What should I.T. support actually cost?
Stop asking I.T. companies "what do you charge?" The right question is "what will I get for my money?" Three service models, what MSPs actually cost per user per month, five tricks "cheaper" firms use to hide real cost, and the 21 questions to ask before you sign.
Quick answer
Don't shop I.T. on hourly rate alone. Across the industry, fully-managed MSPs in Canada run roughly $200 to $340 CAD per user per month (Service Leadership benchmark). Below $200, ask what's missing. Above $340, ask what's extra. Hourly break-fix runs $200 to $340 CAD per hour with a one-hour minimum, but it stops working once you have more than a handful of issues or any sensitive data. The real cost is in the SLO fine print: who pays for after-hours, on-site visits, vendor liaison, immutable backups, and account management. Read this guide, then ask the 21 questions in section 7. Get the answers in writing.
1. Never ask "what do you charge?"
One of the most common questions we get from prospective clients is "What do you guys charge for your services?" It's a fair question, but it's the wrong one. Ask instead: "What will I get for my money?" Then know what to look for and what to avoid.
Here's why choosing your I.T. company on fees alone leads to overpaying, even when the price looks cheaper initially, and to serious risk to your organization.
1.1 There is no such thing as "standard" pricing
Services that look identical can be packaged in radically different ways. Two contracts that both say "managed I.T. services" can carve out everything from on-site visits to backup recovery to phone-system support. That's why it's impossible to compare I.T. providers on fees alone. The rest of this guide explains the most common pricing models so you can make an informed choice.
1.2 "Dirty little secrets" hide in cheap contracts
SLO clauses that "cheaper" firms use to make their fees appear lower put you at high risk for cyber attacks, data loss, and downtime you didn't budget for. Most leaders don't know what to look for in an SLO, which is exactly how cheaper firms get away with it. Section 5 covers the five most common tactics.
1.3 Buy on value, not on price
This guide will help you pick the right I.T. services company for your specific situation, budget, and needs based on the value they deliver - not just price, high or low. The goal is to make the most informed decision possible so you end up working with someone who solves your problems in a time frame, manner, and budget that's right for you.
2. Comparing apples to apples: the 3 service models
Before you can accurately compare the fees, services, and deliverables of one I.T. services company to another, you need to understand the three predominant pricing and service models most companies offer.
2.1 Time and Materials (Hourly) · Break-Fix
You pay an agreed-upon hourly rate for a technician to fix your problem when something breaks. Most charge in the $200 to $340 CAD per hour range. Scope ranges from a single problem to large projects like software upgrades, cyber protection rollouts, or office moves. Good for one-off problems if you have nothing critical at stake; expensive and slow when something serious happens.
2.2 Managed I.T. Services (MSP)
An MSP takes on the role of your fully outsourced I.T. infrastructure: troubleshooting, device setup and support, security, backup, Strategic Advisor leadership, and more. Most managed I.T. service contracts cover:
- Installing and setting up applications such as Microsoft 365, Google Workspace, SharePoint, and similar platforms
- Setting up and managing network, device and data security against hackers, ransomware, and viruses
- Backing up your data and assisting in recovery in the event of a disaster
- Providing a help desk and support team for employees with I.T. problems
- Monitoring and maintaining the overall health, speed, performance, and security of your network daily
- Providing Strategic Advisor and fractional I.T. leadership: technology roadmaps, I.T. budgeting, and quarterly strategy reviews
2.3 Vendor-Supplied I.T. Services
Many software vendors offer pared-down support limited to their specific application only. It's often a good idea to buy basic support for a critical line-of-business app (your ERP, your accounting system, your industry-specific platform), but this is not sufficient to provide full I.T. services, cybersecurity, backup, and end-user support. Treat vendor support as a complement to managed services, not a replacement for them.
3. Managed I.T. services vs. break-fix
The advantage of break-fix is that you only pay when you need it. But if you're trying to grow, or if you handle sensitive data, these become serious risks:
Where break-fix breaks down
- Break-fix gets very expensive fast when you have multiple issues or a major problem like ransomware. The I.T. company takes longer to troubleshoot and fix issues than if they were already familiar with your environment, and they have no systems in place to prevent escalation.
- Hourly billing works in your I.T. company's favor, not yours. The consultant can assign a junior tech who takes 2 to 3 times as long to resolve an issue a senior tech would fix quickly. There's no incentive to fix problems fast; they're incentivized to drag it out.
- You're more likely to have major issues. One main reason businesses choose an MSP is to prevent major issues. Benjamin Franklin had it right: an ounce of prevention is worth a pound of cure.
- You can't budget for I.T. You could end up paying more if you constantly call for urgent emergency support, and you'll have no way to plan for it.
- You won't be a priority for the I.T. company. All I.T. firms prioritize managed clients over break-fix clients. You get called back last and could be down for days. The I.T. company has no incentive to address root causes, leading to more problems and more cost.
