Break-fix IT vs managed IT services: what is the difference

Short answer: Break-fix IT is reactive – you call someone when something breaks, they bill you for the fix, and the relationship goes quiet until the next problem. Managed IT is proactive – a provider runs your IT environment continuously for a flat monthly fee, with monitoring, patching, security, and helpdesk built into the service. Break-fix can work for very small or very simple environments. For most businesses past 5-10 employees, the math, the security posture, and the operational reality all favor managed IT.

The honest version is that “break-fix vs managed IT” is not really a comparison between two equivalent options anymore. Break-fix is what IT support used to look like before businesses became fully dependent on technology. Managed IT is how it works now. The article below explains how each model actually operates, where break-fix still makes sense, and the incentive misalignment problem that pushed most SMBs to managed services in the first place.

Break-fix vs managed IT at a glance

	Break-fix	Managed IT
Pricing model	Per hour or per incident, often $150-$250/hr	Flat monthly fee, typically $100-$250 per user per month
When you engage them	When something breaks	Continuously, 24/7 in the background
Provider incentive	More problems = more revenue	Fewer problems = more profit
Response time	Whenever they have availability	Defined SLAs (often 1-4 hours)
Patching and updates	Only if you ask	Scheduled, automated, reported
Security monitoring	None unless explicitly hired	Included (EDR, email security, MFA enforcement)
Backup management	None unless explicitly hired	Configured, monitored, tested
Documentation	Minimal or none	Maintained by the provider
Cost predictability	Variable – quiet months are cheap, bad months are expensive	Predictable monthly line item
Best for	Sub-5-employee businesses, very simple setups	10-250 employee businesses, anything depending on IT
Average cost over a year	Often higher due to incidents	Often lower due to prevention

The headline difference: break-fix sells you fixes, managed IT sells you uptime. Those are different products even when the line items overlap.

How break-fix IT actually works

Break-fix is the original IT support model. A consultant or small IT shop is on standby. When something breaks – the server goes down, the email stops working, ransomware hits, a laptop dies – you call. They show up (physically or remotely), diagnose, fix, and bill you for the time.

The mechanics:

• No monthly fee. You pay only when you use the service.
• Hourly billing. Usually $150-$250/hr for an SMB-grade IT consultant. Higher for specialty work.
• Per-incident scope. The engagement is “fix this thing.” Once the thing is fixed, the engagement is over.
• No ongoing relationship requirements. You can call once a year or every week. The provider does not track your environment between calls.
• You own everything in between. Patching, backup verification, security monitoring, account management – if you want it done, you do it yourself or you call and pay for someone to do it.

For a very small business with a handful of employees, no servers, no compliance requirements, and no real dependence on technology beyond email and a laptop, this can work. The total IT cost is genuinely lower than a managed engagement, and the calls are infrequent enough that the hourly billing does not add up to much.

The model breaks down quickly past that.

How managed IT works

A managed IT service provider takes ongoing responsibility for your IT environment. You pay a flat monthly fee – usually $100-$250 per user per month, though other pricing models exist (per-device, flat tiered, all-inclusive) – and they run the operational layer continuously. The relationship is structured around prevention rather than reaction.

What is happening behind the scenes in a managed engagement:

• Continuous monitoring. Every workstation, server, and critical network device is watched 24/7 by automated tools and (for high-severity alerts) human analysts.
• Scheduled patching. Operating system updates, browser updates, application updates roll out on a defined cadence with reporting on compliance.
• Endpoint security. EDR runs on every device, configured and tuned by the provider. Email security filters phishing and malware before it lands in inboxes. MFA is enforced.
• Backup operations. Backups run on schedule, the provider monitors that they actually succeed, and they periodically test restores.
• User support. A documented helpdesk with response time SLAs handles the day-to-day “my Outlook is broken” tickets that would otherwise become break-fix calls.
• Documentation. The provider maintains an inventory of your environment – assets, accounts, network diagrams, vendor contacts – so they can act quickly when something does go wrong.
• Strategic advice. Quarterly business reviews cover what is working, what is not, and what the business should be planning for.

The pricing reflects the ongoing operation. A bad month for the client is not a windfall for the provider – it is an operational cost. That single difference reshapes the entire incentive structure.

The incentive misalignment problem

This is the most important difference between the two models, and the one most often missed in cost comparisons.

In break-fix, the provider is paid when things go wrong. The more incidents, the more billable hours. A break-fix shop has no financial incentive to prevent problems – prevention reduces revenue. A break-fix shop also has no financial incentive to make problems easy to solve – faster fixes also reduce revenue. The economic interests of the provider and the client are pointing in opposite directions.

This does not mean break-fix providers are deliberately negligent. Most are honest professionals. But the structural incentive is what it is. Even a well-intentioned break-fix shop is not going to volunteer to roll out the patching program that would eliminate half their callouts, because half their callouts is half their revenue.

In managed IT, the incentive flips. The provider is paid the same whether the client has zero incidents or 50. Every incident costs the provider time and tooling without generating extra revenue. The provider therefore has a direct financial reason to prevent problems, automate common fixes, and invest in monitoring. Their interests and the client’s interests point in the same direction.

