Big banks, hospitals and insurance companies which have outsourced their IT are vulnerable to hackers because of weaknesses in their business partners.
Insecurity expert Evan Francen said that while many top companies would pass a rigorous security audit, those that rely on business partners would flunk.
Francen said that the world was in the Wild West period of security compliance and it is a period where there is a lot of dosh to be made.
It seems that the weak point in the whole game is the outsourcers who are finding it difficult to meet confusing and sometimes excessive security demands of big companies for which they handle data.
However they are bit stuck because many of their customers don't really know what sort of protection they want. The only thing they are certain of is that they do not want to end up in the papers having had all their customer details leaked.
According to the Chicago Tribune, a lot of security rules were written by non-IT people, and they aren't specific enough to give IT professionals a clear idea of how to set up security, and there are a lot of different ways to do it.
All this is forcing some outsourcers to spend a fortune getting hold of consultants to help them pull their socks up.
While it is possible to encrypt and secure everything to the nth degree, that would cost a lot of money, and most of the outsourcers were hired to save cash.
But what is alarming is that at the moment there is a vulnerability for many key businesses through their outsourcing partners which is a hole waiting to be exploited.
Francen hints that some companies have been focusing on their own security and forgotten about their outsourcing partners, although many are forcing their partners to undertake stiff IT audits which the outsourcers do not seem equipped to handle.