- Without active maintenance, your chances of getting hacked go up exponentially. Thinking "nobody wants to hack us" or "we're 100% in the cloud" is a dangerous assumption. Without a professional I.T. company maintaining your security, your exposure rises sharply.
Hiring an MSP to manage your I.T. environment is, by far, the most cost-effective and smartest option for businesses with 15 or more employees, or who handle critical operations and sensitive data.
A note on scope
The service levels described in this guide reflect a Keystone (fully managed) engagement, where Vencer owns I.T. as a complete business function. Under a Dynamic (co-managed or fractional) engagement, the same level of delivery cannot always be guaranteed; scope depends on the individual agreement and how responsibility is shared with your internal team.
4. What should I.T. services cost?
Important
The price quotes below are industry averages based on a recent survey by Service Leadership, an independent consulting firm. This does not reflect Vencer's pricing model for your unique situation.
4.1 Hourly break-fix
Most I.T. companies charge between $200 and $340 CAD per hour, typically with a one-hour minimum.
4.2 Managed I.T. services pricing
Most MSPs quote a monthly fee per user. According to Service Leadership:
These fees are expected to rise due to constant inflation and a tight I.T. talent labor market.
"Operationally mature" MSPs typically charge more because they deliver better cybersecurity and compliance services, include CIO services and dedicated account management, and can afford to hire knowledgeable techs. If an MSP is charging $200 CAD per user or less, you have to question what they're not providing.
4.3 Project fees
For one-time projects, fees vary widely. Always demand:
- A detailed scope of work that specifies what "success" is: document expectations on performance, workflow, costs, security, and access.
- A fixed budget and time frame for completion. Be wary of hourly estimates that allow billing for "unforeseen" circumstances.
- Clear ownership and escalation paths. You should know who's accountable and how scope changes are handled in writing.
5. Buyer beware: 5 ways "cheaper-priced" I.T. firms hide the true cost
The "cheapest" provider can end up costing far more due to carve-outs, hidden fees, and inadequate solutions you'll later need to upgrade. Here are the five most common tactics.
5.1 Grossly inadequate compliance and cybersecurity protections
Insurance companies now require employee cyber-awareness training, MFA, and advanced endpoint protection just to provide cyber liability coverage. Vencer includes these as standard. A "cheap" MSP price often means these are line-item add-ons the day you actually need them - or worse, they're not offered at all and your insurance claim gets denied.
5.2 Inadequate backup and disaster recovery
Your MSP should include daily backups of servers, workstations, and cloud applications like Microsoft 365. Backups must be immutable (un-corruptible by hackers); many insurers now require this explicitly. If your MSP's backup line item is just "we back up your server," that's not enough anymore.
5.3 Carve-outs for on-site and after-hours support
Many firms charge extra for after-hours and on-site visits. Vencer offers tiered agreements, and our higher tiers include on-site and after-hours support so you're not nickel-and-dimed for every request. Make sure you understand what your tier covers before you sign.
5.4 Nonexistent vendor liaison and support
Some I.T. firms charge hourly to resolve issues with phone systems, ISPs, printers, and other devices on your network. As a Vencer client, all of that is included. When something goes wrong with your internet, your phones, your printers, you should not be the one on hold with the vendor - your MSP should be.
5.5 Cheap, inexperienced techs and no account manager
Smaller MSPs can't afford dedicated account managers, meaning you depend on the owner - who's extremely busy - to watch your account, find brewing problems, and plan upgrades. The cheaper the per-user price, the more likely you're sharing the owner's attention with twenty other accounts.
Buyer beware
To truly compare MSP contracts, your SLO should clearly define: services included, guaranteed response times, extra fees (on-site, after-hours), contract and cancellation terms, liability protection, and payment terms. If any of these are vague or missing, that's where the surprises are going to come from.
6. The 21 questions to ask before signing a contract
Get answers to all of these in writing. Each section below is one of the four categories any decent SLO should cover.
CS · Customer service
Q01. How do you request support?
Our answer: At Vencer, we offer multiple channels - a live help desk, a dedicated support portal, and email - so you're never without a way to reach us, even when your internet is down.
Q02. Do you have a written, guaranteed response time?
Our answer: The number one frustration we hear is "they never return our calls." We publish clear response-time commitments in every SLO and track performance in our PSA.
Q03. Do they explain things in plain language, not "geek-speak"?
Our answer: Our technicians are trained to have the "heart of a teacher" and explain everything clearly. Look at our client reviews to see how our team is described.
Q04. Do they create an I.T. roadmap and meet with you quarterly?
Our answer: We conduct quarterly strategy meetings to find areas of high risk and new opportunities to improve productivity, lower costs, and align I.T. with your business goals.
Q05. Do they bill properly with clear invoices?
