Ernst & Young
“Companies can outsource their work, but they can’t outsource responsibility for its security.’ ‘Fewer than one-third of those companies conduct a regular assessment of their IT providers to monitor compliance with information security policies – they are simply relying on trust. Organizations have to demand higher levels of security from their business partners.’”
–Edwin Bennett, Global Director, Ernst & Young