You’ve likely landed on this page because you’re considering hiring a Managed Services Provider (MSP) and you want to know what it costs. Maybe you’ve been doing IT yourself, which worked well when you were smaller, but company growth and user demands are getting too frequent and complex. And if you’re a business owner, you probably have way more valuable things you could be doing to make your company flourish.
Maybe you feel like you’ve always been “OK” at doing your own IT, but with ransomware and other threats being more and more prevalent, you might be thinking it’s irresponsible to assume that you know enough to keep your company safe. If you already have an MSP, you might feel like they are overcharging you or they aren’t doing a great job and you’re shopping around for their replacement.
Regardless of the reason, as a research-based shopper, the first question that likely pops into your mind is, “how much does an MSP cost?” That answer is…it depends! Unfortunately, there’s no single price or simple mathematical formula because so many factors come into play when it comes to managed IT services. In this blog, we’ll break down the factors that can affect costs and help you see a clearer picture of what this investment could look like for you.
How Is MSP Pricing Determined?
As a professional IT provider, we have to consider a lot of variables in order to price out IT service packages for businesses, including the following: the complexity of the environment, the number of locations, servers, firewalls, switches, users, email accounts, the number of applications being used, and on and on.
What we can provide, however, is a price range to reference. The typical range that we calculate usually falls between $125-$300 per user, per month. But what constitutes this price and why does it vary so greatly? Well, we like to think about it in three buckets.
Three Buckets of Cost in the Managed IT Space
- The first bucket is the technology stack or included hardware and software. These are the tools an MSP uses to monitor, report, protect, and remotely support the users, computers, servers, etc.
- The second bucket is the proactive services offering. This bucket includes the necessary labor for technicians and engineers to respond and look into alerts or warnings that our software generates. It also includes recurring scheduled maintenance on servers, workstations, and firewalls to make sure software updates are happening, as well as to provide human oversight to tools and software agents.
- The third bucket is reactive support. This is the time required for technicians and engineers to respond to user reported issues, trouble tickets, or change requests for computer installation, replacement, or something else.
When we look at these three buckets of cost, the first two are the most predictable. This last bucket varies the most, as it depends on how many support cases and tickets will be generated by a company. The cost is especially difficult to determine for a client we’ve never worked with before.
Let’s dive deeper into these three buckets to give you an idea of what drives the pricing up and down.
Breaking Down the Pricing Element
At HRCT, there are some items that we make mandatory and some items that we add or subtract based on the needs and wants of the client. Additionally, there are items that might once have been optional security enhancements but have now become mandatory because your industry requires that you’re compliant with a framework like the DoD’s CMMC, the healthcare facility’s HIPAA, the credit card company’s PCI DSS, the auto dealer’s FTC Rule, the financial service’s FINRA, or another requirement.
Included Hardware and Software
All of our service plans include these mandatory items:
- Hardware Firewall & Security Subscription (1 per location)
- Remote Monitoring and Management (per server and per workstation)
- Managed Endpoint Detection and Response (per server and per workstation)
- Advanced Email Protection with Phishing Prevention (per email address)
- Server Backup and Disaster Recovery (all servers with copies locally and in the cloud)
- Corporate Password Manager (for all users)
- Privileged Account Management and Self-Service Account Management (admin accounts and user accounts)
When comparing one MSP to another, one might think these items are all the same and can be treated as such, but this is not true. At HRCT we truly hand pick the best-in-class solutions, whereas some MSPs go with the lowest cost items (often bundled together from a single vendor) that check the boxes. One of our biggest differentiators is supplying a managed endpoint detection and response product for all plans. Yes, that’s right, incident response is included.
A lot of MSPs will only provide an antivirus for this category, which might have been adequate a decade ago, but that’s no longer the case today. In order to really protect your business from today’s threats, you need a Security Operations Center (SOC) operating 24/7, staffed with security analysts looking for suspicious activity happening at all hours of the night. Not only will they detect and alert on such activity, they will actually stop and block it. We put in all this work because in the final analysis, without real underlying security, average solutions can create disastrous events for an organization.
