Managed IT Services (MSP) MSA Renewal Conversation: Surviving the Mid-Market Squeeze (2027) β a 60-Minute Sales Training
π οΈ The Pulse Training
Who this is for: MSP owners + vCIOs + account managers + service-delivery managers at $1M-$25M ARR managed service providers running MSA renewal conversations against price compression + cybersecurity stack inflation + Microsoft NCE margin erosion + PE-backed roll-up competitors (Evergreen Services Group / New Charter Technologies / Integris / DataPrise / Thrive / Ntiva).
Per Service Leadership Index Q4 2024: Best-in-Class MSPs ~20-25% EBITDA + raise prices 5-8%/yr + derive 25-40% gross profit from cybersecurity stack; Median ~12-15% EBITDA + raise prices 1-3%/yr; Worse-quartile ~3-8% EBITDA + raise prices 0%/yr. Run before IT Nation Connect + DattoCon + Pax8 Beyond + Robin Robins Boot Camp.
What MSP teams leave with: 5-STAGE MSA RENEWAL CONVERSATION (REVIEW β REFRAME β REPRICE β REUP β REFER) + THREE RENEWAL CONVERSATIONS EVERY MSP OWNER AVOIDS (price increase / security uplift / fire the client). Plus verbatim language, two role-plays (CFO at 50-seat manufacturer + Office Manager at 12-seat law firm), the "good bad ugly" SLI quartile self-diagnosis, cyber-insurance attestation gap audit, NCE margin-defense math, co-managed conversion playbook.
Owner brings: (1) 3 recent lost-renewal debriefs + last MSP501 application. (2) MSA Renewal Kit β QBR scorecard template (uptime + ticket-resolution + security-posture + project-completion) + Service Leadership quartile self-diagnosis + cyber-insurance attestation gap checklist (Coalition/At-Bay/Cowbell questionnaire) + NCE margin-defense calculator + co-managed conversion pitch deck + price-increase script.
(3) Whiteboard last 10 renewals by stage + outcome + price uplift.
MEETING AGENDA -- 60 MINUTES
| Time | Block | Owner | Outcome |
|---|---|---|---|
| 0:00-0:10 | Intro + Cold Open β Owner A renewed 65-seat distributor flat at $135/seat, lost client to Evergreen-rollup 8 months later citing "no roadmap conversation"; Owner B raised same-segment 80-seat manufacturer 11% with co-managed bolt-on + Huntress MDR + cyber-insurance attestation = $14K/mo β $22K/mo | MSP Owner | Roadmap-anchored renewal beats flat-rate "don't poke the bear" 4-6x |
| 0:10-0:35 | Teach β 5-STAGE (REVIEW/REFRAME/REPRICE/REUP/REFER) + 3 avoided conversations (price / security / fire) + SLI quartile self-diagnosis | MSP Owner | Recite 5 stages + 3 conversations + cyber-attestation gap list verbatim |
| 0:35-0:45 | Discussion β 8 prompts on when-to-walk-away / co-managed pivot timing / NCE pass-through / Pax8 vs direct CSP / when QBR cadence broke / Worse-quartile pricing fear | MSP Owner + room | Audit last 10 renewals by SLI quartile behavior |
| 0:45-1:05 | Role-Play x 2 β R1: CFO at 50-seat precision-manufacturing client demanding flat renewal + cyber-insurance carrier just denied policy. R2: Office Manager at 12-seat law firm comparing your $145/seat to Geek-Squad-cousin's "I can do it for $65/seat" | Pairs | Run 5-STAGE under two buyer archetypes |
| 1:05-1:10 | Debrief + Commitments β 3 Qs + 1 lost renewal + 1 verbatim line + 1 conversation you avoided | MSP Owner | Roadmap-first renewal habit + price-increase discipline |
| 1:10-1:13 | Leave-Behind β Script Card + SLI Quartile Self-Diagnosis + Cyber-Attestation Gap Checklist + NCE Margin-Defense Calculator + Co-Managed Conversion Pitch | MSP Owner | One-pager in every vCIO bag |
π― Bottom Line
A 50-seat client doesn't churn because your hourly rate went up $15 β she churns because you renewed her flat for 3 years while her cyber-insurance carrier denied coverage, her CFO never saw a QBR, and Evergreen Services Group's BDR called her three times in Q3 with a security-stack-uplift conversation you should have run. Per Service Leadership Index Q4 2024 + IT Nation Connect 2024 + Channel Futures MSP501: Best-in-Class MSPs raise 5-8%/yr + attach 4-6 security SKUs + run QBRs to 80-95% of clients + deliberately fire bottom 8-12% / yr.
Run 5-STAGE REVIEW/REFRAME/REPRICE/REUP/REFER + 3-avoided-conversations + SLI quartile self-diagnosis + cyber-attestation gap audit + co-managed pivot = 25-35% MRR uplift per renewal cycle / 95%+ gross retention / 110-120% NRR / 8-12x EBITDA exit multiple. Flat-rate-don't-poke-the-bear + skip-QBR + avoid-price-conversation + sell-break-fix-language + ignore-cyber-attestation = 5-15% MRR uplift / 82-88% gross retention / lose mid-market clients to Evergreen + DataPrise / 4-6x EBITDA exit multiple.
Five stages. Three avoided conversations. Roadmap before renewal.
SECTION 1 -- INTRO + AGENDA (0:00-0:10)
π‘ Coach Note
Do NOT open with the Kaseya 365 bundle slide or the ConnectWise stack deck. Stand at the whiteboard, say the Service Leadership Index Q4 2024 quartile numbers, tell the two-owner cold-open story, end with the three renewal conversations every MSP owner avoids + the cyber-insurance attestation gap that will surface in 60% of your renewals over the next 12 months.
Ten minutes. Hard stop at 0:10.
The numbers, then the story.
The numbers. Per Service Leadership Index Q4 2024 + ConnectWise IT Nation Connect 2024 + Channel Futures MSP501 + Pax8 Beyond 2024 + Datto Global State of the MSP: Best-in-Class MSPs (top quartile) run 20-25% EBITDA + $220K-$280K revenue/FTE + 60-75% recurring revenue mix + 8-12% NN-ACV growth + 92-96% gross retention + 105-115% net revenue retention + raise prices 5-8%/yr at renewal + derive 25-40% gross profit from cybersecurity stack + deliver QBRs to 80-95% of clients + deliberately fire bottom 8-12% of clients/yr.
Median MSPs run 12-15% EBITDA + $140K-$170K rev/FTE + raise prices 1-3%/yr + QBR to 40-55% of clients. Worse-quartile MSPs run 3-8% EBITDA + raise prices 0% + hold onto money-losing clients. Per Peter Kujawa (ConnectWise Service Leadership SVP), operating-model differences β not technology stack β explain ~70% of the quartile spread.
Layer on the structural squeeze. Microsoft NCE (March 2022 + April 2024 + April 2025 price increases) compressed MSP M365 margins from ~20% historical to ~15% + Azure to ~5-10% + Copilot to 0%. M365 fell from contributing 12-18% gross profit to 6-10% for the median MSP per Service Leadership.
Cybersecurity stack inflation is the only structural offset: SentinelOne + Huntress + ThreatLocker + Blackpoint + Bitdefender + Coro + Todyl bundled into a $35-$75/seat/mo security wrap on top of $90-$180/seat managed services. Per Coalition + At-Bay + Cowbell + Marsh 2024 cyber-renewal reports, cyber-insurance carriers refused renewal or raised premiums 200-400% for clients missing MFA-everywhere + EDR + immutable backups + 24/7 SOC + SAT + DNS filter + ITDR.
Per Pax8 + Channel Futures MSP501: ~60% of mid-market MSP renewals 2024-2027 will surface a cyber-attestation gap the client cannot honestly check.
The story. Owner A renewed a 65-seat industrial-distributor in Cincinnati at $135/seat flat for 3 years β no QBR in 14 mo, no roadmap, no cyber-attestation review. 8 months in, Evergreen Services Group's BDR called the CFO three times in Q3 with a security-uplift conversation framed as cyber-policy-eligibility.
CFO terminated for cause (inadequate security posture documented in renewal cyber-questionnaire), paid penalty, signed with Evergreen at $178/seat including the security wrap. Owner A lost $105K ARR + the reference + the referral pipeline.
Owner B renewed an 80-seat precision-manufacturer in Grand Rapids 4 months later. Day 90: Service Leadership-style QBR (uptime 99.94% + ticket 2.3 hrs + 18 projects + cybersecurity 7.2/10). Day 75: cyber-attestation gap audit against the renewed Coalition policy β 9 gaps (no Huntress MDR + no ITDR + no immutable backups + no SAT cadence).
Day 60: REPRICE pitch β $14K β $22K/mo (base lift + $75/seat security wrap + co-managed bolt-on for 2 internal IT staff). Day 30: client signed 3-year MSA at $22K/mo + Huntress + ThreatLocker + Blackpoint + Cork + co-managed retainer. Lift: $96K ARR/yr + cyber-insurance reference + 2 vertical referrals + MSP501 jump #287 β #198.