Our answer: Our invoices show exactly what work was done, why, and when. Every invoice is reviewed for accuracy before it's sent, with no surprise catch-up bills.
Q06. Do they carry adequate insurance?
Our answer: We carry cyber liability and errors and omissions insurance. If your I.T. company doesn't carry insurance, any damages become your liability. Always ask to see their coverage.
Q07. Do they have a dedicated account management team?
Our answer: If the answer is "the owner," ask how they'll dedicate time to you while running the company. Make sure a dedicated team is watching your account.
SC · Cybersecurity and compliance
Q08. Do they insist on security that meets modern standards?
Our answer: Strong security is fundamentally about risk management - protecting your operations, your data, and your ability to keep working when something goes wrong. We don't allow clients to operate without adequate security in place, and we align that posture with privacy obligations like PIPA and PIPEDA where they apply.
Q09. Do they provide quarterly reports on updates, patches, and machine status?
Our answer: Every quarter, clients get a detailed health-score report. We reassess security, stability, and compliance to ensure we're watching critical operations and data.
Q10. Do they provide written network documentation?
Our answer: All clients receive this at no additional cost. If your current I.T. company keeps you in the dark about what equipment, licenses, and passwords you have, you're being held hostage.
Q11. Do they understand the frameworks that apply to your business?
Our answer: We have deep experience supporting Alberta businesses across the frameworks that matter to regulated sectors - including PIPA, PIPEDA, SOC 2, and PCI DSS - with particular fluency in engineering and energy. We bring that context so compliance becomes a managed part of your operation rather than a fire drill.
Q12. Have they reviewed your cyber liability insurance application?
Our answer: All carriers require strict cybersecurity protections before they'll cover you. If your I.T. company hasn't reviewed your policy, your claim could be denied. We see gaps all the time when reviewing new clients' networks.
BR · Backups and data recovery
Q13. Do they insist on immutable backups?
Our answer: The only kind of backup you should have is an immutable backup - meaning it cannot be changed or corrupted by ransomware. Cyber insurance now requires this.
Q14. Do they perform periodic test restores to verify backups actually work?
Our answer: We perform weekly, monthly, and quarterly disaster recovery testing at different depths to ensure backups are working as expected. The worst time to test a backup is when you desperately need it.
Q15. Do they back up your network before any project or upgrade?
Our answer: Yes - as a precaution in case a hardware failure or software glitch causes a major problem.
Q16. Do they have a written disaster recovery plan?
Our answer: All our clients receive a simple disaster recovery plan for their data and network. At minimum, your network is covered if something happens.
TS · Technical expertise and service
Q17. Is their help desk in-house, or outsourced overseas?
Our answer: We provide our own in-house help desk. We consider this one of the most important aspects of customer service, and critical for keeping your data secure.
Q18. Do their technicians maintain current vendor certifications?
Our answer: Our technicians maintain certifications across our core stack - endpoint security, RMM, Microsoft 365, and Azure - plus ongoing cybersecurity and compliance training for PIPA and PIPEDA.
Q19. Do their technicians conduct themselves professionally?
Our answer: Our technicians are trained in customer service, communication, and high standards. They won't confuse you with geek-speak or talk down to you. If they have to be on-site, you'd be proud to have them there.
Q20. Can they support your line-of-business applications?
Our answer: We own the problems with line-of-business applications for our clients. We'll be the liaison between you and your vendor to make sure these applications work smoothly.
Q21. When something goes wrong with internet, phones, printers, do they own the problem?
Our answer: We feel we should own the problem so you don't have to. That's just plain old good service - and something many computer guys won't do.
7. Your next step
Are you done with frustrating I.T. problems? The next step is simple. Leave a message at 1-888-271-6230 or email will.mccabe@vencergroup.com and we'll call you back, or send an invite for a brief 10 to 15 minute consultation. We'll conduct our proprietary Vencer I.T. Systems and Risk Assessment to show you where your real risk sits, whether your backups actually work, how much visibility you have across your I.T., and where there's room to run leaner and with clearer accountability.
Schedule your free assessment. No cost, no obligation.
Notes & Methodology
About these figures: Industry data cited in this guide is either from named external sources (Zscaler ThreatLabz, Mandiant M-Trends, Verizon DBIR, Canadian Centre for Cyber Security NCTA, SEC public filings) named inline with what each report measured, or from Vencer Group estimates derived from observations across recent client engagements - framed explicitly with "approximately" or "(Vencer Group estimate)" so the basis is visible. Vencer's own operating data (transaction count, breach record, tenure) is drawn from Vencer's record across nineteen years. Cost ranges reflect the spread between low-complexity and high-complexity operators based on the Vencer client sample.
Operator-authored framework built from 30+ deals and 19 years - not a universal prescription. Every organization has different variables. This guide tells you what to look at; the Assessment tells you what it means for your situation.