Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
Why AYCE is nor for MSSPs

AYCE Is a No Go For an Advanced Security Offering

AYCE Is a No Go For an Advanced Security Offering

For MSPs, pricing can mean the difference between signing on a new client or having potential leads check out the competition. Even when your service offerings are amazing, customers may pass due to pricing (that seems too low or too high).

This is because pricing is nearly on par with top considerations like the quality of service delivery, responsiveness, and availability. As such, the subject of pricing is a critical one that requires care and thoughtful deliberation because a misstep here can damage your chances of onboarding more clients and increasing revenues.

Essentially, it’s important to get the pricing right for managed IT services and the best models are those that align simplicity with how customers prefer to purchase services.

(You might also want to read our Guide to Providing Managed Security for a better understanding of the concept of managed security services.)

Introducing the AYCE (All You Can Eat) Pricing Model

To attract new customers and retain existing ones, many MSPs leverage the AYCE (All You Can Eat) pricing model. This pricing model features a monthly flat fee that covers all remote and on-site support. The simplicity of this model makes it attractive to customers because they can see (at a glance) the value they get when they subscribe to a managed service offering.

The AYCE model is sometimes used by newer MSPs trying to build a customer base and quickly gain market share. While bundling several services into a single package for a flat fee helps to keep things simple, it’s easy for MSPs to run at a loss or low profitability if they include too many services. Such an approach isn’t sustainable and will lead to serious financial issues over time.

Further reading The Startup MSP’s Guide to Pricing

This is especially true for managed security offerings.

With the increased demand for managed security offerings (due in part to the cybersecurity skills gap), more and more MSPs are offering managed security services to their customers. To remain profitable in this space, they need to develop an appropriate pricing structure that delivers maximum value to clients while generating tangible revenue for their efforts. While MSPs transitioning into managed security services can use the AYCE model for a start, this pricing model isn’t a good idea in the following scenarios:

AYCE Tends Not to Be a Good Idea for Managed Security Services If:

Clients Need Advanced Security Technologies

When preparing an AYCE bundle, MSSPs typically include those services that appeal to a wide range of clients…particularly routine security services that are in high demand. However, advanced security technologies and services (like application lockdown, penetration tests, website security, user training for security) require substantial resources, time and deep expertise to implement.

It’s nearly impossible to include such advanced security offerings in an AYCE model and offer the entire package at a price point that is both enticing to customers and makes business sense for your MSP or MSSP. An appropriate price for such a bundle will be too high for a large segment of your customers (especially for small and medium-sized businesses that do not require such advanced security offerings).

Clients Require a Security Service You Didn't Provide Before

Since the AYCE pricing model is fairly stable and doesn’t fluctuate throughout the contract period, clients find it easier to predict the future cost of IT support and managed security services. However, this stability only holds true if the client sticks to the services on offer.

Clients in certain industries and verticals may require security services not included in your suite of MSSP offerings. Also, the evolving nature of the threat landscape may make clients demand advanced security services maintain the security posture of their IT infrastructure and estate.

Providing such additional services at the previous AYCE price point is unprofitable and unsustainable in the long run.

You Serve Compliance Dependent Customers

Clients in banking, FinTech, healthcare, and other heavily regulated industries have special needs. They must comply with tons of government and industry-specific regulations regarding the collection, storage, and transmission of sensitive information and confidential data.

Also, regulatory bodies release new regulations/guidelines or change existing ones without warning. To avoid incurring stiff penalties and sanctions, MSSPs that serve such clients must be up-to-date with industry requirements. Since these changes usually come with unpredictable expenses for MSSPs (deploying new technology, expanding SOC capacity and hiring new talent), an AYCE pricing model isn’t a good fit for this category of clients.

A Viable Solution

While some experts advocate tiered pricing models (“Gold, Silver and Bronze” or “Basic, Intermediate & Enterprise”), these bundles are sometimes confusing to the average customer. Clients may not understand the services included in each bundle and may feel like they are getting ripped off if they need to migrate to a new tier just to access a service that wasn’t included in the last bundle.

The best option is to have a standard bundle (that encapsulates basic security services) for all clients and to charge per hour, user, device or project for more advanced security offerings and add-on services.

Wrapping Up

While it takes some work to create an optimal pricing model for your MSSP, the results are well worth the effort. Developing the right pricing structure not only helps to maximize profitability for MSSPs but also ensures price transparency for clients, thus improving customer satisfaction and retention.

MSP’s Assets to Stay Safe from Phishing
  • Phishing response checklist
  • Phishing awareness training slides
  • Anti-phishing posters
New call-to-action
Anti-phishing assets