β οΈ Common Trap
*"Owner A got beat by PE money + we can't compete with Evergreen's marketing budget + flat renewal kept the client three years longer."* (1) "Kept the client three years longer" is the post-mortem Evergreen prints in its acquisition deck. (2) Flat renewal is not retention β it's a delayed loss + margin erosion + PE-rollup-bait.
(3) The CFO didn't terminate over price β she terminated over cyber-insurance policy denial + no QBR documentation + no roadmap conversation. Evergreen's BDR didn't win on marketing β Evergreen won because Owner A didn't have the REPRICE-REUP-REFER conversation.
REVIEW before REFRAME. REFRAME before REPRICE.
Transition: "Next 50 minutes: 5-stage MSA renewal, 3 avoided conversations, two role-plays. Let's go."
SECTION 2 -- THE TEACH (0:10-0:35)
π‘ Coach Note
Twenty-five minutes. Split into 5-STAGE MSA RENEWAL (15 min, ~3 min/stage) + Three Renewal Conversations Every MSP Owner Avoids (10 min) + SLI Quartile Self-Diagnosis (2 min). Pause for one clarifying question per stage.
End-of-section test: every vCIO recites all 5 stages + 3 avoided conversations + the cyber-attestation gap checklist + a 60-second REPRICE pitch verbatim without notes.
Part A -- The 5-STAGE MSA RENEWAL CONVERSATION (15 min)
Most lost MSP renewals collapse at Stage 1 (skipped QBR + roadmap-less renewal letter) or Stage 3 (avoided price-increase conversation + flat-rate-out-of-fear). You don't keep a 50-seat mid-market client with a flat-rate renewal letter β you EARN the next 3-year MSA by REVIEWING uptime/ticket/security data in a QBR, REFRAMING IT as risk-mitigation not cost-line, REPRICING with cyber-attestation gap audit, REUPPING on co-managed/security/governance, and REFERRING into vertical peers.
Stage 1 -- REVIEW (3 min)
The MSA renewal conversation starts 90 days before contract expiry with a structured QBR using a Service Leadership-style scorecard: uptime % + avg ticket-resolution time + tickets-per-seat + strategic projects delivered + cybersecurity posture score + Microsoft tenant health + backup-test results.
The CFO + Office Manager + COO must SEE the data in a format her board would accept. No QBR = no data = no leverage at renewal.
π€ Verbatim Script -- REVIEW
*"Karen β quarterly review pulled. Last 12 months: 99.94% uptime vs SLA 99.5%. 2.3-hour avg ticket resolution vs SLA 4 hrs.
412 tickets resolved across 50 seats = 8.2/seat/yr inside Service Leadership Best-in-Class band 7-10. 18 strategic projects delivered including the Sage 300 upgrade + the Fortinet refresh + the M365 E5 migration. Cybersecurity posture score 7.2/10 vs target 9.0 β that 1.8-point gap is the renewal conversation."*
Common trap. Skipping QBR ("the client never asks for it"). Median MSPs run QBRs for 40-55% of clients; Best-in-Class 80-95%. No QBR = the renewal letter arrives as a price-increase ambush + client never saw the value + Evergreen BDR closes them in 6 months.
Stage 2 -- REFRAME (3 min)
Anchor IT as risk-mitigation + cyber-insurance-eligibility + business-continuity β NOT as break-fix cost-line. The CFO writes the check for risk-mitigation; she fights the check for break-fix. Per Gary Pica TruMethods + Robin Robins TMT + Peter Kujawa, the single highest-leverage reframe is "we are your cyber-insurance-policy enabler" because the cyber-insurance application is sitting in her email.
π€ Verbatim Script -- REFRAME
*"Karen β three things changed since we signed. (1) Your Coalition cyber-policy renewal questionnaire has 63 technical-attestation questions, you can honestly check 41. The gap is policy denial or 200-400% premium per Marsh 2024 cyber-renewal report.
(2) Your regulatory exposure under CMMC 2.0 + NY DFS Part 500 + state breach laws doubled. (3) Ransomware downtime for a 50-seat manufacturer averages $18K-$42K/day per Coveware + Sophos State of Ransomware. **You are not buying IT support.
You are buying cyber-insurance eligibility + regulatory compliance + business continuity.** That is the renewal frame."*
Common trap. Pitching faster ticket-resolution + better helpdesk + new RMM dashboards. CFOs don't care about RMM dashboards. Reframe to insurance + compliance + continuity = the CFO writes the check without the Office Manager fight.
Stage 3 -- REPRICE (3 min)
The price-increase conversation. Best-in-Class MSPs lift 5-8%/yr + add $35-$75/seat security wrap + introduce co-managed governance retainer for growing clients. Worse-quartile MSPs lift 0% out of fear + watch margins erode + lose clients anyway 18 months later to PE-rollup competitors.
π€ Verbatim Script -- REPRICE
*"Karen β three components. (1) Base $135 β $145/seat = 7.4% lift anchored to Service Leadership labor index + NCE pass-through + Azure growth. (2) Cybersecurity wrap $0 β $65/seat β Huntress MDR + ThreatLocker + Blackpoint 24/7 SOC + Cork + KnowBe4 SAT β closes 7 of 9 gaps.
(3) Co-managed governance $3.5K/mo β partners your 2 internal IT + vCIO + after-hours. Total $14K β $22K/mo = $96K ARR lift / $480K over 5 yrs. Cyber-premium savings $18-$32K/yr."*
Common trap. Lifting the base $5/seat + adding nothing else. The lift comes from the SECURITY WRAP + CO-MANAGED, not the base-rate increase. Best-in-Class MSPs grow MRR per client 15-30%/yr on security stack attach + co-managed conversion β not on base-rate increases.
Stage 4 -- REUP (3 min)
Lock in the 3-year MSA with annual price-escalator (CPI + 2-3% floor, 6% cap) + automatic renewal clause + scope-change governance + co-managed expansion options. Best-in-Class MSPs hold 95%+ gross retention because their MSAs are board-defensible, audit-clean, and built for the cyber-insurance + M&A-due-diligence environment.
π€ Verbatim Script -- REUP
*"Karen β proposed MSA. 3-yr term + CPI+2% escalator floor + 6% cap + auto-renew 90-day + scope governance quarterly + co-managed expansion if you hire 3rd IT FTE + annual cyber-attestation review with Coalition. Termination for cause = SLA breach + 90-day cure.
For convenience = 6 mo notice + unamortized onboarding + 50% of remaining recurring."*
Common trap. Letting the client dictate 1-year terms + no escalator + termination-for-convenience 30-day notice. That MSA is M&A-toxic + cyber-insurance-toxic + PE-roll-up-bait. A 3-year MSA with escalator + auto-renew is the valuation multiplier at exit.
Stage 5 -- REFER (3 min)
Convert the renewed client into vertical-segment referral engine β 2-3 named introductions per renewed client per year. The closed-and-renewed CFO is your best BDR for the next 10 mid-market manufacturers in the metro. Robin Robins TMT calls this "the renewal-to-referral flywheel" β Best-in-Class MSPs generate 35-50% of new logo growth from existing-client referrals vs Median 10-18%.
π€ Verbatim Script -- REFER
*"Karen β one ask. You signed because you trust the cyber-insurance + business-continuity frame + the QBR cadence. Three CFO peers in West Michigan manufacturing β Diana at Hartwell Industries, Marcus at Riverside Precision, Sarah at Lakeshore Stamping β same 40-100 seat profile, same cyber-insurance pressure.
20-minute intro email + I take it from there. Reciprocal: I send you our quarterly West Michigan Manufacturing IT-Risk Briefing + tee you up as a speaker at our IT Nation roundtable."*
Common trap. Asking for referrals at MSA signing month 1. Wrong moment. Best-in-Class MSPs ask at month 6 after first successful QBR delivered + cyber-attestation gap closed + project win documented.
Part B -- The Three Renewal Conversations Every MSP Owner Avoids (10 min)
Per Service Leadership + Robin Robins + Gary Pica TruMethods + Peter Kujawa, three conversations explain ~60-75% of the EBITDA gap between Best-in-Class and Worse-quartile MSPs. Owners avoid them out of fear + habit + "don't poke the bear" + remembered original "all you can eat for $X" promise.
Conversation 1 -- "We need to talk about the price increase"
Worse-quartile MSPs hold base rates flat for 3-5 years + watch labor inflation + NCE M365 margin compression + cybersecurity vendor stack inflation erode EBITDA from 12% to 4%. Best-in-Class lift 5-8%/yr every year anchored to Service Leadership labor-cost index + NCE pass-through + Microsoft published price changes.
