Those of us who are delivering outsourced public sector services will be familar with the pervasive requirement for increased security based on the impact level tables from CESG. See link below
http://www.cesg.gov.uk/policy_technologies/policy/media/business_impact_tables.pdf

Many (most?) outsourced government services must now meet these standards and higher infrastructure costs and governance costs are required in order to achieve this. In my experience these can double the costs for an government service which has been designated IL3.

When the much predicted public spending squeeze starts to bite next year, I cannot see how public outsourcing suppliers will be able to cut costs as well as continue and even increase compliance with these standards. This could either result in less outsourcing because higher security makes each outsourcing deal more expensive or it could result in non-compliance with security standards or , necessity being the mother of invention, it could result in more creative and cost effective solutions from suppliers and flexibility from public sector clients.

Off-shoring is not seen as a good solution to meet the higher security requirements since in introduces the perception of less control and greater risk of restricted data being lost or compromised.