By Brent Lacy
Ransomware shows up in 88% of small business breaches, according to Verizon’s 2025 Data Breach Investigations Report. That’s 2.3 times the rate at larger organizations. The average cost of a data breach in the US hit $10.22 million in 2025, per IBM’s annual report.
Those numbers are about companies. Real people. Payroll decisions, customer trust, years of work on the line because something broke that somebody was supposed to be watching.
Here’s what most business owners don’t realize: the majority of IT disasters aren’t acts of God. They’re near misses that somebody ignored. Preventable failures that a competent provider would have caught, documented, and fixed before they became your problem.
The cheapest IT bid should be thrown out. Not considered. Thrown out.
The 11 Near Misses
I wrote a whole book about this. Near Miss: Preventable IT Failures Threatening Your Business Security walks through each one. But here’s the short version, the stuff every business owner should be watching for.
1. Your provider is too busy to monitor and document. If nobody is watching your systems, problems pile up quietly. By the time you hear about something, it’s already bad. Documentation isn’t busywork. It’s how you know what’s actually happening on your network.
2. Your provider isn’t taking security seriously. Security isn’t a product you buy once. It’s a practice. If your provider treats it like a checkbox, you’re exposed.
3. Your provider is too busy putting out fires. Reactive IT means your provider is always behind. Always fixing what broke yesterday instead of preventing what breaks tomorrow. That’s not a service. That’s expensive panic.
4. Your provider lacks full network visibility. You can’t protect what you can’t see. If your provider doesn’t have a complete inventory of every device, every user, every connection on your network, they’re guessing.
5. Your provider isn’t watching the firewall. A firewall that nobody monitors is just an expensive box in the closet. Threats change daily. The rules need to keep up.
6. Your provider is giving users too many rights. Every employee does not need admin access. Every user does not need access to every file. Excessive permissions are one of the fastest ways to turn a small incident into a catastrophe.
7. Backup is not business continuity. Having a backup is good. Knowing how fast you can actually recover from it is what matters. If your provider talks about backup but can’t tell you your recovery time objective, that’s a gap.
8. Your provider isn’t securing your DNS. DNS is how your computers find things on the internet. If it’s not locked down, attackers can redirect your traffic, intercept your data, and you might not notice for weeks.
9. Your provider isn’t securing digital identities. MFA. Email security. Identity management. These aren’t optional anymore. They’re the front door.
10. Your provider isn’t guiding responsible AI adoption. Your employees are already using AI tools. The question is whether somebody is helping them do it safely, or whether they’re uploading customer data to free chatbots and hoping for the best.
11. Your provider doesn’t have a plan for when things go wrong. Incidents happen. The difference between a close call and a company-ending event is usually the quality of the response plan. And whether anybody has actually practiced it.
What a Competent Provider Actually Does
The ScalePad 2026 MSP Trends Report surveyed over 1,100 MSP professionals. The top performers, the ones growing faster and retaining clients longer, had something in common: they prioritize being a strategic partner, not just a help desk.
That means regular check-ins that aren’t sales pitches. Technology roadmaps that align with your business goals. Documentation you can actually read and understand. Proactive recommendations, not just reactive fixes.
It means your provider talks to you about risk before it becomes an invoice.
Questions to Ask Your IT Provider
You don’t need to be a technologist to evaluate your IT provider. You just need to ask the right questions. Here are five to start with:
1. “Can I see your documentation of my network?” A competent provider has this ready. If they hesitate or say they’ll get back to you, that tells you something.
2. “What’s my recovery time objective, and when did we last test it?” If they can’t answer both parts, your backup plan is a hope and a prayer.
3. “Who has admin access to my systems, and when did we last review that list?” Excessive permissions are a liability. Somebody should be auditing this regularly.
4. “What security incidents have you handled for clients in the last 12 months?” You’re not asking for names. You’re asking whether they have real experience or whether they’ve been lucky.
5. “What are you recommending I do next, and why?” A strategic provider always has a next step. A reactive one is still thinking about last Tuesday.
Frequently Asked Questions
Q: How do I know if my IT provider is proactive or just reactive?
Ask for their last three recommendations that weren’t about something that was already broken. If they can’t produce those, they’re reactive. A proactive provider brings you ideas before you ask.
Q: What should a good SLA actually include?
Response times, resolution targets, uptime guarantees, and clear escalation paths. More importantly, it should include what happens when they miss those targets. An SLA without consequences is just a brochure.
Q: Is the cheapest IT provider really the most expensive?
Almost always. Underpriced IT means understaffed, undertrained, or both. You’re not saving money. You’re deferring cost, and it compounds. The breach, the downtime, the recovery, that’s where the real bill shows up.
Q: Should my IT provider be helping with AI policy?
Yes. Your employees are using AI whether you have a policy or not. A competent provider helps you set boundaries that protect your data without killing productivity.
Q: How often should I hear from my IT provider outside of emergencies?
At minimum, quarterly. Strategic providers do regular business reviews. If the only time you hear from them is when something breaks or when it’s time to renew, that’s not a partnership.
Want to know exactly what to look for? Near Miss: Preventable IT Failures Threatening Your Business Security walks through all 11 failures with real-world examples and a complete evaluation framework you can use with your current provider.
Related Articles:
- The Real Cost of Choosing the Cheapest IT Provider
- Backup Is Not Business Continuity: The Crucial Difference
- What to Look for When Hiring an MSP: 11 Questions That Matter
About Brent Lacy: Brent has spent over 20 years in the MSP industry helping business owners understand what good IT looks like. He’s the author of Rewired MSP, vCIO Rewired, and Near Miss. He writes about the gap between what businesses expect from their IT providers and what they actually get.