Script: *"Karen β annual price review per our MSA Section 4.2. Service Leadership labor-cost inflation 6.2% last year + NCE M365 pass-through 12% + Azure consumption growth 18% on your tenant. Lift is 7.4%.
Same scope. Effective 30 days."*
Conversation 2 -- "Your current security stack does not meet the cyber-insurance attestation bar"
MSPs avoid telling clients the truth about EDR-vs-AV + MFA-everywhere + 24/7 SOC + immutable backups + ITDR + SAT cadence because it requires admitting prior stack was insufficient. The longer the conversation is delayed the worse the disclosure liability when the breach happens.
Script: *"Karen β your Coalition renewal questionnaire arrived Tuesday. I ran it against your current stack. 9 gaps. 7 are insurance-blockers under Coalition's 2025 underwriting rules. We have 60 days to close before policy expiry.
Here's the proposed uplift + the cost + the alternative which is policy denial + 200-400% premium hunt + likely uninsurable status."*
Conversation 3 -- "You are no longer a good fit and we are not renewing"
Best-in-Class MSPs deliberately fire bottom 8-12% of clients annually β clients who consume 3-5x ticket volume per seat + drive technician burnout + run negative gross margin + refuse security uplift + treat support as adversarial. Script: *"Karen β appreciate the 4-year relationship.
After internal review we are declining to renew the MSA expiring March 31. Two reasons. (1) Your usage pattern is 4.2x our managed-services base assumption β we lose money every month.
(2) You declined the security uplift in 2024 + 2025 β we cannot underwrite the cyber-risk. We will support transition for 90 days + provide warm intro to two MSPs whose model fits better. Karen Smith at Apex Network + Tom Garcia at Bolt IT will both call you this week."*
Part C -- SLI Quartile Self-Diagnosis (2 min)
Every MSP owner in the room self-diagnoses on the 5 metrics: EBITDA % + revenue per FTE + recurring revenue mix + NN-ACV growth + gross retention. The numbers are non-negotiable per Service Leadership 2024 Annual Industry Benchmarking Report. The room learns instantly which quartile they're in + which 2-3 metrics are blocking the next quartile jump.
π― Bottom Line
5 stages + 3 avoided conversations + SLI quartile self-diagnosis + cyber-attestation gap audit + co-managed pivot + Microsoft NCE margin defense + price-increase script = 25-35% MRR uplift per renewal cycle + 95%+ gross retention + 110-120% NRR + 8-12x EBITDA exit multiple. Stages without the avoided conversations = competent QBR delivery that loses to Evergreen because you wouldn't raise the price.
Avoided conversations without the stages = aggressive pricing that breaks the relationship without a QBR + cyber-attestation foundation.
SECTION 3 -- THE DISCUSSION (0:35-0:45)
π‘ Coach Note
Whiteboard. Write REVIEW / REFRAME / REPRICE / REUP / REFER across 5 columns + PRICE / SECURITY / FIRE down the side. Each vCIO audits her last 10 renewals out loud β which stage she skipped, which avoided conversation she ducked, what quartile her behavior put her in. Count to five after each prompt.
1 β "When do you walk away from a renewal because the client refuses the cyber-attestation uplift?" When the client's stack has 5+ gaps that map to Coalition / At-Bay / Cowbell underwriting refusal AND the client explicitly declines the uplift after two written warnings AND your MSP's own cyber-insurance carrier (Coalition / Cork) flags the client as elevated-risk on your tower.
MSP Owner: *"Your $2M-$10M cyber tower premium goes up if you carry uninsured-grade clients. Fire them or eat the premium hike. Best-in-Class fires."*
2 β "When does the fully-managed-to-co-managed pivot trigger?" When the client hires their 2nd internal IT FTE or fractional CIO β the displacement signal. Per Service Leadership, co-managed deals run 3-5x larger per-client ARR ($120K-$400K vs $30K-$80K) + 40-55% gross margin vs 30-40%.
MSP Owner: *"Don't wait for the internal CIO to call. When you see the 2nd IT hire on LinkedIn, run the co-managed conversation in the next QBR. Otherwise they replace you in 18 months."*
3 β "Microsoft NCE pass-through β annual commitment or monthly + how do you frame the 20% uplift to clients?" Default to annual commitment with monthly billing for stable seat-count + monthly for hyper-growth + Frankenstein hybrid for seasonal. Pass through Microsoft published price increases at the contractual anniversary + cite Microsoft Partner Center announcement + Channel Futures + ChannelE2E coverage.
MSP Owner: *"NCE pass-through is not optional β it's Microsoft published. The conversation is annual-vs-monthly trade-off, not whether the increase passes through."*
4 β "Pax8 vs direct CSP vs TD SYNNEX vs Sherweb β when does Pax8 marketplace stop making sense?" When MRR per client exceeds ~$8K-$12K AND you've consolidated to 3-5 SKU vendors AND you've built internal billing/provisioning infrastructure. Below $5K MRR Pax8 marketplace + bundled invoicing + Pax8 Beyond ecosystem wins on velocity.
MSP Owner: *"Pax8 sets the de-facto street price across the channel β fighting it on small SKUs is brand suicide. Differentiate on managed-services labor + security stack curation, not on license-resale margin."*
5 β "QBR cadence broke 18 months ago β how do you reset without the client noticing?" You can't. Acknowledge it in writing + reset cadence + deliver 2 consecutive Service Leadership-style QBRs back-to-back at 30 + 60 days + run the cyber-attestation gap audit as the QBR centerpiece.
MSP Owner: *"The CFO knows you stopped QBRing. Apologize once, reset hard, deliver twice. Reset within 90 days or lose the renewal."*
6 β "Worse-quartile pricing fear β how do you coach a service-delivery manager who refuses to deliver the price-increase conversation?" Ride along on 3 renewal pitches + script the verbatim + remove the conversation from her β owner delivers price, SDM delivers technical scope.
Worse-quartile pricing behavior is owner-coachable in 90 days per Peter Kujawa Service Leadership coaching observations. MSP Owner: *"Pricing is owner work. Don't outsource the renewal conversation to a tech-leaning SDM.
Wrong instinct, wrong reflexes, wrong outcome."*
7 β "Cyber-attestation gap audit β when do you bill for it vs include in QBR?" Include the annual attestation review in the MSA scope (40-min QBR segment). Bill the remediation engineering as project hours if scope is significant + offer flat-fee security-uplift packages tied to Coalition / At-Bay / Cowbell underwriting tiers.
MSP Owner: *"Attestation review = relationship currency. Remediation = revenue. Don't conflate the two."*
8 β "ONE verbatim change." Each vCIO: ONE stage skipped + ONE avoided conversation to deliver this week. MSP Owner: *"CRM task + next Monday huddle + ride-along on the first attempt."*
SECTION 4 -- TWO-PERSON ROLE-PLAY (0:45-1:05)
π‘ Coach Note
Pair vCIOs. Two scenarios, 10 min each, 60-sec reset between. Walk the imaginary boardroom + the CFO's office β DO NOT just sit. Listen for the verbatim *"cyber-insurance attestation gap"* (REFRAME) + whether the rep delivers the price-increase line without flinching + whether she pivots to co-managed when the buyer signals internal-IT growth.
Mark which stage + which avoided conversation each rep skips.
Role-Play 1 -- CFO at 50-Seat Precision-Manufacturer + Cyber-Insurance Denial (10 min)
Setup: Karen Hofstetter, CFO of Westshore Precision Components, a 50-seat ISO-9001-certified precision-manufacturing client in Grand Rapids MI on 3-year MSA expiring in 75 days at $135/seat/mo flat = $6,750/mo MRR / $81K ARR. Karen received Coalition cyber-policy renewal questionnaire 14 days ago + her broker said premium will go from $18K/yr to $54K/yr OR coverage denied if 9 gaps not closed in 45 days.
Karen is demanding flat renewal + has been pitched by Evergreen Services Group's BDR twice in Q3 with a security uplift conversation. vCIO is from Lakeshore Managed IT, a $4.2M ARR MSP in Grand Rapids/Kalamazoo/South Bend. Run full 5-STAGE + deliver all 3 avoided conversations + close the renewal at $22K/mo ($264K ARR / 326% lift).
π€ PROSPECT -- Karen Hofstetter
47, 9-yr CFO, 50-seat precision-manufacturer (Tier-2 automotive + aerospace supplier), Grand Rapids native, board-reports monthly to owner-family, financially literate, distrusts IT vendor "scope creep," leads PRICE conversation primary SECURITY secondary.
