Reducing IT outsourcing risk in a volatile world
9 min read • viewpoint

Reducing IT outsourcing risk in a volatile world

Better understanding risk and redefining activities to future-proof IT operations

By Christian Jentsch, Florian Schmidt, Dr. Fabian Doemer


Christian Jentsch
Florian Schmidt
Dr. Fabian Doemer

Germany • Partner


Outsourcing IT has helped organizations reduce costs and allowed them to focus more on core activities. In the process, it has created a global IT outsourcing industry, stretching from Ireland to Indonesia. However, current geopolitical instability dramatically increases risk for those outsourcing IT to countries, such as Russia, Ukraine, and China. Overcoming these challenges and retaining the outsourcing benefits therefore requires a new, more active approach to selecting partners and monitoring risk.


While IT outsourcing is not new, its importance is growing in an increasingly digital and technology-driven world. By shifting IT services previously handled in-house to specialized providers, organizations have the opportunity to increase efficiency, reduce costs, and focus on core competencies rather than struggle to effectively operate supporting technology functions. Overall, this is driving a projected 7.2% CAGR increase in IT outsourcing services between 2022 and 2027, according to Statista, resulting in a market size of €500.8 billion (approximately US $531 billion) by 2027.

Outsourced IT services fall into two main categories:

  1. Day-to-day IT operations (e.g., help desk, app and infrastructure management, cybersecurity protection, backups, network monitoring).

  2. Project-related services (e.g., app and web development or the implementation of new solutions).

Importance of location

As the outsourcing sector has grown, it has become truly global. That means that organizations have a wide choice of countries to which they can outsource their IT operations. This has long had an enormous impact on delivery efficiency and effectiveness, considering factors like geography, language skills, and culture. From a Western European perspective, these choices fall into three broad categories:

  1. Onshore — within the same country as the contracting entity.

  2. Nearshore — within another European country or the western part of Russia.

  3. Offshore — at a non-European location, which could be in any country worldwide.

As Figure 1 shows, over the past five years China has been the fastest-growing market, followed by Ireland and India. Growth in individual countries is due to a variety of factors:

  • China. With large investments in the IT outsourcing sector and education, as well as continued general growth, China is expanding rapidly.

  • Ireland and the Netherlands. As members of the European Union, Ireland and the Netherlands provide companies with access to the European market while offering low tax rates.

  • India. India has a well-known and well-developed IT outsourcing market. However, infrastructure issues, such as power cuts, can hamper the country’s growth.

  • Russia and Ukraine. Both countries have highly skilled labor forces able to undertake complex, specialized software development.

  • Indonesia. Indonesia offers a variety of business process outsourcing services, especially contact centers, with good English skills and low costs on a par with India.

  • Poland. Traditionally, Poland is the first choice for companies in the DACH (Germany, Austria, and Switzerland) region, due to proximity, comparable culture, and German language skills. However, the country’s cost advantage has diminished over time.

  • Czech Republic. The Czech Republic has benefited from cost increases in Poland as companies start to look for a more cost-attractive nearshore destination.

  • Israel. Israel is especially strong in security solutions, protecting both physical and digital assets.

Figure 1. Countries with highest CAGR on IT outsourcing revenue, 2016–2021*
Figure 1. Countries with highest CAGR on IT outsourcing revenue, 2016–2021*

Choosing right location

Selecting the optimal country to outsource to clearly is about more than cost alone. Traditionally, assessments have focused on these eight areas, in order, as defined by Arthur D. Little’s (ADL’s) IT outsourcing factors:

  1. Cost

  2. Geographical proximity

  3. English proficiency

  4. Availability of skilled labor

  5. Digital readiness of the country

  6. Political stability

  7. Ease of doing business

  8. Cultural closeness

However, the world today is very different than in the past. Risks from geopolitical instability and complications in doing business with certain countries mean that companies will need to radically reorder these factors and introduce volatility as a new dimension in decision making.

Figure 2 shows an updated means of assessing outsourcing location, based on the ADL IT outsourcing factors. The relative size of the dots represents the volatility of a factor over time. These factors have been reordered to give more weight to the impact of political stability and the ease of doing business. What can be seen clearly in this illustration is a fundamental mismatch between traditional and new perspectives. The aim with this new framework is to create a more forward-looking, active, and risk-based assessment that guards against volatility.

Figure 2. ADL IT outsourcing factors by importance
Figure 2. ADL IT outsourcing factors by importance

New perspective on IT outsourcing

Over the past decade, economists have highlighted that the world is becoming smaller and more connected. This has fueled the growth of global supply chains and the globalization of IT outsourcing. However, as has already been seen with supply chains, this complex interconnection of companies and countries creates risks that companies must consider in their IT outsourcing solutions. Applying the new model to IT outsourcing uncovers risks that impact three countries in particular:

  1. Russia. Sanctions put in place following the invasion of Ukraine make it either impossible or unwise for Western companies to outsource to Russia. At the same time, many of the highly skilled IT experts in the country have emigrated, reducing available resources. This impacts Russia as an outsourcing destination in both the short and long term.

  2. Ukraine. The war in Ukraine has had devastating short-term impacts on the economy, including power cuts and bomb damage. Widespread conscription and emigration mean that many skilled IT staff are currently unavailable, no matter how much companies would like to show support by working with them.

  3. China. Growing geopolitical tensions have increased the difficulty of doing business in China for Western companies. This adds to existing concerns around intellectual property protection. This is a longer-term impact that could deepen as the world potentially splits into two economic blocs, led respectively by China and the US.