This is the deepest reason most growing businesses migrate from break-fix to managed services – not because managed IT is fashionable, but because the incentive alignment produces noticeably different operational outcomes over time.

The true cost of break-fix when you add up all incidents

The instinct with break-fix is “we only pay when we need help, so it must be cheaper.” Sometimes it is. Often it is not.

Consider a 25-person business on a break-fix model. Common annual incident pattern:

• Monthly password resets and access issues: ~3 calls/month at 0.5 hours each = 18 hours/year
• Quarterly software issues / Outlook breakage / printer setup: ~4 incidents/quarter at 1 hour each = 16 hours/year
• Two larger incidents (failed update, hardware death, account compromise scare): 6 hours each = 12 hours/year
• One real incident (ransomware near-miss, server failure, M365 outage handling): 20 hours
• Quarterly “can you check why X is slow”: 2 hours each = 8 hours/year

Total: ~74 billable hours/year at $200/hr = $14,800/year in pure break-fix billing.

Now add the costs the break-fix model does not cover but the business still needs:

• Endpoint security (EDR) for 25 devices: $25/device/month = $7,500/year
• Email security filtering: $4/user/month = $1,200/year
• M365 backup tooling: $4/user/month = $1,200/year
• Patch management tooling and time: ~$2,000/year if a third party handles it, or 100+ hours/year of internal time
• Monitoring tooling: ~$1,500/year if standalone
• Documentation and account management: Done internally or not done

Standalone tooling alone is ~$13,400/year without any human labor to run it. Add the break-fix billing and the business is at ~$28,000/year for a partial, reactive setup. (These are all line items in the full small business IT budget – see the complete six-category breakdown.)

Compare to a 25-person managed IT engagement at the standard tier ($150/user/month): $45,000/year, but that includes EDR, email security, MFA enforcement, M365 backup, patching, monitoring, helpdesk, documentation, quarterly reviews, and strategic advisory. The delta is small, and the managed setup is materially more secure and more resilient.

The math gets worse for break-fix the second something serious happens. A single ransomware incident can cost six figures in recovery, downtime, and business disruption – see how long ransomware recovery takes. A managed engagement with EDR, MFA, backup, and 24/7 monitoring would probably have prevented or contained it. Break-fix waited until the encrypted files showed up and then billed for the recovery work.

What proactive managed IT prevents

Managed IT is not just “break-fix with a flat fee.” The operational layer is genuinely different. The mechanism is mostly RMM (remote monitoring and management) – a software agent on every endpoint that gives the MSP continuous visibility. Things that happen routinely under managed IT and almost never happen under break-fix:

Patches actually get applied. Most security incidents in SMBs are caused by unpatched vulnerabilities that have had a fix available for weeks or months. Managed IT applies patches on schedule. Break-fix applies them when someone gets around to it, which is often never.

MFA is universally enforced. MFA blocks the vast majority of credential-based attacks. Under managed IT, it is configured, enforced, and monitored across the tenant. Under break-fix, it usually exists for the people who set it up themselves and is silently absent for everyone else.

Backups are tested. Most untested backups fail when you actually need them. Managed IT runs scheduled restore tests as part of the service. Break-fix discovers the broken backup during the disaster.

Account access is revoked when employees leave. Under managed IT, offboarding follows a documented sequence – block sign-in, revoke sessions, wipe device, transfer files. Under break-fix, you remember the main account password change and miss the VPN, the SaaS apps, and the shared mailboxes.

Endpoint health is visible. Managed IT maintains a real-time inventory: which devices are encrypted, which are patched, which are running EDR, which are out of compliance. Under break-fix, the answer is “I think most of them?”

Suspicious activity gets investigated. Managed IT (especially with MDR) sees and acts on security alerts as they happen. Under break-fix, the alerts either do not exist or no one is watching the dashboard at 2am Saturday.

Documentation exists. Under managed IT, the environment is documented well enough that anyone on the provider team can pick up an incident. Under break-fix, the knowledge lives in whoever set things up, and that person may no longer work at the consulting firm or remember the details.

These are not theoretical wins. They are the difference between an SMB that operates at modern security baseline and one that has a 2015-era IT posture, regardless of what tools they have purchased.

When break-fix is still appropriate

Managed IT is the right answer for most SMBs. There are still legitimate cases for break-fix:

Very small businesses (under 5-10 employees). A two-person consultancy with two laptops, M365 Business Standard, and no real infrastructure can probably get by on break-fix supplemented by good security defaults from Microsoft. The MSP minimum fee may be more than the business actually consumes in service.

Project work alongside an internal IT lead. A business with a strong internal IT person who handles the operational layer themselves, using break-fix or specialty consultants for project work (a network redesign, a SharePoint migration, an Intune rollout) can be a clean model. The internal lead handles ongoing ops; outside help comes in for projects.

