The Great Bargain of Cheap IT Support: A False Economy That’ll Cost You Dearly

Written By Noel Bradford

The irresistible allure of cheap IT support. Who doesn’t love a bargain? Why pay for skilled professionals when you can save a few quid by hiring an ‘IT guy’ who’s probably moonlighting from his real job stacking shelves? If you’re looking for the fastest way to turn your business into a cyber breach horror story, an operational disaster, and a cautionary tale in a LinkedIn post, cheap IT support is the way to go.

The market is flooded with MSPs that promise the world for a price that barely covers the cost of a sandwich. Unlimited support for £20 per user per month? Sure, and while you’re at it, why not buy a second-hand parachute off eBay? What do you actually get for that price? A helpdesk staffed by underpaid script-readers who think cybersecurity is just a setting in Chrome, security policies based on blind optimism, response times that make Royal Mail look speedy, and a patching strategy last updated when Myspace was still relevant. If your IT provider isn’t pushing Cyber Essentials Plus as a minimum, they’re not just cutting corners—they’re completely skipping security.

Why Cheap IT Costs You More in the Long Run

You think you’re saving money, but let’s talk about what you’re actually buying. Downtime that costs far more than you ‘saved’ because your IT provider takes hours to fix something that should have taken minutes. Regulatory fines when GDPR violations and ICO penalties hit you like a freight train, because shocker—storing customer data in an unpatched, insecure system is frowned upon. Reputation damage when you have to send out that pathetic ‘we take security seriously’ email after getting hacked, while your competitors enjoy watching you drown in bad press. And let’s not forget the inevitable ‘surprise’ invoice when you realise your bargain IT contract covers absolutely nothing useful, and you now have to pay extra just to get someone who actually knows what they’re doing to fix the mess.

A real MSP doesn’t just react to problems—they stop them before they happen. That means investing in proper security infrastructure. Remote Monitoring & Management (RMM) isn’t a ‘nice to have’—it’s the foundation that ensures problems are identified before they turn into a catastrophic mess. Endpoint Detection & Response (EDR) stops cyber threats before they spread, instead of relying on an outdated antivirus solution that still thinks Windows XP is state-of-the-art. A full-blown Security Operations Centre (SOC) providing Managed Detection & Response (MDR) is non-negotiable—unless you enjoy waking up to find your data being auctioned off on the dark web. And Patch Management? If you’re still operating without it, you might as well leave your office doors unlocked with a neon sign that says ‘STEAL ME.’

Most Cheap IT Providers Lack Even Basic Security Certification

Here’s a sobering thought: the majority of cheap IT providers don’t even have basic cybersecurity controls in place for themselves, let alone for you. Most will not have externally audited cybersecurity standards like Cyber Essentials Plus, which is the absolute bare minimum any competent MSP should hold. And if they don’t care about their own security, why on earth would they care about yours?

A lack of Cyber Essentials Plus certification means they likely don’t enforce Multi-Factor Authentication (MFA) properly, they aren’t independently verifying that their systems are secure, and they probably have more ‘default password’ setups floating around than a teenager’s first home Wi-Fi. If your MSP isn’t externally audited and certified, they are a walking security risk, not a provider you should trust to keep your business safe.

The Real Cost of IT Support: Cheap vs. Proper MSPs

Cheap IT providers are cutting corners somewhere, and the first thing to go is usually security. The second? Response times. The third? Any hope of real expertise. A proper MSP, on the other hand, invests in Cyber Security Awareness Training because Dave in accounting will click on that phishing email promising him a £100 Tesco gift card. They implement Privileged Access Management (PAM) to stop unauthorised access before someone ‘accidentally’ uploads your client database to a Russian file-sharing site. Business Continuity & Disaster Recovery (BCDR) ensures that when things inevitably go sideways, you’re not left standing in the digital equivalent of a burning building. And a real MSP has an actual ticketing and documentation system in place, not a chaotic mix of sticky notes and crossed fingers.

Let’s talk numbers. A proper security-focused MSP invests around £40 per user per month in essential tools alone. When you factor in staffing, infrastructure, and the expertise needed to run a secure IT operation, the real cost of IT support should be at least £60 per user per month—and that’s before Microsoft 365 or Google Workspace licensing. If you’re paying less than that, you’re getting a cut-price, security-lite, hope-for-the-best operation. And when things go wrong, you’ll be paying for emergency fixes, regulatory fines, and a damaged reputation.

Think Hiring In-House Is Cheaper? Think Again.

Still convinced a cheap IT provider is better than nothing? Maybe you think hiring an in-house IT team is a better option? You might want to sit down for this part. An experienced IT manager will set you back at least £80K per year, and that’s before pensions, National Insurance, training, and benefits. You’ll also need cybersecurity specialists, because no single IT person can handle everything—good luck finding one for less than £90K. Oh, and let’s not forget infrastructure costs, software licensing, and that awkward moment when your IT guy goes on holiday, gets sick, or quits altogether.

Want to see how those costs stack up? I’ve done the hard work for you. Check out my in-depth breakdown of in-house IT vs. outsourcing to an MSP here:

Five Questions to Ask Any MSP (Incumbent or Prospective)

  1. Are you Cyber Essentials Plus certified? If not, how can you prove that your own security controls meet industry best practices?

  2. What cybersecurity protections are included as standard in your service? If the answer is just ‘antivirus’ and ‘firewall,’ run.

  3. What happens if we suffer a security breach under your watch? A real MSP will have an incident response plan—not just an apology email template.

  4. Do you provide 24/7 monitoring and real-time threat response? If they only work 9-5, who’s watching your systems overnight?

  5. How do you handle patch management and software updates? If they ‘leave it up to you,’ expect security holes you could drive a bus through.

Do yourself a favour: pay for proper IT support before your business learns the hard way. Because when cheap IT inevitably fails—and it will—you’ll be paying a hell of a lot more to clean up the mess.

And if you’re still not convinced? Picture yourself explaining to the board why you went with the cheapest IT provider… right after they’ve lost half a million quid to ransomware. Good luck with that.

Noel Bradford

Noel Bradford – Head of Technology at Equate Group, Professional Bullshit Detector, and Full-Time IT Cynic

As Head of Technology at Equate Group, my job description is technically “keeping the lights on,” but in reality, it’s more like “stopping people from setting their own house on fire.” With over 40 years in tech, I’ve seen every IT horror story imaginable—most of them self-inflicted by people who think cybersecurity is just installing antivirus and praying to Saint Norton.

I specialise in cybersecurity for UK businesses, which usually means explaining the difference between ‘MFA’ and ‘WTF’ to directors who still write their passwords on Post-it notes. On Tuesdays, I also help further education colleges navigate Cyber Essentials certification, a process so unnecessarily painful it makes root canal surgery look fun.

My natural habitat? Server rooms held together with zip ties and misplaced optimism, where every cable run is a “temporary fix” from 2012. My mortal enemies? Unmanaged switches, backups that only exist in someone’s imagination, and users who think clicking “Enable Macros” is just fine because it makes the spreadsheet work.

I’m blunt, sarcastic, and genuinely allergic to bullshit. If you want gentle hand-holding and reassuring corporate waffle, you’re in the wrong place. If you want someone who’ll fix your IT, tell you exactly why it broke, and throw in some unsolicited life advice, I’m your man.

Technology isn’t hard. People make it hard. And they make me drink.

https://noelbradford.com
Previous

Microsoft 365 Business Premium: Why Saving £7 a Month Could Cost Your Business Its Future
Next

Cyber Essentials and Privileged Access Management: Just Enough or Just in Time?