With the growth of geopolitical volatility, companies must prepare solutions that consider its consequences and avoid being locked in to single countries or companies that suddenly become untenable partners. This means risk diversification, among other business activities, is crucial for IT outsourcing.


Irrespective of the rise in geopolitical volatility, IT outsourcing has become increasingly important for business success. Simply bringing activities back in-house or nearshoring everything to local suppliers are therefore not viable options. Instead, companies must diversify risk, starting with a full inventory of all currently outsourced IT tasks. Companies can then map and understand the different levels of complexity, creativity, and specialization of each task to better measure importance and risk. For example, a lower-value task that is not business-critical may be safely outsourced to a higher-risk country on grounds of cost, while a more complex contract may be nearshored to give greater control.

By dividing tasks among automation, outsourcers in different countries, and in-house resources, companies can better understand and manage risks, optimizing the entire portfolio. Such diversification avoids the lock-in effect of traditional outsourcing solutions focused on one country or entity, while preserving the cost benefits. Reconfiguring the portfolio should focus on three levers, as highlighted in Figure 3.

Figure 3. Creating balanced IT outsourcing portfolio
Figure 3. Creating balanced IT outsourcing portfolio

1. Automate previously outsourced repetitive tasks

The scale and capabilities of robotic process automation (RPA) solutions are expanding rapidly, meaning that highly repetitive tasks that were previously outsourced, such as data processing, can be carried out cost-effectively in-house. RPA covers four levels of automation, with employees in overall control:

  • Basic. Employees use automated process flows (e.g., scripts and macros) within IT solutions.

  • Supervised automation of process steps. Employees use and control the automation of individual steps within business processes.

  • Supervised automation of entire processes. Taking a step further, complete, interrelated processes are automated under employee control.

  • Defined independent automation. Employees define decision-making parameters within which automated solutions can take fact-based decisions.

To select the right candidates for automation, start by building a complete picture of the IT process landscape. Then use this to identify possible tasks or entire processes for automation based on process goals and a risk analysis of the current outsourcing situation.

2. Prepare a quick exit strategy for at-risk countries

If specific IT services are currently outsourced to a country identified as being at risk, the organization should prepare a strategy that enables a fast, effective exit. This should include the following steps:

  • Calculate exit costs — such as severance pay, contractual compensation, and migration activities.

  • Set up alternative scenarios — moving IT to another country, automating in-house, or shifting risks to a third party (e.g., through insurance or switching to a global outsourcer).

  • Compare current solution to alternative scenarios — if the alternative is financially attractive, a company should switch immediately.

  • If the company decides to stay — prepare a plan for rapid exit-covering activities required to shift operations quickly (e.g., modularizing data or operations, creating task lists, assessing legal contracts, and increasing diversification of backups).

In a best-case scenario, companies will have anticipated risks with specific countries, making these quick exit strategy plans unnecessary. However, where long-term/existing contracts are in place, this process should be followed.

3. Don’t get locked in moving forward

Risks are ever-changing and what may seem acceptable now may become an issue in the future. For example, many organizations continued to outsource to Russia after its first invasion of Ukraine in 2014. At the economic level, tax and regulatory regimes may change, making countries less attractive. Companies should therefore set up a risk assessment tool to monitor and update based on risks associated with individual IT services at specific IT outsourcing partners and within particular countries.

We recommend basing this assessment on the ADL sourcing seismograph (see Figure 4), which measures the impact and probability of geopolitical volatility impacting IT outsourcing services. The tool consists of two dimensions:

  • Impact on the organization’s operations — measures the impact on the business if an outsourcing market, such as Russia, China, or Ukraine, fails. The assessment is based on factors like supply chain stability, expenditure, business continuity, and reputation. For example, a key software project designed to deliver competitive advantage scores high on impact, as does sensitive company data stored in a cloud service. At the other end of the scale, developing internal software tools has a low impact ranking. Companies should regularly assess these ratings, particularly if strategies change or services are used in a different way.

  • Probability of a required exit — based on the eight outsourcing factors listed in Figure 2. Given the speed at which the two most volatile factors (political stability and ease of doing business) can change, organizations should assess these on a monthly basis. Less volatile factors, such as geographic proximity or English proficiency, that do not change (drastically) over time or have low impact on potential exits only need to be assessed initially or annually.

Figure 4. ADL sourcing seismograph
Figure 4. ADL sourcing seismograph

On the basis of this assessment, organizations should adopt one of three positions (refer to Figure 4):

  • Stay. No immediate action is required. However, companies should constantly assess risks in case of change. Additionally, they should introduce a limit on the share of services outsourced to individual countries to reduce risk of dependencies and lock-ins.

  • Prepare quick exit strategy. For IT services with a high impact score or rising exit necessity, companies should prepare a quick exit strategy.

  • Execute quick exit strategy. If risks are too high and immediate, companies should execute their quick exit plan and shift their IT services to a safer location.

Sidebar Reducing IT outsourcing risk



The geopolitical landscape continues to shift, impacting previously safe bets when it comes to IT outsourcing. To reduce the material risk to their business operations, organizations therefore must adopt a new approach to IT outsourcing that includes:

  1. Understanding total scope of IT outsourcing portfolio.

  2. Assessing current risks based on factors like political stability and ease of doing business.

  3. Taking action on immediate threats, choosing whether to automate, plan for exit, or leave affected countries now.

  4. Adopting a more risk-based approach when defining and awarding future outsourcing contracts.

  5. Continuously monitoring and assessing volatility risks moving forward to protect against changing geopolitical conditions.

Unlock a Powerful Difference