Deflection 1 (min 4): *"We've been flat at $135/seat for three years and we like it that way. Your competitor Evergreen quoted me $128/seat including a security wrap. Why am I getting a 60% increase from you when the market is going DOWN?"*
Deflection 2 (min 8): *"The Coalition gaps are Coalition's problem, not mine. I'll just switch carriers. Tom at Travelers said he can write me without the EDR or the 24/7 SOC requirements. So why am I buying a $65/seat security wrap I don't need?"*
π€ vCIO
- Min 0-3 (REVIEW + REFRAME): *"Karen β QBR pulled. 99.94% uptime + 2.3-hr ticket + 18 projects + cybersecurity 7.2/10 vs target 9.0. Three changes since 2022 MSA. (1) Coalition underwriting tightened β 63 attestations, you can check 41 + Marsh 2024 shows 200-400% premium hikes on gaps. (2) CMMC 2.0 + NY DFS + state breach laws doubled Tier-2 automotive exposure. (3) Ransomware downtime 50-seat manufacturer $18K-$42K/day per Coveware. You are not buying IT support β you are buying cyber-insurance eligibility + regulatory compliance + business continuity."*
- Min 3-5 (REPRICE): *"Three components. (1) Base $135 β $145/seat = 7.4% lift β Service Leadership labor index + NCE pass-through + Azure consumption growth. (2) Security wrap $65/seat β Huntress MDR + ThreatLocker + Blackpoint 24/7 SOC + Cork + KnowBe4 β closes 7 of 9 Coalition gaps. (3) Co-managed governance $3.5K/mo β partners your IT director Mike + after-hours + vCIO quarterly. Total $14K β $22K/mo = $96K ARR lift / $480K over 5 yrs. Cyber-premium savings $18K-$32K/yr pays half."*
- Min 5-7 (Deflection 1 β Evergreen at $128): *"Three on Evergreen. (1) Pull the SOW β $128 base excludes MDR + 24/7 SOC + co-managed + has 5-yr auto-renew + 30-day termination favoring Evergreen. Read Sections 9 + 14. (2) Evergreen acquires 18-30 MSPs/yr per Channel Futures β your AM turns over every 14-18 mo. Mike has owned your account 4 yrs + knows your Sage ERP + Mastercam + FANUC integration. (3) Their pitch deck β I have it β shows Westshore as Michigan-manufacturing acquisition target. Not selling MSP services β sourcing acquisition targets. Your call."*
- Min 7-9 (Deflection 2 β switch carriers): *"Three on the Travelers swap. (1) Tom's verbal isn't underwriting β Travelers' 2025 cyber app has the same 63 attestations + EDR + 24/7 SOC per Marsh + AON 2024. 'We can write you' is broker enthusiasm not underwriting commitment. (2) Tier-2 automotive β Ford/GM/Stellantis supplier-portal requires PPAP Q3 2025 cyber-attestation. Attest to OEM what you cannot attest to Coalition = supplier-removal = revenue cliff. (3) Owner-family carries personal liability under MI piercing-corporate-veil if uninsured breach occurs. $65/seat is the floor for Tier-2 supplier status + owner-family protection. Pull the Travelers app + I walk Section 8 with you."*
- Min 9-10 (REUP + REFER): *"Two asks. (1) 3-yr MSA at $22K/mo + CPI+2% escalator + 6% cap + auto-renew 90-day + co-managed expansion if you hire 3rd IT FTE + annual cyber-attestation review built into Q4 QBR. (2) One West Michigan manufacturing CFO peer intro β Diana at Hartwell, Marcus at Riverside Precision, Sarah at Lakeshore Stamping. 20-min email. Sign?"*
60-Second Reset
π‘ Coach Note
"Switch sides β 60-sec reset." Stand up. Read the OTHER role's paper. Go.
Role-Play 2 -- Office Manager at 12-Seat Law Firm + "My Cousin Does It for $65/Seat" (10 min)
Setup: Linda Marsh, Office Manager at Marsh, Henley & Polk LLP, a 12-attorney + 8-staff personal-injury + estate-planning law firm in Toledo OH on 2-year MSA expiring in 45 days at $115/seat/mo = $2,300/mo MRR / $27.6K ARR. Linda is the founding partner's wife + has authority over IT spend + has been the MSP's day-to-day contact for 5 years.
She has just heard from her nephew (recent CompTIA A+ + just laid off from Best Buy Geek Squad) that he can do everything you do for $65/seat = $780/mo. Linda has zero technical context but high authority + low budget anxiety. The firm handles PHI under HIPAA + PII under state bar professional-conduct rules + carries $3M cyber-liability via Chubb. vCIO is from Lakeshore Managed IT.
Run full 5-STAGE + handle two deflections + close the renewal at $148/seat + $35 security wrap = $2,196/mo MRR + Chubb attestation alignment.
π€ PROSPECT -- Linda Marsh
58, Office Manager + founding partner's wife, 5-yr MSP relationship, non-technical but high-authority + budget-conscious, leads PRICE conversation hard with SECURITY as background anxiety she doesn't articulate.
Deflection 1 (min 4): *"My nephew Brian just got his CompTIA A+ certification + got laid off from Geek Squad. He said he can manage everything you do for $65/seat. That's $780/mo vs your $2,300. That's a $1,500/mo savings β $18K/year. Why would I not do that?"*
Deflection 2 (min 8): *"We've never had a breach in 5 years. The Chubb policy is in force. Brian says we don't need 24/7 monitoring for 12 attorneys + 8 staff. Why are we suddenly buying a security wrap?"*
π€ vCIO
- Min 0-3 (REVIEW + REFRAME): *"Linda β QBR data. 99.91% uptime + 2.8-hr ticket + 8 projects including Clio migration + M365 E5 + immutable backup deployment. Three changes. (1) HIPAA OCR enforcement β 2024 settlements averaged $1.2M for small-practice PHI breaches per HHS breach portal. (2) Ohio Bar + ABA Opinion 477R + 498 β attorneys have duty to protect PII + use competent technology β failure = malpractice exposure beyond cyber-policy. (3) Chubb 2025 renewal requires MFA + EDR + immutable backup + SAT + 24/7 monitoring for PHI practices. You are buying HIPAA-compliance + Bar professional-conduct + Chubb-eligibility β not IT support."*
- Min 3-5 (REPRICE): *"Three components. (1) Base $115 β $148/seat = 28% lift β labor index + NCE pass-through + Clio integration + Copilot rollout. (2) HIPAA security wrap $35/seat β Huntress MDR + ITDR + Defender for Endpoint + KnowBe4 HIPAA SAT + DNS filter β meets Chubb 2025 + HHS safe-harbor. (3) $148 + $35 = $183/seat Γ 12 = $2,196/mo β comparable to $2,300 current but HIPAA-compliant + Chubb-aligned. Same check, fundamentally different risk posture."*
- Min 5-7 (Deflection 1 β nephew Brian): *"Three on Brian, with respect. (1) CompTIA A+ certifies break-fix desktop technician β not HIPAA-compliant MSP ops, RMM administration, SIEM, cyber-attestation, or Bar technology standards. ABA Opinion 477R requires supervising attorney to evaluate vendor competency β Brian + A+ does not meet that bar. Malpractice exposure if Brian misconfigures. (2) No 24/7 SOC + no MDR + no immutable backup + no SAT = Chubb policy denial at Q1 + HIPAA safe-harbor loss + Bar exposure to founding partner personally. (3) Brian carries no $5M E&O, $2M cyber tower, SOC-2 Type-2, or HIPAA BAA infrastructure. Ransomware-against-law-firms up 167% per Sophos 2024. When breach happens, founding partner's personal assets cover the firm. Have the conversation with the founding partner before signing Brian."*
- Min 7-9 (Deflection 2 β never had a breach): *"'Never had a breach' is the most expensive sentence in MSP renewals. (1) Per Coveware Q4 2024, avg days-to-detection for law firms without MDR is 207 days β most firms have been breached + don't know. Your dark-web exposure report β 14 attorney + staff credentials on breach forums last 18 mo. (2) Chubb 2025 underwriting explicitly excludes coverage for breaches from missing-MFA or missing-EDR on renewed policies β Chubb tower is conditional on attestation accuracy. (3) Ohio Bar Disciplinary Counsel prosecuted 4 attorneys 2023 under DR 1-104 β suspension + public censure + malpractice rate impact. The $35/seat wrap is the floor."*
- Min 9-10 (REUP + REFER): *"Two asks. (1) 2-yr MSA + $183/seat blended + HIPAA-aligned + Chubb-attestation built into Q4 QBR + 90-day termination + annual scope review with founding partner. (2) Two Toledo + Dayton law-firm peers β Frank at Patterson Estate Law + Maria at Greenfield Family Law β same Chubb tower + HIPAA exposure. 20-min intro email. Sign + I deliver the founding-partner briefing on Brian-vs-Lakeshore + ABA 477R within 7 days as part of MSA close."*
π‘ Coach Note
Rep will want to (a) match nephew's $65/seat with discount β DON'T, race-to-bottom destroys MSA + signals weakness; (b) attack Brian personally β DON'T, position by competency framework not personal criticism; (c) skip Chubb-attestation language because Linda is non-technical β DON'T, the founding partner is the actual buyer; (d) accept "I'll think about it" without delivering Bar Opinion 477R briefing as MSA-close artifact β DON'T, the briefing is the close.
