1. Outsource companies are NOT known to be staffed with cyber pros, you won't be able to get a meaningful return on your money. Good security pros will NEVER work for body shop like Infosys who only focus on minimizing staff costs.
2. Trust issues. Much easier to hire inhouse person whom you know and who shows up in the office (and you can sue him US court in case of malice), than some offshore Dunder Mifflin Corp which can disappear and show up under different name
Legal enforcement of NDAs, non-competes, and being able to chase down some a-hole who steals your intellectual property and sue them. Don't share your secret sauce with people you don't trust, and even you don't fully trust them, you can at least have legal recourse if they sell your access keys.
Compliance issues. Auditors love hearing that your security and auditing team is a revolving door of random Indian guys.
Quality, as you want your Sec Teams to really give a shit, push back on stuff, and not do the absolute minimum to close a ticket. You get what you pay for, and if you want to pay shit you'll get shit security.
Business integration, as ultimately it's about risk and talking to the business as to what they think is important. The distance from Mgmt and Security is often a lot smaller, and they'll have the "keys to the castle".
The interesting take to me is those could all apply to legal or accounting. These fields are also vital to a company above a certain size, yet partial or full outsourcing/contracting to an external cabinet is common.
At the end of the day it's a matter of trust ("you get what you pay for" feels weird to apply to Deloitte for instance. You absolutely get less than what you paid for and they get to pocket the most of it, you just don't care enough about the money to want to handle it yourself)
1. Outsource companies are NOT known to be staffed with cyber pros, you won't be able to get a meaningful return on your money. Good security pros will NEVER work for body shop like Infosys who only focus on minimizing staff costs.
2. Trust issues. Much easier to hire inhouse person whom you know and who shows up in the office (and you can sue him US court in case of malice), than some offshore Dunder Mifflin Corp which can disappear and show up under different name