I had a conversation last week with one of our vCISO clients that got me thinking about MSPs. We’ve been helping this client implement a cybersecurity program, and during our monthly checkpoint, I asked him about how his off-boarding process was working.
In short, it wasn’t. He (we’ll call him ‘Bob’) had socialized the process with his MSP’s account manager earlier this year and had been assured that the process was documented for his company and that it would be followed. When he activated the process last week, three of the five steps were either not completed or completed incorrectly (e.g., they deleted the email account instead of delegating the inbox, failed to reset the user’s PC, etc.). When he called the ‘help’ desk, each person he spoke with was focused on identifying a quick fix for the presenting problem so they could close the ticket.
The Cycle of MSP Disappointment
The end result was that he spent ½ a day chasing the right people down to get his process executed. I asked Bob about his account manager; he said that he left for a different company, and his replacement was MIA. When I asked him if he had considered switching MSPs, he told me that this was his third one. His exact quote was “I feel a little foolish just complaining about my MSP and putting up with all the problems when I have the ability to change vendors. But, my experience has been that the pain of changing vendors is worse than putting up with the problems. And if I did change vendors, I would end up with the same issues. I would just have a different set of people to be frustrated with.” I’d call that ‘MSP Despair’.
Now, I’m not down on MSPs, I know three very good ones that I’d recommend to anyone. Unfortunately, for every good one I’ve run into, I’ve seen two that make Bob’s story feel all too familiar. Your MSP is essential to both your business operations and cyber risk management, and having a bad one is like having a nail in your tire and a flat spare in the trunk.
Solutions to MSP Mediocrity
What can be done about my friend Bob and people like him who feel forced to accept mediocrity because the switching cost is too high? What about people who are considering an MSP but are reluctant to commit because they know people like Bob, too?
I don’t have a perfect answer, and would love for you folks who are in the business to hop in and discuss, but three things come to mind:
1. Financial Accountability Measures
Ask your prospective MSP to put their onboarding costs in an escrow account and get a written guarantee of a refund if you aren’t happy with the experience. Failing that, work with them to quantify a tangible financial penalty for poor performance.
2. Third-Party Validation
Look for an MSP that proactively submits itself to 3rd party audits. In my experience, one sign of a ‘bad’ MSP is arrogance, as in the ‘we’re smarter than you’ vibe you get when you speak with a support engineer. One surefire way to find a humble MSP is to get one that makes it a habit to have an independent audit of their practice.
3. Check References
Every MSP will offer one or two clients with whom you can speak about their service. In the words of Admiral Ackbar ‘It’s a trap.’ Ask for a longer list of customers (e.g., 6 or 8!) and when you get them on the phone, find out the level of interaction your contact has with the MSP in question. Many times, the person the MSP puts on the list is at least one or more removes from the actual day-to-day operations of the company. Take the time to find that person and ask questions like, ‘How reluctant are your users to open up a support ticket and why?’, ‘If you could hit a magic reset button and choose a different MSP, would you?’, etc.
Conclusion: The Value of Due Diligence
You may be tempted to dismiss this level of effort, but just remember our friend Bob!
What do you think? What could your MSP do to make you happier with your decision to use them? MSPs, what could you do to make it easier and less risky for people like Bob to switch?
Trusted MSPs Worth Considering
If you’re looking for a starting point in your MSP search, here are three MSPs we’ve encountered that have earned our trust:
Note: We partner with MSPs above because their performance has consistently met our standards. Our recommendation is entirely independent—we do not accept referral fees, commissions, or any other financial incentives from them.
Frustrated by inconsistent MSP performance or unclear responsibilities? Our vCISO services at Vizius are designed to help you regain control. We provide expert-led cybersecurity assessments, identify gaps in your current IT partnerships, and deliver pragmatic strategies to improve outcomes — without the guesswork.
Ready for clarity and confidence in your cybersecurity strategy? Contact Vizius today to learn how our vCISO experts can assess your current environment and help you build a roadmap for stronger, more accountable security practices.