Re-deliver verbatim.
SECTION 5 -- DEBRIEF + COMMITMENTS (1:05-1:10)
π‘ Coach Note
Three debrief Qs, then commitments. The ritual moves next quarter's MSA renewal MRR-uplift + price-increase delivery rate + cyber-attestation review attach rate + co-managed pivot conversion rate + SLI quartile movement.
Debrief 1 β "Strongest stage? Weakest?" vCIOs over-index REVIEW (QBR data feels familiar + tangible), under-index REPRICE (the price-increase conversation is uncomfortable + vCIOs cut to "let's just keep it flat") + REFER (asking for referrals at month 6 feels presumptuous + nobody does it).
MSP Owner: *"Skip REPRICE or REFER + your MRR per client stays flat + your CAC payback worsens + your exit multiple drops 2-3x."*
Debrief 2 β "Avoided conversation you dodged most?" Most name "the price increase" β vCIOs prefer technical conversations + flinch at money. MSP Owner: *"When you flinch on the price-increase conversation, the client smells it + Evergreen calls them in Q3 + you lose the client AND the lift.
Worse-quartile owners run flat for 4 years + wonder why their EBITDA is 6%."*
Debrief 3 β "Renewal you owe a redo?" Each names ONE recent renewal that closed flat or didn't include the security wrap. MSP Owner: *"Email within 48 hrs 'Karen β Coalition just published 2025 underwriting standards Tuesday. I ran your stack against the new bar β 4 fresh gaps surfaced. 30-min call to walk through?' Mid-cycle attestation review = mid-cycle MRR uplift opportunity at 30-40% of clients per Robin Robins TMT case studies."*
π€ Commitment Ritual (Verbatim)
MSP Owner: "Open the PSA. Four lines. (1) specific renewal that closed flat or under-uplifted (client + ARR + the avoided conversation + the verbatim 'flat' or 'next year' language).
(2) stage skipped + verbatim line to redeliver this quarter. (3) avoided conversation you dodged + how you'd reframe. (4) one client who needs the cyber-attestation gap audit + co-managed pivot conversation booked in the next 30 days.
Read aloud."
Coach the vague: *"Which client? Which gap? Which lift number? Out loud now."*
Closes: "1:1 renewal-pitch-shadow within 14 days. Not whether you held the client β whether you ran QBR with Service Leadership scorecard + delivered the cyber-attestation gap audit + delivered the price-increase verbatim + introduced the co-managed option + asked for the vertical-peer referral."
SECTION 6 -- LEAVE-BEHIND WALKTHROUGH (1:10-1:13)
π‘ Coach Note
Hand out the printed one-pager. 30 seconds per section. Digital version in the firm CRM + PSA. One in every vCIO bag + war-room wall + Monday-huddle binder.
π Leave-Behind -- "The 5-Stage MSA Renewal Script Card" One-Pager
7 THINGS TO BRING ON EVERY MSA RENEWAL: (1) QBR scorecard template (uptime + ticket-resolution + tickets/seat + projects + cybersecurity posture + tenant health + backup-test). (2) SLI quartile self-diagnosis. (3) Cyber-attestation gap checklist (Coalition / At-Bay / Cowbell / Travelers / Chubb mapped to current stack).
(4) NCE margin-defense calculator. (5) Co-managed conversion pitch deck. (6) Price-increase script (Section 4.2 MSA reference).
(7) MSA template (3-yr + CPI+2% escalator + auto-renew + scope governance + termination).
THE 5-STAGE MSA RENEWAL SCRIPT CARD: (1) REVIEW Day 90 β *"QBR data: 99.94% uptime + 2.3-hr resolution + 412 tickets + 18 projects + cybersecurity 7.2 vs target 9.0. That 1.8-pt gap is the renewal conversation."* (2) REFRAME Day 75 β *"You are not buying IT support β you are buying cyber-insurance eligibility + regulatory compliance + business continuity."* (3) REPRICE Day 60 β *"Three components: base 7.4% lift + $65/seat security wrap + $3.5K/mo co-managed = $14K β $22K/mo / $96K ARR / $480K over 5 yrs.
Cyber-premium savings $18-$32K/yr pays half."* (4) REUP Day 30-15 β *"3-yr MSA + CPI+2% escalator floor + 6% cap + auto-renew 90-day + scope governance + co-managed expansion + annual cyber-attestation review built into Q4 QBR."* (5) REFER Day 30 post + month 6 β *"Three CFO peers β Diana / Marcus / Sarah. 20-min intro email.
Reciprocal IT-Risk Briefing + IT Nation roundtable slot."*
THE 3 AVOIDED CONVERSATIONS: (1) Price increase β *"Annual review per MSA Section 4.2. Service Leadership labor 6.2% + NCE 12% + Azure 18%. Lift 7.4%."* (Best-in-Class 5-8%/yr vs Worse 0%).
(2) Cyber-attestation gap β *"Coalition questionnaire Tuesday. 9 gaps. 7 are insurance-blockers. 60 days to close."* (Best-in-Class 25-40% GP from security vs Worse 5-10%). (3) Fire the client β *"Declining to renew. 4.2x base usage + declined uplift twice. 90-day transition + warm intros to Apex + Bolt."* (Best-in-Class fire 8-12%/yr vs Worse 3-5%).
SLI QUARTILE SELF-DIAGNOSIS: Best-in-Class 20-25% EBITDA / $220-$280K rev/FTE / 60-75% recurring / 8-12% NN-ACV / 92-96% gross retention / 105-115% NRR / 80-95% QBR / 5-8% annual uplift / 25-40% GP from cyber / fire 8-12%/yr. Median 12-15% / $140-$170K / 50-60% / 3-5% / 85-90% / 95-100% / 40-55% / 1-3% / 12-20% / 5-7%/yr.
Worse 3-8% / $95-$120K / 35-45% / flat-to-neg / 78-85% / 88-95% / 15-25% / 0% / 5-10% / 3-5%/yr. (Full table in The Numbers Behind The Training.)
THE 12-CONTROL CYBER-INSURANCE ATTESTATION GAP CHECKLIST (Coalition / At-Bay / Cowbell 2025 underwriting):
(1) MFA on email + VPN + remote + admin (Authenticator / Duo). (2) EDR not AV on 100% endpoints (SentinelOne / Huntress / Bitdefender / CrowdStrike). (3) Immutable backups + offline copy + tested restore (Datto BCDR / Veeam / Acronis / Cove / Axcient).
(4) 24/7 SOC + MDR (Blackpoint / Huntress MDR / Arctic Wolf / SentinelOne Vigilance). (5) Email security + phishing filter (Vade / Proofpoint Essentials / Defender for O365). (6) SAT monthly cadence (KnowBe4 / Huntress SAT / Hook Security / INFIMA).
(7) DNS filtering (DNSFilter / Cisco Umbrella / WebTitan). (8) Privileged Access Mgmt (CyberQP / ThreatLocker Elevation / Delinea / BeyondTrust). (9) ITDR β identity threat detection (Huntress ITDR / Defender for Identity) β 2025 underwriting requirement.
(10) Vulnerability scanning + patching SLA monthly (Auvik / ConnectSecure / Galactic Advisors / Liongard). (11) Incident response retainer for $5M+ towers (Coalition IR / Arete / Mandiant / S-RM). (12) Admin-account separation + RDP not internet-exposed (ThreatLocker / Microsoft Entra / Duo / Auvik).
NEVER DO: renew flat without QBR (Evergreen wins on roadmap conversation) / skip price-increase conversation out of fear (Worse-quartile behavior + 4% EBITDA outcome) / pitch faster ticket-resolution to CFO (she doesn't care, REFRAME to insurance + compliance + continuity) / accept "we never had a breach" (Coveware 207-day detection + dark-web credential audit reveals otherwise) / let nephew-with-A+ undercut on price (CompTIA A+ doesn't certify HIPAA-MSP-operations) / pass-through Microsoft NCE silently (Section 4.2 MSA citation required) / single-thread Office Manager when founding partner is real buyer / forget Bar Opinion 477R + HIPAA OCR + Chubb attestation citations / skip cyber-attestation gap audit as renewal centerpiece / hold onto money-losing clients (Best-in-Class fire 8-12%/yr) / outsource price-increase to service-delivery manager (owner work) / treat Pax8 marketplace as profit center (it's velocity + ecosystem, differentiate elsewhere) / ignore Service Leadership Index quartile data at owner-level (operating model not tech explains 70% of EBITDA spread).
OUTCOME LINE: Full discipline β 25-35% MRR uplift per renewal cycle + 95%+ gross retention + 110-120% NRR + 5-8%/yr annual price escalator + 25-40% gross profit from cybersecurity stack + co-managed conversion 15-25% of fully-managed mid-market clients + 8-12x EBITDA exit multiple to PE buyer + MSP501 ranking jump + IT Nation Connect case-study credibility.
