In a new report released by European IT analysis group, Quocirca, the organisations that admit to frequent hacking activity, outsource at least some of their coding practice.
Of those surveyed, 78% of organisations say software development is business-critical for them choosing to outsource their vital applications.
However, companies fail to build in security when they outsource the development of their critical applications, according to a report released by Quocirca and supported by Fortify Software.
The survey found that over 60% of companies that outsource the coding of their critical applications do not mandate that security must be built into the applications. The study uncovered that 20% of UK companies do not even consider security when building their applications.
The report, which was carried out among 250 C-level executives and IT directors from corporations from the UK, US and Germany with over a thousand employees, reveals outsourcing of code development is widespread, and growing in importance.
Of the organisations stating that software code development is business-critical or important to them, 50% outsource more than 40% of their code development needs.
Statistics already show the software application layer is where most hackers are accessing critical data.
Howard Schmidt, member of the Fortify Software board of directors and previously cyber security advisor for the White House, says: "These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code."
In the report, financial services companies are identified as the most likely to outsource their code development needs, with 72% reporting they outsource more than 40%.
Fran Howarth, principal analyst at Quocirca and author of the report, said: "The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely. Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications, without which they could be playing into the hands of hackers."
Share
