Section 2 - Outsourcing Was Qantas's Weak Link, But It Doesn't Have to Be
Section 2: Outsourcing Was Qantas’s Weak Link — But It Doesn’t Have to Be
The Problem: An Outsourced Weak Point Opened the Door
The Qantas breach didn’t come from inside its core systems. It stemmed from a human vulnerability at a third-party call-centre in Manila, where an offshore contractor was tricked into granting access to a customer platform built on Salesforce — outside Qantas’s direct IT control.
Qantas didn’t just outsource operations. It accidentally outsourced responsibility.
The FL942 Solution: Keep Outsourcing — But Secure It Like Infrastructure
FL942 believes outsourcing still has strategic value for Qantas. Manila remains a world-class hub for aviation support, and BPO outsourcing brings flexibility, 24/7 coverage, and economic efficiency. But the model must evolve.
Why Outsourcing Stays — With Guardrails
- Operational continuity: Manila call centres handle massive daily volumes; removing them would destabilise service.
- Cost efficiency: Replacing outsourced ops with local staff would raise OPEX by 30 – 50 %.
- Specialised skills: Philippine BPO vendors excel in aviation service and tech support.
Should Qantas Invest More in Outsourced Security?
FL942 recommends increasing the annual outsourcing-security budget by $15–25 million, earmarked for MFA, real-time monitoring, security-trained staff, and a Qantas-led SOC zone in Manila.
Where the Money Comes From
| Source | Description | Contribution |
|---|---|---|
| FY24 Net Cash Flow | Qantas reported $3.4 B in operational cash | $10 M reallocated |
| Digital Efficiency Gains | IT-automation savings from legacy systems | $5–7 M annual |
| Freeze Non-Essential PR | Pause loyalty-based ad campaigns | $3–5 M temporary |
| Cybersecurity Grants | Apply via AusCyber or Home Affairs | Up to $5 M matched funding |
This funding ensures outsourced functions are monitored, secure, and trusted — not merely cheap.
Can Other Philippine Vendors Strengthen Qantas?
Yes. Manila hosts cybersecurity-focused outsourcing providers and managed-service vendors that can augment Qantas’s cyber posture directly:
- KMC Solutions: Secure managed workspaces with SOC integration.
- TaskUs: Specialises in trust-and-safety operations with security-trained staff.
- Trend Micro PH: Global cybersecurity firm with a Manila R&D centre.
- Pointwest & Stratpoint: Provide local cybersecurity risk audits and SOC consulting.
What Else Can Be Done
The 5-Step Fix
- Risk-tier every vendor and enforce controls by risk level.
- Onboard only security-compliant vendors (ISO 27001 minimum).
- Build a Qantas-led security unit in Manila.
- Simulate cyber drills quarterly, including offshore staff.
- Link outsourcing KPIs to security outcomes; bonuses for secure performance.
FL942’s Final Word
“You can outsource process. You cannot outsource accountability.”
The breach was a governance failure, but it’s also a turning-point. With the right reforms Qantas can rebuild its outsourcing model into a secure, auditable, high-performance framework that leads aviation.