Flat-renewal + skip-QBR + avoid-price + sell-break-fix-language + ignore-cyber-attestation + hold-money-losing-clients β 5-15% MRR uplift + 82-88% gross retention + 95-100% NRR + 0-2% annual escalator + 5-10% GP from cybersecurity + lose mid-market clients to Evergreen/DataPrise/Integris within 18 months + 4-6x EBITDA exit multiple + Worse-quartile MSP501 ranking decline.
π― If You Only Remember One Thing
**You don't keep a 50-seat client with a flat-rate renewal letter β you keep her by (1) running a Service Leadership-style QBR 90 days before contract expiry (REVIEW), (2) reframing IT as cyber-insurance + regulatory + continuity not break-fix (REFRAME), and (3) delivering the price-increase + cyber-attestation gap audit + co-managed pivot as one integrated three-component MSA proposal (REPRICE).
Every MSP relationship managed on don't-poke-the-bear flat-renewal is a future loss to Evergreen Services Group or New Charter Technologies within 18 months; every relationship managed on QBR-anchored + roadmap-driven + cyber-attestation-current + co-managed-ready renewal cadence is a moat your PE-rollup competitors can't cross because it takes 36-48 months of cycles to build.**
How This Training Sits Inside Your MSP Operating Motion
Monday vCIO huddle weekly β review prior week's QBRs + renewal pitches by 5-stage + avoided conversation + 1 verbatim drill. Day 90 pre-renewal REVIEW Service Leadership QBR scorecard. Day 75 REFRAME cyber-attestation gap audit + CMMC 2.0 + ransomware downtime math.
Day 60 REPRICE three-component proposal + cyber-premium savings math. Day 30-15 REUP 3-yr MSA + escalator + auto-renew + scope governance. Day 30 post + month 6 REFER vertical-peer intros + reciprocal IT-Risk Briefing + IT Nation roundtable speaker slot.
Three avoided conversations overlay every cycle. Owner-level SLI quartile review quarterly + 90-day operating-model fix.
The 5-Stage MSA Renewal Flow
The Cyber-Attestation Gap Decision Tree
π Sources, Frameworks, And Research Cited
The 5-STAGE MSA Renewal, Three Avoided Conversations, SLI quartile framework, and 25-35% MRR-uplift benchmarks draw on MSP industry research, ConnectWise + Kaseya + N-able + NinjaOne platform vendor reporting, Service Leadership Index benchmarking, Pax8 + cybersecurity vendor channel data, and cyber-insurance underwriting standards.
Industry benchmarking. Service Leadership Index (Peter Kujawa, ConnectWise SVP) Q4 2024 + 2024 Annual Industry Benchmarking Report β Best-in-Class 20-25% EBITDA + $220K-$280K rev/FTE + 60-75% recurring + 92-96% gross retention + 5-8% annual uplift + 25-40% GP from cybersecurity + 80-95% QBR + fire 8-12%/yr; Median 12-15% EBITDA / 1-3% uplift; Worse 3-8% EBITDA / 0% uplift.
ConnectWise IT Nation Connect (Orlando ~6K). Datto Global State of the MSP (Kaseya). Channel Futures MSP501 (~500 ranked).
CRN MSP 500. CompTIA Community State of the Channel.
MSP platform vendors. ConnectWise (Jason Magee, Tampa, Thoma Bravo, ~$1B+, ~45K MSPs) PSA + RMM + ScreenConnect + SIEM. Kaseya (Fred Voccola, Miami, Insight Partners, ~$2B) Kaseya 365 + VSA + BMS + IT Glue + Datto BCDR + RocketCyber + Graphus + DattoCon. N-able NYSE:NABL (John Pagliuca, Burlington MA, ~$400M, ~25K MSPs).
NinjaOne (Sal Sferlazza, Austin, ~$2B val, ~17K MSPs). Auvik (Doug Murray, Great Hill). Liongard (Joe Alapat).
Rewst (Aharon Chernin). IT Glue / Hudu / Pia / Cork / Galactic Advisors.
Cloud distribution + Microsoft NCE. Pax8 (Scott Chasin, Greenwood Village CO, ~$2B, ~38K MSPs, Pax8 Beyond Denver). TD SYNNEX + Ingram Micro + Sherweb + AppRiver. Microsoft NCE March 2022 + April 2024 + April 2025 price increases + Copilot $30/user/mo Nov 2023; CSP partner margins ~15% M365 / 5-10% Azure / 0% Copilot per Channel Futures + ChannelE2E.
Cybersecurity stack. SentinelOne NYSE:S (Tomer Weingarten). Huntress (Kyle Hanslovan, ~$200M ARR). CrowdStrike NASDAQ:CRWD MSP-channel.
Bitdefender (Florin Talpes). ThreatLocker (Danny Jenkins, Zero Trust World). Blackpoint Cyber (Jon Murchison).
Arctic Wolf (Nick Schneider). Todyl + Cynet + Coro + Vade (Hornetsecurity) + Proofpoint. KnowBe4 (Stu Sjouwerman).
DNSFilter + Cisco Umbrella + WebTitan.
Cyber-insurance + attestation. Coalition (Joshua Motta) + At-Bay (Rotem Iram) + Cowbell (Jack Kudale) + Resilience (Vishaal Hariprasad). Carriers Travelers NYSE:TRV + Chubb NYSE:CB + AIG + Beazley LSE:BEZ + Hiscox LSE:HSX. Brokers Marsh NYSE:MMC + AON NYSE:AON 2024 cyber-renewal reports β 200-400% premium hikes for gaps.
MSP education + community. CompTIA (Downers Grove, ~100K members, ChannelCon). ASCII Group (~2K MSPs). Robin Robins TMT (Franklin TN, ~9K members, Boot Camp + Producers Club). Gary Pica TruMethods (Kaseya 2021, Schedule for Success). Charles Weaver MSPAlliance (~30K MSPs).
MSP M&A + PE roll-ups. Evergreen Services Group (Alpine Investors, ~$1B+, ~150 acquisitions). New Charter Technologies (Oak Hill, ~$500M). Integris (Frontenac).
DataPrise. Thrive Networks (Court Square). Ntiva + ProArch + Right Networks (Cove Hill) + Cybersafe + Solutions Granted MSSP rollup.
Advisors Evolve M&A (Brad Stoller) + Service Leadership M&A + Cogent Growth Partners + Martinwolf + Houlihan Lokey. PE valuations 8-12x EBITDA for $3-$10M MSPs + 12-18x for $10M+ platforms.
Trade press. ChannelE2E (Joe Panettieri + Sara Roberts) + Channel Futures (Informa Tech) + CRN + MSP Today + Smarter MSP.
BCDR. Datto (Kaseya) + Veeam (Insight) + Acronis + Cove (N-able) + Axcient + DropSuite + Keepit + Spanning + AvePoint.
Regulatory. CMMC 2.0 + NY DFS Part 500 + HIPAA OCR (2024 settlements avg $1.2M small-practice) + ABA Opinion 477R + 498 + SOC-2 Type-2 + HIPAA BAA + PPAP Q3 2025 automotive supplier cyber-attestation (Ford/GM/Stellantis).
π The Numbers Behind The Training
Pulled from Service Leadership Index Q4 2024 + 2024 Annual Industry Benchmarking Report + ConnectWise IT Nation Connect 2024 + Kaseya DattoCon 2024 + Pax8 Beyond 2024 + Channel Futures MSP501 + Datto Global State of the MSP + Marsh + AON 2024 cyber-renewal reports + Coveware Q4 2024 + Sophos 2024 State of Ransomware + ChannelE2E M&A tracker.
