Guest Column | May 15, 2019

How To Price And Package MSP Security Services

By Dustin Statz, Infogressive Inc.

Top Federal IT Initiatives Include Security, Disaster Recovery, Digitizing Records

As an operationally mature MSP, you should be pricing your basic support services on a per seat basis with project work, DR, backup, etc. as add-on pricing modules that complement the recurring support you deliver to your clients.

When my last MSP went to the drawing board to shift from an hourly retainer model to a per seat basis, we did the math. After removing statistical outliers or anomalies, $121/seat was our average cost to our clients. This matches up well with the guidance offered by ConnectWise, a firm everyone in the industry is quite familiar with and might be lower than some geographic regions, depending on the competitive nature you face.

By pricing on a per seat basis, you make it easier for your clients and prospects to understand what value you bring to the table in a transparent pricing model. Security Services should be no different.

By bundling various levels of security services as add on “bundles” you remove the pushback of “death by line item” and can allow your customers to select from a good, better, best level of security that matches their risk profile and budget.

The shared chart below shows some loose suggestions for pricing of basic MSP services, as well as two tiers of security bundles. We’ve gathered years of feedback from our channel partners and MSP owners to provide our own set of bundles developed around the CIS 20 controls as best practices and universally recognized standards for prioritization.


ConnectWise Growing Revenue Through Additional Cybersecurity Offerings









Nine of 10 SMBs would consider hiring a new MSP if that particular MSP offered the right cybersecurity solutions, according to a new research report from Vansonbourne. A similar SolarWinds MSP research report found 80 percent of customers were rethinking their managed IT security strategies and associated MSP relationships amid rising cybersecurity threats. Using the framework above, you as an MSP can deliver the security services your clients are asking — heck, demanding — of your team, while capturing MRR and margins.

By bundling services in a good, better, best methodology as shown above, you can control the sales process and make the proposal more straight forward and relatable to the client. By positioning your client into an appropriate, preconfigured bundle — or build your own bundle — you can explain the decision was based on an assessment of their business/vertical and budget.

Based on these models you can then layer on security services to your existing lines of deliverables with simple $20/seat, $40/seat, $60/seat recurring charges to your clients, based on your appropriate pricing structure. This then enables you as the MSP to essentially “bolt on” a Master Managed Security Services Provider to do all of the heavy lifting on your behalf, securing your own infrastructure and that of your clients, while retaining the revenue streams and margins you expect.

Looking to get started with offering security services? Basically, you’ve got three choices: build, buy or partner. Learn more about which path is right for your MSP.

About The Author

Dustin Statz is a Channel Account Manager at Infogressive Inc., a Master MSSP established in 2006 in Lincoln, Nebraska. Prior to joining Infogressive, Dustin spent nearly a decade in the channel with varying roles in sales & leadership at an HPE Distributor, Director of Sales for a cloud & automation services startup, and 2 MSP’s while most recently being tasked with building an MSSP from the ground up.

About Infogressive Inc.

Infogressive Inc. is a cybersecurity provider that provides it’s MSP partners an effective and scalable full-suite of security services to protect their clients, the tools and resources to grow their reoccurring revenue and a direct line to highly trained engineers. Infogressive’s focus is their partners’ success by adding value to their clients with security, moving to a proactive state to save time from repairing compromises and staying on top of the ever-changing threat landscape so you don't have to.