People you hire can be vetted, fired, sued, and even imprisoned for violating your users' privacy. Blindly handing over your users' data to a third-party includes none of these protections. You're simply abdicating responsibility.
But you must have them on site 24/7 to be able to respond as fast as Couldfare to any new security issues. You must pay them a lots of money because they must be expert level. You also need to have 24/7 security around your servers and all the backups and redundancy.
Very few businesses have customer information that is wroth the paranoia and investment to doing everything inhouse.
People you hire can be vetted, fired, sued, and even imprisoned for violating your users' privacy. Blindly handing over your users' data to a third-party includes none of these protections. You're simply abdicating responsibility.