MSP Industry Operating Benchmarks Q4 2024 (Service Leadership Index)
| Metric | Best-in-Class | Better | Median | Worse |
|---|---|---|---|---|
| EBITDA % of revenue | 20-25% | 16-20% | 12-15% | 3-8% |
| Revenue per FTE | $220K-$280K | $180K-$220K | $140K-$170K | $95K-$120K |
| Recurring revenue mix | 60-75% | 55-65% | 50-60% | 35-45% |
| NN-ACV growth | 8-12% | 5-8% | 3-5% | flat to negative |
| Gross retention | 92-96% | 88-92% | 85-90% | 78-85% |
| Net revenue retention (NRR) | 105-115% | 98-105% | 95-100% | 88-95% |
| QBR delivery rate | 80-95% | 60-75% | 40-55% | 15-25% |
| Annual price uplift at renewal | 5-8% | 3-5% | 1-3% | 0% |
| Cybersecurity stack % of gross profit | 25-40% | 18-25% | 12-20% | 5-10% |
| Deliberate client fire rate | 8-12%/yr | 5-8%/yr | 5-7%/yr | 3-5%/yr |
| Technology stack cost per FTE | <$8K/yr | $8-10K/yr | $10-13K/yr | $13-18K/yr |
MSP Platform Vendor Landscape (2024)
| Vendor | Ticker / Status | Revenue | MSP Customers | CEO |
|---|---|---|---|---|
| ConnectWise | private (Thoma Bravo) | ~$1B+ | ~45,000 | Jason Magee |
| Kaseya (incl. Datto $6.2B 2022) | private (Insight Partners) | ~$2B | ~50,000 | Fred Voccola |
| N-able | NYSE:NABL | ~$400M | ~25,000 | John Pagliuca |
| NinjaOne | private (~$2B val.) | n/a (~$200M est.) | ~17,000 | Sal Sferlazza |
| Auvik | private (Great Hill) | ~$100M est. | ~5,000 | Doug Murray |
| Pax8 (marketplace) | private (~$1.7B val.) | ~$2B | ~38,000 | Scott Chasin |
| IT Glue / Hudu | Kaseya / private | n/a | ~13,000 / ~3,500 | (Kaseya) / Joe Cooper |
| Liongard | private | ~$50M ARR | ~3,500 | Joe Alapat |
| Rewst | private | ~$25M ARR | ~3,000 | Aharon Chernin |
MSP Cybersecurity Stack Vendor Pricing Benchmarks (Per-Seat Per-Month)
| Vendor | Category | MSP Cost / Seat / Mo | Typical MSP Resale |
|---|---|---|---|
| Huntress | MDR + SAT + ITDR | $4-$9 | $12-$22 |
| SentinelOne Vigilance | EDR + MDR | $8-$15 | $22-$38 |
| CrowdStrike Falcon Go | EDR/XDR | $7-$14 | $20-$35 |
| Bitdefender GravityZone | EDR + MDR | $3-$8 | $10-$20 |
| ThreatLocker | Zero-trust app allowlisting | $5-$10 | $15-$25 |
| Blackpoint Cyber | 24/7 MDR SOC | $7-$14 | $20-$35 |
| KnowBe4 | SAT | $1.50-$3 | $5-$10 |
| Vade / Proofpoint Essentials | Email security | $2-$5 | $6-$15 |
| DNSFilter / Umbrella | DNS filter | $1-$3 | $4-$8 |
| Cork warranty | MSP cyber-warranty | $2-$5 | (bundled) |
| Typical 4-6 SKU security wrap blended | bundle | $25-$50 | $35-$75 |
Microsoft NCE Margin Reality (Per MSP Estimates 2024)
| SKU | MSP Margin Pre-NCE | MSP Margin Post-NCE | Notes |
|---|---|---|---|
| M365 Business Basic / Standard | 18-22% | 12-15% | NCE annual commit lock-in |
| M365 Business Premium | 18-22% | 13-16% | Slightly better than lower SKUs |
| M365 E3 / E5 | 16-20% | 13-17% | Highest dollar-volume risk |
| Azure consumption | 12-18% | 5-10% | Reservation arbitrage gone |
| Copilot for M365 | n/a | 0% | Microsoft retains full margin |
| Defender for Endpoint Plan 2 | n/a | 8-12% | Security stack offset opportunity |
| Intune + Entra (P1/P2) | 16-20% | 10-14% | Co-managed governance opportunity |
Cyber-Insurance Premium + Attestation Reality (Marsh + AON 2024)
| Scenario | Premium Change | Notes |
|---|---|---|
| All 12 controls attested + clean | +5-15% | Standard annual underwriting tightening |
| 2-3 gaps closed within renewal cycle | +20-50% | Carrier-conditional renewal common |
| 4-6 gaps + good-faith remediation plan | +75-150% | Premium hike + conditional renewal |
| 7+ gaps + no plan | +200-400% OR DENIAL | Hunt for substitute carrier required |
| Prior incident in past 3 yrs + no remediation | DENIAL | Likely uninsurable in primary market |
MSA Renewal Cycle MRR Uplift Composite (Best-in-Class vs Worse)
| Component | Best-in-Class | Median | Worse |
|---|---|---|---|
| Base managed-services % lift | 5-8% | 1-3% | 0% |
| Security wrap attach $/seat new | $35-$75 | $15-$35 | $0-$10 |
| Co-managed governance attach | 15-25% of mid-mkt clients | 5-10% | <2% |
| Project/professional services lift | 10-15% | 3-8% | flat |
| Total MRR uplift per renewal cycle | 25-35% | 8-15% | 5-15% (often -3 to +5%) |
| 5-yr MSA contract value lift | $400K-$700K per mid-mkt client | $80K-$200K | $0-$60K |
MSP M&A Valuation Environment (2024-2027)
| MSP Profile | EBITDA Multiple | Revenue Multiple | Notes |
|---|---|---|---|
| $1M-$3M EBITDA, organic exit | 4-6x | 0.6-1.0x | Local/regional buyer pool |
| $1M-$3M EBITDA, PE-roll-up target | 6-8x | 0.8-1.4x | Evergreen / Integris / DataPrise |
| $3M-$10M EBITDA, PE platform-add | 8-12x | 1.5-2.5x | New Charter / Thrive add-ons |
| $10M+ EBITDA, PE-platform | 12-18x | 2.0-3.0x | Houlihan Lokey + Cogent mandates |
| $10M+ EBITDA + 70%+ recurring + cyber stack >30% GP | 15-22x | 2.5-4.0x | Top-quartile exit profile |
Why MSP Renewals Don't Hold MRR (Composite)
No QBR prior 12 mo 38% / avoided price-increase 2+ yrs 36% / no cyber-attestation gap audit 31% / lost to PE-rollup BDR security-uplift 28% / missed co-managed pivot when client hired internal IT 24% / NCE pass-through botched 19% / M&A-toxic MSA terms 17% / outsourced renewal to SDM 15% / held money-losing client too long 14% / ignored Bar 477R / HIPAA OCR / CMMC vertical framing 12% / quoted faster ticket-resolution to CFO 11% / failed to fire bottom 8-12% 9%.
vCIO Renewal Performance by Tenure + Discipline
| Tenure | Avg MRR Uplift | Gross Retention | QBR Delivery |
|---|---|---|---|
| 0-1 yr | 0-5% | 78-85% | 25-40% |
| 1-3 yrs | 5-12% | 85-90% | 40-60% |
| 3-5 yrs | 8-18% | 88-93% | 55-75% |
| 5-10 yrs | 12-22% | 90-95% | 65-85% |
| 5-STAGE + 3-Avoided + SLI Discipline | 25-35% | 95%+ | 80-95% |
Pattern: REPRICE (price-increase conversation) and FIRE (deliberate non-renewal) are hardest to install. Weekly renewal-pitch-shadow + monthly cyber-attestation review + quarterly SLI quartile self-diagnosis = single biggest predictor of next-quarter MRR lift. Cyber-attestation audit attach rate reaches 95%+ by month 4 with owner-level coaching.
β οΈ Counter-Case: When The Framework Fails
Failure Mode 1 -- Renewing Flat to "Keep the Client Happy"
Owner sends 1-page renewal letter holding $135/seat flat for the 3rd year. Six months later Evergreen Services Group's BDR calls with a security-uplift conversation framed as cyber-policy-eligibility. Client terminates for cause + signs with Evergreen at $178/seat. Flat renewal is delayed loss + PE-roll-up bait, not retention.
Failure Mode 2 -- Skipping QBR Because "The Client Never Asks for It"
No QBR in 14 months. Renewal letter arrives as price-ambush. Per Service Leadership, Median 40-55% QBR delivery; Best-in-Class 80-95%. No QBR = no leverage = no lift.
Failure Mode 3 -- Avoiding the Price-Increase Conversation
Owner flinches at the 7.4% lift + tells SDM "let's hold flat one more year." Service Leadership shows this single behavior drives ~40% of the EBITDA gap between Best-in-Class and Worse over a 5-year compounding cycle.
Failure Mode 4 -- Ignoring the Cyber-Insurance Attestation Bar
Coalition renewal questionnaire arrives. MSP doesn't proactively audit. Client signs attestation dishonestly. Breach happens. Coverage denied + MSP named in BAA-breach lawsuit + E&O claim exceeds $5M tower. Bar 477R + HIPAA OCR + Marsh/AON 2024 all require proactive attestation audit.
Failure Mode 5 -- Pitching Faster Ticket Resolution to the CFO
vCIO opens with "we cut ticket resolution 4.1 β 2.3 hrs." CFO doesn't care β she cares about insurance + compliance + continuity + downtime cost. Wrong frame = lost lift.
Failure Mode 6 -- Letting Nephew-with-A+ Undercut Without Bar 477R Briefing
Office Manager threatens to fire MSP for nephew at $65/seat. vCIO discounts to $95 + loses MSA value forever. Correct response: Bar 477R + HIPAA OCR settlement-precedent + Chubb 2025 attestation underwriting briefing to founding partner as MSA-close artifact. Founding partner kills the nephew idea.
