CIOs must weigh the benefits of continued training and specialization for in-house personnel against the cost of using a managed security services provider. Contributing factors include budget, manpower, and expertise, and willingness to give up security responsibilities to an outsider. Hosted services like these can solve one or more of the problems stemming from lack of budget and expertise. Many enterprises rely on vulnerability scanning and penetration-testing services. But enterprises must weigh risks and benefits of outsourcing services to avoid the risks and costs.”]
Source: https://www.darkreading.com/analytics/tech-insight-when-to-pull-the-outsourcing-trigger