Highly specialized environments. Some businesses have unusual setups (manufacturing equipment, scientific instruments, custom software stacks) that a generalist MSP is not well-suited to support. They use specialty break-fix providers for the specialized parts and handle standard business IT internally or through a different MSP.

Businesses that are genuinely tech-light. Some businesses really do operate on minimal technology – the office uses email, a couple of cloud apps, some laptops, and that is it. There is no server, no compliance scope, no sensitive data beyond basic customer information. Break-fix can work here for as long as the business stays at that level.

The common thread: break-fix works when the consequences of an outage are small, the security exposure is minimal, and the dependence on technology is low. Most businesses do not actually fit that description, even when they think they do.

Why most SMBs moved away from break-fix

The shift from break-fix to managed services in the SMB market has been driven by three things:

Dependence on technology has increased. A 2010 SMB might have lost a half-day of productivity if email was down. A 2026 SMB loses entire days of operation if email, M365, the line-of-business app, the VPN, or the file storage is unavailable. The cost of an outage went up by 5-10x. The cost of preventing the outage went up much less.

The threat landscape has gotten worse. Ransomware, business email compromise, supply chain attacks, and credential theft are all materially worse than they were a decade ago. Break-fix has no real defense against any of them. Managed IT has all the standard defenses built into the baseline.

Compliance and insurance have raised the bar. Cyber insurance now requires MFA, EDR, and documented security practices. Many client contracts (especially in healthcare, legal, and financial services) require security controls that no break-fix engagement provides by default. The companies that need insurance and big contracts cannot stay on break-fix and meet the requirements.

For businesses past the size where break-fix actually fits, the move to managed services is no longer a sophistication play – it is a baseline requirement. The transition itself is a 60 to 90-day project – here is what to expect during the first 90 days of MSP onboarding.

How to tell which side of the line you are on

A few honest questions for the business owner trying to decide:

1. How many employees depend on IT to do their jobs? If it is 10+, you are past break-fix scale.
2. What does an hour of downtime cost you in lost productivity, missed sales, or customer impact? Multiply by an honest estimate of annual outage hours.
3. Do you handle sensitive data? Customer records, financial data, health data, intellectual property – any of these changes the risk math significantly.
4. Do you have compliance obligations? HIPAA, SOC 2, PCI, CMMC, cyber insurance requirements – break-fix usually cannot meet the controls requirements.
5. Do you have a strong internal IT person? If yes, break-fix for project work may make sense alongside their day-to-day ops. If no, the gap is too big for break-fix to fill.
6. What happened the last time you had an incident? If the answer is “we scrambled and it cost us a lot,” your operational model is undersized for your business.
7. Can you answer basic security posture questions? What percentage of devices are encrypted? Patched? Running EDR? If “I am not sure” is the answer to most of these, your IT is not really being managed.

If most answers point toward complexity, dependence, sensitive data, or compliance, you are not actually on a “break-fix vs managed IT” decision – you are on a “stay exposed or get managed IT” decision.

The hybrid that some businesses land on

There is a middle path that some SMBs end up at by accident and others choose deliberately: managed IT for the baseline, break-fix retainer for overflow or specialty work.

The idea: the managed engagement covers the operational layer (helpdesk, monitoring, patching, security, backup, M365). A break-fix or project-based provider gets called in for unusual work the managed provider does not want to scope into the monthly fee – a custom integration, a specialized hardware deployment, a one-off compliance project, an unusual recovery scenario.

This is not really “break-fix vs managed IT” – it is “managed IT plus specialty consultants.” The managed engagement is still the foundation. The break-fix piece is supplementary.

For businesses that have meaningful project work outside the standard IT scope, this hybrid is often the cleanest model. The difference from pure break-fix is that the operational baseline is still being run by someone whose incentives are aligned with prevention.

How Sequentur thinks about this

Sequentur is a security-first MSP / MSSP for small and mid-sized businesses across the 15-to-250-employee range, including both general SMBs and regulated industries like healthcare, legal, financial services, and defense contractors. We do not run break-fix engagements as a primary model because the math, the security posture, and the operational reality almost always favor managed IT for businesses in our target size range. We will tell a 3-person business honestly if break-fix or a Microsoft-managed setup is a better fit for them today than full managed IT.

For everyone else, our standard managed engagement covers the full operational layer – helpdesk, endpoint management, patching, M365 administration, backup operations, EDR, email security, and MFA enforcement – and our security tier adds 24/7 MDR monitoring, conditional access governance, and compliance documentation maintenance. We also handle project work for clients on managed engagements (migrations, deployments, compliance prep) as scoped projects on top of the monthly service.

If you are evaluating us alongside other MSPs, how to choose an MSP – what to ask before you sign is the buyer’s checklist we recommend running every provider through, including us. And what should be in a managed IT services agreement is the section-by-section guide to the contract itself.

If you are currently on break-fix and trying to decide whether managed IT is worth the change, schedule a call. We will walk through your specific environment, what you are actually spending today (including the costs you are not counting), and what a managed setup would look like. If staying on break-fix is the right answer for your business, we will tell you that too.