According to data from Propel, customer retention in IT and technology services averages a high 81%. At SecureOps, we are proud to exceed that benchmark. Our customer retention rate is 90%, and our average client relationship lasts eight years.
This high industry retention rate is not surprising, as most organizations choose to renew contracts with their existing Managed Security Services Provider. Switching to a new MSSP is a fundamentally complex process. The integration requires significant time, and the consequences of a poor transition could be serious. If a new MSSP cannot deliver equivalent resilience to your network, the organization may suffer from security blind spots, new vulnerabilities, and a lagging incident response time.
Behind that 81% customer retention statistic, however, lies a critical question for CISOs. Are organizations staying with their MSSP because the relationship delivers increasing value with each renewal? Or are they holding on simply to avoid the difficulty of evaluating and changing vendors?
An MSSP relationship should enrich over time. As the provider better understands your environment and mission, they should be better positioned to help you achieve your goals. If that progress is not happening, the partnership is likely driven by inertia rather than value.
This blog will examine how to determine if your MSSP is truly delivering maximum value for your investment. To find out, you can simply ask yourself the following questions.
Security requirements do not remain static. As a company grows, its network, endpoints, and data landscape expand. An MSSP that was once the right fit may no longer possess the personnel or expertise to support a company’s increased scale or complexity when renewal discussions begin.
Growth also creates opportunities to adopt new technologies. A critical consideration is whether your MSSP is vendor-locked to specific manufacturers. Such a limitation can preclude your organization from using tools that offer better cost efficiency, enhanced functionality, or superior integration with your other technology investments.
One of our clients, a global mining company, changed technologies numerous times over the course of our relationship. The company transitioned from FireEye to Tellix to Microsoft Defender. Our team remained flexible and maintained support for whatever technology solutions best helped the organization reach its goals.
Some MSSP relationships are more transactional and procedural than others. In these agreements, specific processes, data logs, and SLAs are defined, and the MSSP fulfills the contract precisely as written.
While that may sound like quality service, the experience can leave much to be desired. Some MSSPs operate as a "black box." Clients receive alerts, view dashboards, and get monthly reports, but they never interface with the analysts who handle their data. A representative of our mining client described what this model looks like in practice, “You get a black box of security. There may be 100 incident responders assigned to our investigations, and we don’t get a chance to discuss the issue with them.”
In contrast, SecureOps takes a different approach. The same mining representative highlighted this distinction, stating, “We sit on the same teams. I meet with them regularly. So they are, for all intents and purposes, an extension of the team.” This close partnership allows SecureOps to deliver better service and proactively strengthen our clients’ resilience in ways other MSSPs cannot. The representative explained, “SecureOps has picked up incidents that we would not have picked up, because they use their mind creatively instead of just being policy and procedure driven.”
Our flexible agreement model enables our clients to prioritize the data logs, applications, and endpoints that matter most at any given time. Instead of requiring contract amendments or levying fees for out-of-scope work, we collaborate in real time. Erik Montcalm, our VP of Services and Technologies, elaborated on this approach. He said, “Our clients know that other MSSPs would provide a quote and say, ‘You’re contracted for A, and we’re not going to drop it. Now you’re adding B. That’s 10% extra.’ We tend not to work that way.”
Instead, SecureOps structures agreements around partially dedicated staff. If a client is paying for 20 hours of a Level 2 analyst's time and a pressing concern arises one week, we pivot to execute on what is most important. “It doesn't matter if it's not enumerated in the contract. The analyst will do whatever you want,” said Montcalm. In this way, we ensure our priority is always the client’s goals, not merely fulfilling a contractual obligation.
Data breaches are a persistent threat to organizations of all sizes, and their consequences can be dire. According to IBM’s 2024 Cost of a Data Breach Report, the average cost of a breach has risen to $4.9 million USD globally. In these high-stakes, high-pressure moments, your MSSP must perform at their best. Their value, much like a fire extinguisher, is most apparent when everything is on fire.
When a breach occurs and the minutes matter, we go to war at our client’s side. “It’s like those military stories where you’re in the trenches with someone. People remember who was there when it got hard,” said Montcalm.
For an honest assessment of your MSSP, talk to your frontline security team. Speak with the people who interface with your provider during these critical security events. They will know whether the MSSP stepped into the breach or hid behind their contract. Was the MSSP reactive or proactive? Did they participate in the root cause analysis? Did they help you prevent similar breaches in the future?
This “share the pain” aspect of our professional agreements is what elevates our average customer relationship to eight years. We demonstrate our investment in our client’s security posture when it matters most. Montcalm stated, “The technical folks go to bat for us during renewal, because they remember who showed up during a crisis.”
Is your team willing to do the same for your MSSP?
The best MSSP relationships operate like strong internal teams. They are built on a foundation of mutual support, a shared vision, and a commitment to continuous improvement. On paper, our role with our global mining client looks standard. As the representative explains, “Their dedicated team of experts works around the clock to proactively detect, efficiently respond to, and effectively manage any security incidents that might arise.”
The reality of the partnership, however, is deeper and richer than that. True security partnerships are measured by shared victories and composure during a crisis. We strive to go beyond expectations to help clients grow, increase their resilience, and achieve their business goals. We become embedded team members. We adapt to new challenges. We do not hold them back.
Read the full customer story about our 10+ year relationship with a global mining leader.