Customized Plan Add-Ons
Because all of our plans are truly customized for your specific needs, some of the additional items we might need to add to your plan include:
- Windows Logon Multi-Factor Authentication (MFA)
- Vulnerability Scanning (all devices connected to the network)
- Workstation Backup (key workstations or all workstations)
- Microsoft 365 Backup (email, SharePoint, and OneDrive)
- Email Encryption
- Mobile Device Management (smart phones)
- Full Disk Encryption (all workstations or just laptops)
- User Behavior Monitoring / Access Logging and Auditing
- Employee Monitoring and Analytics
- DNS Filtering
- Email Signature Management
As you can see, there’s a variety of things that can be added to a plan to enhance the security and protection of your business, but these add-ons can drive up the price as well. As we alluded to before, the majority of these things might be needed to achieve compliance, so they might not be optional if your business needs to be compliant with specific requirements.
A Look at the Different MSP Service Types
When it comes to the different service types offered by MSPs, you can usually divide them into two categories: proactive and reactive. Let’s talk about the difference between the two, and the importance of understanding both of them.
Proactive Services
A good MSP will include scheduled recurring maintenance and will budget for time needed to investigate alerts that are software generated. After all, what good are security alerts if they are ignored? Here are some proactive services we include in all of our plans:
- Quarterly Firewall Checks and Updates (making sure the firewall is configured to best practice and updated to the latest version)
- Quarterly Health Checks and Oversight (making sure our tech stack is fully deployed and operational to best practice)
- Monitoring Alert Investigation
These are some additional proactive services we might include if your business requires more cybersecurity and compliance solutions:
- Penetration Testing
- Technology Strategy Meetings (virtual CIO)
- Vulnerability Scanning / Remediation / Management
- Fractional CSIO Services (incident response and disaster recovery, policy review and creation, governance risk and control (GRC))
- Risk Assessments
- End User Cybersecurity Training and/or Phishing Simulations
All of these things require a time investment on a recurring schedule for our staff to work on, but for the most part, we can predict how long we’ll spend on each item and how many occurrences there will be so we can properly budget our time and your cost.
Reactive Support
This last cost center for an MSP is going to be the one everyone thinks of first: reactive support. This service is designed for you and your users to have someone on standby to assist with whatever technology challenge you’re having at the moment. It could be as simple as forgetting your password, installing a new printer, or upgrading your line-of-business application. The list of possible reactive support requests could go on forever. Realistically, the only tool we have in order to properly predict and calculate this cost is past experience and similar customers. However, the biggest factor is usually the complexity of the network environment.
If your business operates with the least amount of specialty software and most users just use Microsoft 365, there likely won’t be that many issues for us to help with. On the other end of the spectrum, if you have specialty databases and applications that are difficult to support and maintain, you will likely need our help often.
The second biggest factor in the cost of reactive support is the age of the hardware and operating systems. The truth of the matter is that systems older than 4 or 5 years are often the biggest source of issues and frustrations. It’s best to get into a hardware lifecycle refresh where you budget for the replacement of 20% of your machines per year. Why 20%? Because this works out to keeping a fleet of workstations less than 5 years old.
At HRCT, as part of our Complete Care package, we include the labor to replace up to 20% of your workstations per year to help with this goal.
Onboarding and Implementation
Remember how we originally told you there were three buckets used to calculate the cost of hiring an MSP? Well, we’re going to add a fourth bucket! And there’s a reason we didn’t include implementation and onboarding in the costs so far. That reason is that, technically, onboarding is a one-time initial cost.
From personal experience, most customers have no idea how much work is involved in implementing so many different systems, solutions, and software applications across all servers, workstations, and Microsoft 365 environments. Not to mention all of the work in training users on how to use new tools and technologies. It’s a massive undertaking that requires a very skilled team of engineers to ensure everything is handled correctly. We find that most onboarding projects range between 50–120 hours of engineering time, which equates to anywhere between $9,500-$22,800 at our 2025 standard rate of $190 per hour.
We can’t speak to what other MSPs do to cover the significant time investment to implement all of the included hardware, software, and user training, but we can tell you what HRCT does. We simply provide full transparency on what it takes to implement each and every part of our solution, and we give the customer the choice of paying for implementation up-front, thereby avoiding a multi-year contract, or dividing the cost of onboarding across a 36-month contract.
We find that some organizations appreciate the fact that they can expense a major project up-front, reducing taxable income, while others like having a $0 up-front cost and flat monthly payments instead. The choice is yours.
HRCT Has Your Best Interest in Mind
When it comes to hiring an MSP, the cost can vary widely depending on your business needs. But remember, you’re investing in the security, efficiency, and reliability of your IT systems. The right MSP can handle the tech side of things so you can focus on growing your business.
If you’ve enjoyed the straight-to-the-point information in this article, you’ll love working with us here at HRCT. Get in touch when you’re ready for a fully customized quote and let us manage your business’s IT the right way.