, which is just one of India's large IT services companies.

But from that small base, Arora expects China's IT services and BPO market to grow at a rate of 20% to 25% a year.

That projection comes as security firm Mandiant and the White House released separate reports outlining significant security risks facing companies that do business in China.

The Mandiant report identifies the Chinese military as a main instigator of cyberattacks on U.S. companies. And a White House analysis of theft of trade secrets makes numerous references to China.

Mandiant contends that a unit of the People's Liberation Army (PLA) of China is behind a systematic cyberespionage campaign against the U.S. and several other countries that has gone on since at least 2006. Working out of a 130,663-square-foot building in Shanghai, the PLA unit has likely accessed data at more than 140 companies in countries considered strategic by China, according to the firm's report.

Andy Sealock, a partner at consulting firm Pace Harmon, said the reports add evidence to confirm "what many people already assumed was happening." The security risks of working with China have long been "priced into" the decision-making processes of U.S. companies, he said.

With the release of the two reports, it's less likely that companies that are on the fence will send IT work to China. "This will just strengthen their resolve to stay away," said Arora.

Sealock suggested that the latest findings may prompt the U.S. government to "institute policies and sanctions that will make it more difficult to do business with China."

Security experts warn that several other countries, notably Russia, also have government-run cyberespionage programs targeting U.S. companies in a wide range of industries.

Intelligence reports dating back to 2005 have consistently warned that the U.S. is a target of economic espionage undertaken by state-sponsored entities around the world.

Nonetheless, said James Slaby, a security analyst at HFS Research, as long as companies follow best practices for securing data, outsourcing to China leads to only "nominally more risks."

Basic security practices "are more important than thinking about where you are physically located," he said.

Daniel Castro, an analyst at the Information Technology & Innovation Foundation, said it's unlikely that most "businesses will rethink their offshoring decisions because of the Mandiant report."

However, he warned, "they should all be taking a close look at their risk exposure and mitigation measures for these types of threats."

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on

Read more about government/industries in Computerworld's Government/Industries Topic Center.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags IT careersIT outsourcingGovernment/IndustriesTata Consultancy ServicesBPIndustriesEverest GroupMandiant



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments