Are decisions around IT outsourcing strategies ever influenced by policies or guidelines informed by perceptions of geopolitical risk? In our experience, yes.
And they should be. Any organisational exposure to different geographies, especially when those geographies suffer from known political and economic instability, should be assessed for geopolitical risk. Not to do so would be negligent.
But are these decisions always made in an analytical and carefully considered way? In our experience, no. Not always. They are often based on heuristics – rules of thumb that we all use every day in our decision-making processes.
That can mean organisations missing out on significant competitive advantages by ruling out recruiting it talent from certain geographies. Closer examination of the real geopolitical risk involved would, in many if not most cases, reframe thinking.
You might well see the clear benefits that spreading your net wider internationally for top tech and software development talent would result in. But it might be necessary to change perceptions elsewhere in your organisation to be able to unlock those benefits.
This should help you build a case for why perceptions of risk associated with sourcing tech talent in less familiar markets should be reframed.
Heuristics are generally a good thing and we wouldn’t get much done without them. It’s not practically possible to carefully process all available information before making every decision or judgement. So we use mental shortcuts to help us deal with complexity and ambiguity in situations that require a quick response.
Imagine being on holiday in an unfamiliar place and deciding it was time for lunch while standing in front of two restaurants – one bustling with life and the other close to empty. You, and I, would almost certainly walk into the busy restaurant, confident in our choice despite having no previous knowledge of either.
And we’d probably be right. 99 times out of 100, a busy venue will be full of customers when its neighbour isn’t because it’s better. We use heuristics because they usually lead to good outcomes.
But heuristics also, intrinsically, lead to mistakes and missed opportunities. The neighbouring restaurant could be outstanding but just opened five minutes ago and that’s why it still looks quiet. If we spent the extra time to do a little online research on both before making our choice, we would realise that and not miss out. But we haven’t and watch it fill up over the next half hour as exquisite-looking, well-priced dishes start to be served.
Every city has its scruffy-looking, inexpensive restaurants where the food is amazing. They start as ‘hidden gems’ to boast about having frequented ‘before’ they became well-known. Reliance on heuristics wouldn’t lead us to those hidden gems. A passerby unaware of the buzz would glance and move on to somewhere that ‘looks’ better.
But overall, the occasional mistake is an acceptable price to pay for not being crippled by the time it would take to make decisions and take action without heuristics. At least, when it comes to everyday decisions and judgements.
When it comes to strategic decisions, however, it pays to move away from heuristics to gain a competitive advantage. There is time for deeper research and analysis and the upside of escaping the ‘cognitive bias’ inherent in heuristics gone wrong can be significant. Especially because most competitors won’t make the same effort.
In our experience, organisational policies around the geography of IT outsourcing occasionally suffer from over-reliance on heuristics – ‘cognitive bias’.
The good news is, breaking those patterns leads to a new competitive advantage. And it’s often easier than presumed to question and reverse unhelpful policies based on heuristics. All it can require is some new information from a trusted source.
Around a month ago, a newish client we’d been working with for a few months was delighted with the impact of the relationship. They had turned to us after struggling for months to hire the Web3 and blockchain developers they needed to get their well-funded DeFi project off the ground in the USA.
Two months after we had placed their first new team member, a Ukrainian based in Poland, the team had been ramped up to four. Their Dapp and SDK development was back on track and their investors had relaxed.
The investors financing our new client had recently acquired another blockchain company. It was similarly grappling with serious challenges in hiring the senior specialists needed to build out its innovative Web3 products.
Encouraged by the successful start to our relationship at the first company, the investors encouraged the head of HR at the newly acquired company to speak to us. The initial response was ‘our policy is to only hire domestically because it’s too risky to recruit our IT team in Eastern Europe’.
Usually, that would be that. But the new ownership hadn’t reached that conclusion themselves and already had a positive experience with IT outsourcing and a team based in Eastern Europe. So they challenged the response.
“Why is it too risky?”
There was no clear answer. The level of risk hadn’t been researched and analysed. Just presumed, based on three common heuristics:
Most people born and raised in rich world economies have limited direct experience of developing and emerging economies. And media coverage of international news, especially from developing and emerging economies (where media groups tend to have little or no permanent presence) tends to focus on negative events – political or economic turbulence, social unrest, conflicts and natural disasters.
Try to remember the last time you encountered a positive news or general interest story set in a far-off place at the edges of global political and economic influence. Now try to remember that last negative news story. I bet it’s a lot easier.
The result is that what is ‘known’ about many of the countries and regions IT outsourcers recruit from is more often negative than positive, which feeds into the ‘availability’ heuristic. Anchoring heuristics then also tend to start in a negative place when decision makers are estimating unknown risk.
And finally, the recognition heuristic means that the less known a potential IT outsourcing recruitment market is, the less confidence there is in the quality of the tech talent based there. And vice versa.
There can be valid reasons to exclude some geographies as recruitment markets for the tech talent your organisation needs to recruit. In Europe, GDPR may mean IT specialists working on projects that involve sensitive personal data must be based within the EU.
There may also be geographical restrictions around work on the IT systems of organisations or businesses in heavily regulated sectors like banking and financial services.
But these are exceptions. When it comes to staffing most IT projects, the geography of team members is not limited by external factors and any restrictions are based on internal policy. And it’s not unusual for those originally responsible for these policy decisions to no longer be involved.
Despite that, guidelines or rules on where IT specialists can and can’t be based can remain in place, passed down by successive generations of decision makers. They often simply aren’t questioned until some catalyst, internal or external, causes them to be.
When geographical rules on remote tech talent locations are eventually questioned, they are often overturned or readjusted. Mainly because it becomes apparent it’s not clear what objective or well researched reasons informed the decision. The incumbent decision makers only feel the pinch of it hindering them from achieving their goals.
The clear strategic advantages of IT outsourcing are why very few large companies don’t leverage the service in some part of their business. Over 90% of G200 companies use IT outsourcing.
And in 2022, 49.6% of companies said they intended to increase their outsourcing share. 40% foresaw no change, while only 10.4% wanted to reduce outsourcing.
Source: Computer Economics (US & CA)
IT outsourcing is a quickly growing sector, and has been for over 20 years now, because it solves one of the most significant risks faced by modern organisations – a deficit of the tech skills they need to remain competitive.
For many contemporary businesses and organisations, developing proprietary software systems and applications (for internal use, customer facing or as monetised products) is not optional but necessary. By extension, recruiting the specialists required to build, maintain and iterate on software and digital infrastructure is also not optional.
That’s a problem when there is a big deficit of qualified specialists available locally. When 3 employers are competing for one locally based software developer, which is often statistically the case (or worse), the highest bidder usually wins.
If you can’t win these auctions for local tech talent, or doing so eats up a huge amount of budget that could be effectively spent elsewhere, what do you do? The solution for most is to turn to the international talent pool available.
And the bigger the talent pool available, the better the chance of quickly recruiting high quality candidates with the relevant technical skills and experience.
Which is why, if you are going to limit the territories you are willing to have remote tech talent based in, you should do so based on criteria that go beyond heuristics.
Geopolitical risk in the context of IT outsourcing can be divided into a few different categories.
All of the above risks should be considered, analysed and mitigated against when establishing or reviewing an IT outsourcing strategy. But in reality, how often do they actually have an impact on operations?
In our almost quarter of a century of experience as a nearshore IT outsourcing provider, placing thousands of IT specialists from nearshore markets in Eastern Europe, the Caucasus (Azerbaijan, Georgia and Armenia) and Central Asia (Kazakhstan and Uzbekistan), the current war in Ukraine is the first time we’ve had to contend with a major geopolitical event.
There have been occasional incidents of political instability and national security risk in countries where we’ve had a presence eg. Belarus in 2020-21. However, they have never had a quantifiable impact on the ability of any of our specialists based in these countries at the time to work and deliver to normal standards.
Cybersecurity risks are theoretically heightened in some geographies but exist everywhere. A strong company-wide cybersecurity policy, processes and tools, the same for everyone whether they are based in Munich or Uzbekistan, means we’ve yet to experience a cybersecurity incident.
Across the sector historically, there are very few cases of cybersecurity breaches directly related to IT outsourcing and the geography of remote team members. Major cybersecurity breaches are almost always the result of devices belonging to domestically based employees being compromised.
