KPMG and the Data Security Council of India (DSCI) jointly surveyed 50 organisations in association with CERT-In to assess the data security and privacy practices adopted by the Indian BPO industry and gain insights into how the industry is addressing security and privacy-related concerns.
Almost 50 per cent of the companies are negotiating contracts to ensure that any liability arising from vulnerabilities in the client's environment are borne by the client.
In addition, more than 75 per cent of the firms involve process owners and lines of business as part of data security initiatives.
The study stressed that the maturity of the Indian BPO industry is reflected by the fact that most organisations treat security as a 'hygiene factor', rather than a competitive issue. Furthermore, the study said 70 per cent of the organisations surveyed felt the key threats to data security were internal in nature.
The Chief Information Security Officers (CISOs) of the majority of the organisations are also spending significant time on strategic initiatives like identifying the security implications of new business initiatives.
As per the survey, only 44 per cent of the respondents were fixing a liability on third party vendors to report new threats and vulnerabilities in their products and services.
The study estimates that the turnover of the Indian BPO industry has grown by nine times from $1.6 billion to $14.7 billion in just a decade and it will witness robust growth in the years to come as well.
By 2020, business of the Indian outsourcing industry (IT and BPO), which currently stands at $60 billion, is expected to touch $225 billion.
During the same period, 'domestic BPO' revenue is expected to expand seven-fold to $15-17 billion, while 'export revenue' is expected to reach $50 billion.