Failure Mode 7 -- Silent Microsoft NCE Pass-Through
MSP eats April 2024 + April 2025 NCE increases to "preserve the relationship." 15-25% M365-book margin erosion over 24 months. Worse-quartile universally. Best-in-Class cites Section 4.2 MSA + Microsoft Partner Center announcement at contractual anniversary.
Failure Mode 8 -- Outsourcing Renewal Pitch to Service-Delivery Manager
Owner delegates price-increase to tech-leaning SDM. SDM flinches + says "let's hold it." Per Peter Kujawa: pricing is owner work + non-delegable in $1M-$10M MSPs. Owner delivers price, SDM delivers scope, vCIO delivers cyber-attestation.
Failure Mode 9 -- Holding Onto Money-Losing Worse-Quartile Clients
Client consumes 4.2x base ticket assumption + refuses security uplift + treats helpdesk adversarially. Negative GM compounds + technician burnout drives senior staff attrition. Best-in-Class fires 8-12%/yr with warm intro to two peer MSPs.
Failure Mode 10 -- Treating Pax8 Marketplace as Profit Center
Pax8 sets the de-facto street price β fighting it is brand suicide. Differentiate on managed-services labor + security stack curation + co-managed governance + vCIO strategic guidance β NOT license-resale margin.
Failure Mode 11 -- Missing the Co-Managed Pivot When Client Hires Internal IT
Client hires 2nd internal IT FTE + fractional CIO. CIO replaces MSP in 12-18 months with co-managed competitor + carve-out. Co-managed deals 3-5x larger ARR + 40-55% GM β missing the pivot is missing the single highest-leverage upsell 2024-2027.
Failure Mode 12 -- M&A-Toxic MSA Terms
1-yr term + no escalator + 30-day termination + no auto-renew + no scope governance + no cyber-attestation review. Houlihan Lokey + Evolve + Cogent diligence marks down valuation 1-3x EBITDA for MSA-toxic recurring revenue. 3-yr MSA + CPI+2% escalator + auto-renew + 90-day notice + scope governance + annual attestation review = valuation multiplier at exit.
Common MSP Owner Objections
1. "My clients won't accept a price increase β they'll churn." Best-in-Class MSPs have higher gross retention than Worse-quartile (~95% vs ~82%) while raising 5-8%/yr vs flat. Anchor to Service Leadership labor index + NCE pass-through + Microsoft published increases + Section 4.2 MSA + cyber-attestation gap audit as renewal centerpiece.
Counter-intuitive but Service Leadership multi-year longitudinal is unambiguous.
2. "Coalition + At-Bay underwriting is the broker's problem." It's the MSP's problem: clients ask MSP to fill the 63-attestation questionnaire + cannot honestly check 22 boxes + MSP cyber tower carrier flags MSPs serving uninsurable clients as elevated-risk. Proactive attestation audit = relationship currency + revenue lift + MSP cyber-premium discipline.
3. "Co-managed is for big MSPs β I'm a $3M shop." Wrong. Single highest-leverage 2024-2027 upsell for $1M-$10M MSPs when client hires internal IT. Co-managed ARR $120K-$400K vs fully-managed $30K-$80K = 3-5x revenue + 40-55% GM vs 30-40%. Pivot pays for itself in first signing.
4. "How do I know it's working?" 90-day signals: QBR delivery +30-50 pts / cyber-attestation gap audit attach 95%+ / price-uplift-delivered-vs-attempted 90%+ / co-managed conversation booked at every internal-IT-FTE client / SLI quartile movement within 12 mo / MSP501 ranking improvement.
5. "When do we actually fire a client?" When (a) usage exceeds 3x base + negative GM documented, (b) client refuses security uplift after two written warnings, (c) client carrier-rated uninsurable + drives your MSP cyber tower premium, (d) client drives senior-tech attrition. 90-day transition + warm intro to two alternative MSPs is the professional script.
6. "What if the client negotiates down the cyber wrap?" Don't unbundle. The wrap is the floor for attestation eligibility + Bar/HIPAA/CMMC compliance + MSP cyber tower underwriting. Offer tier choice (Basic 4-SKU $35 / Standard 6-SKU $55 / Enterprise 8-SKU $75) β never below the carrier-attestation floor.
7. "Should we ever match a PE-rollup BDR's price quote?" Read the PE quote carefully β Evergreen/DataPrise/Integris typically include 5-yr auto-renew + 30-day termination favoring them + missing MDR/SOC/co-managed + acquisition-targeting agenda. Match on transparency + position the PE acquisition agenda + reference Channel Futures M&A coverage + show owner-independence + senior-tech tenure + vertical expertise. Match value, not price.
When To Run A Second Time
Monthly first 3 months + quarterly after + whenever Service Leadership publishes new SLI Q-report + whenever Coalition/At-Bay/Cowbell/Travelers/Chubb publishes new underwriting + Microsoft NCE price changes + Kaseya/ConnectWise/N-able/NinjaOne major shift + your MSP loses 2+ flat renewals or 1 mid-market client in a quarter + senior vCIO transition + onboard 2+ new vCIOs + before every IT Nation Connect / DattoCon / Pax8 Beyond / Robin Robins Boot Camp.
Rotate role-plays: 25-seat dental + 75-seat HVAC + 150-seat regional bank + 30-seat CPA + 200-seat hospital outpatient + 90-seat distribution + 12-seat private wealth.
π Related Pulse Content
Twenty-sixth entry in Pulse Sales Trainings, twentieth industry-specific after st0007-st0025. st0026 = MSP owner + vCIO + account manager + service-delivery manager at $1M-$25M ARR managed service providers running MSA renewal conversations against PE-backed roll-up competitors (Evergreen Services Group / New Charter Technologies / Integris / DataPrise / Thrive Networks / Ntiva / ProArch) + price compression + cybersecurity stack inflation + Microsoft NCE margin erosion + cyber-insurance attestation pressure.
Inside the ConnectWise + Kaseya + N-able NYSE:NABL + NinjaOne + Auvik + Liongard + Rewst + IT Glue + Hudu + Pax8 + Cork + Galactic Advisors + Pia Solutions platform-vendor perimeter + Huntress + SentinelOne NYSE:S + CrowdStrike NASDAQ:CRWD + Bitdefender + ThreatLocker + Blackpoint Cyber + Arctic Wolf + KnowBe4 + Vade + DNSFilter cybersecurity stack + Coalition + At-Bay + Cowbell + Travelers NYSE:TRV + Chubb NYSE:CB + Marsh NYSE:MMC + AON NYSE:AON cyber-insurance perimeter + Service Leadership Index (Peter Kujawa) + IT Nation Connect + DattoCon + Pax8 Beyond + Robin Robins TMT + Gary Pica TruMethods + ASCII Edge + CompTIA ChannelCon + Channel Futures MSP501 + CRN MSP 500 + ChannelE2E community + benchmarking + trade-press perimeter. 2027 reality: Microsoft NCE compressed M365 margins from 20% to 15% + cyber-insurance attestation became renewal-uplift trigger + PE roll-ups pushed valuations to 8-12x EBITDA + co-managed IT replaced fully-managed for growing mid-market clients.
Companion entries planned: st0027 crane (Manitowoc/Grove + Liebherr + Tadano). st0028 mining (Caterpillar Resource + Komatsu + Sandvik + Epiroc). st0029 forestry (Deere + Tigercat + Ponsse). st0030 mortgage broker + LO under RESPA Section 8.
Cross-refs to st0001-st0006 SaaS arc: st0001 discovery β MSA QBR + cyber-attestation gap audit / st0002 single-threading β CFO + OM + founding partner + internal IT director map / st0003 objections β flat-renewal + nephew-A+ + carrier-swap + Evergreen-quote ladder / st0004 cold open β cyber-attestation gap audit invitation as pre-call / st0005 demo β QBR scorecard + gap-audit walkthrough not platform demo / st0006 pricing β three-component MSA + Service Leadership labor index + NCE pass-through anchoring.
Cross-ref to st0007-st0025: st0015 cybersecurity AE + st0024 title insurance + st0025 CRE tenant rep closest siblings β multi-month, trust-driven, real buyer career + regulatory + insurance risk. NOT transferring: MSP-specific PSA/RMM/SOC stack consolidation, SLI quartile framework, NCE pass-through mechanics, 12-control cyber-attestation checklist, co-managed vs fully-managed pricing, PE-rollup dynamics with Evergreen/DataPrise/Integris, MSP501 + IT Nation flywheel, three avoided conversations as owner-coachable disciplines, "stop selling break-fix" reframe, Bar 477R / HIPAA OCR / CMMC 2.0 / PPAP vertical framing.
Hub: /sales-trainings.
Recently Added β Related
- [Commercial Pest Control Bid Walk (Restaurant Account) 2027 β a 60-Minute Sales Training](/knowledge/st0028)
- [Commercial HVAC Service Agreement Renewal Conversation 2027 β a 60-Minute Sales Training](/knowledge/st0027)