Russia’s ongoing invasion of Ukraine from early 2022 represents something close to the worst case scenario for geopolitical risk impacting IT outsourcing strategies.
After Poland, Ukraine represents Europe’s second largest concentration of IT specialists and value of IT services exports. Pre-war, the country was home to around 300,000 ICT sector workers, a majority of whom are directly or indirectly employed by the nearshore/offshore IT outsourcing sector.
Belarus, whom Western sanctions were imposed on for allying with Russia, was home to an estimated 125,000 ICT workers, a majority of whom were directly or indirectly employed by the nearshore/offshore IT outsourcing sector.
The statistics quoted can be referenced in my paper The Impact of Tech Services Exports from Ukraine, Belarus and Russia on Global Prosperity
It would be foolish to suggest that Russia’s invasion of Ukraine has not highlighted geopolitical risks inherent in IT outsourcing. Companies with significant exposure to Ukraine’s IT services sector did face disruption to services.
However, that disruption has on the whole been surprisingly limited and manageable. As a company, we have had a significant presence in Ukraine since 2009 and our Kyiv office was our largest branch.
In 2022, we lost only 5% of billable hours attributable to our Ukraine team as a result of the war and in 2023, despite the ongoing conflict, the business impact has been negligible. Our Ukrainian team members have either relocated to Poland or elsewhere or continue to work reliably from safer areas of the country.
Additional measures have also been taken such as supplying our team members still in Ukraine with backup power generators and Starlink satellite internet connections. That means when there have been infrastructure issues resulting from Russian attacks, our teams have been able to continue to serve our clients.
We are far from unique in our experience of successfully mitigating the business impact of Russia’s invasion of Ukraine. In 2021, the last full year before the start of the war, Ukraine exported an estimated $7 billion of IT services, making it one of the company’s most important sectors.
IT services was the country’s only sector to show growth in 2022, estimated by the National Bank of Ukraine as 5.8% year-on-year – Russia invaded in late February 2022.
The IT services/outsourcing sector’s growth in Ukraine would have undoubtedly been higher without the war – it was 35% over the first three quarters of 2021. But the fact that there was still growth is a powerful demonstration of how robust the sector is to geopolitical shocks.
If an IT specialist has a computer, a power source, an internet connection and a quiet place to work from – they can do their jobs and do them well. If anything, the extreme geopolitical circumstances Ukraine has faced since early last year has given tech talent working on international projects additional personal incentive to maintain or even improve performance levels.
One indicator of that is how our sick leave rates among Ukrainian colleagues noticeably dropped after the invasion. Despite the worst case geopolitical scenario imaginable unfolding, Ukrainian tech talent continues to deliver.
The evidence suggests that for superior business outcomes, nearshore and offshore IT outsourcing should not be most framed in the context of geopolitical risk. The real risk is the competitive disadvantage organisations impose on themselves by excluding global tech talent markets.
Despite the IT outsourcing sector’s now demonstrated capacity to absorb and manage geopolitical risk, it can still make sense for organisations to avoid overexposure to any single territory. If a team is being set up for a remote, distributed model, there is no reason why members cannot be based across a variety of geographies.
Our K&C team, for example, is spread across over ten different countries with larger numbers in five. That provides built-in geopolitical risk management. Most of our teams placed with clients also represent geographic diversity and members from more than one country.
In a worst case scenario, of the kind we’ve encountered just once in almost 25 years and with limited practical impact in the actual event, our service can still be delivered reliably. If one location were to go offline, others can pick up the slack.
There is a strong argument, and body of supporting evidence, that the geopolitical risk international IT outsourcing strategies are exposed to is relatively minimal. And can be well mitigated against by avoiding overexposure to any one nearshore or offshore national tech talent market.
Additionally, it is important for decision makers to frame decisions like an IT outsourcing strategy against the full range of strategic risks the organisation faces. For example, is any geopolitical risk inherent in nearshore/offshore IT outsourcing greater than the risk of not being able to efficiently staff IT project cycles?
Individual risks do not stand alone but form a matrix. That matrix of competing risks and rewards is key to an organisation’s long term sustainability and success. It shouldn’t be created on a foundation of heuristics.