[slt2021]

mainly two:

1. Outsource companies are NOT known to be staffed with cyber pros, you won't be able to get a meaningful return on your money. Good security pros will NEVER work for body shop like Infosys who only focus on minimizing staff costs.

2. Trust issues. Much easier to hire inhouse person whom you know and who shows up in the office (and you can sue him US court in case of malice), than some offshore Dunder Mifflin Corp which can disappear and show up under different name

[makeitdouble]

Feels like your argument is that they _shouldn't_ outsource cybersecurity, especially if they care about the results.

That never stopped any of these companies from doing it IMHO.

[slt2021]

there is valid use case for outsourcing cybersecurity like MDR (managed detection response) and managed IT.

but consider them like any retail fastfood place - you will get standardized BigMac, and no ala carte steak