Why am I being charged extra when I already pay for IT support?
This question usually comes up when a business spots an unexpected charge on an invoice, rather than the invoice itself being unexpected.
Support usually means fixing things when they break.
Project work means planned changes, upgrades, migrations, major improvements, or anything that takes systems beyond their current setup.
The most common unexpected items on an MSP bill include:
- On-site engineer visits
- Out-of-hours or emergency support
- Cyber incident investigation and response
- Project or upgrade work outside day-to-day support
- New user or device onboarding
- Backup recovery or data restoration work
- Work that feels routine to the business but sits outside what’s included in your agreement
From a customer’s perspective, these charges can feel surprising. From an MSPs perspective, they often sit outside standard support agreements.
Nick Bass, Managing Director of One2Call explains it clearly:
“The most common unexpected costs are things like on-site remediation work, project work, or cyber incident response. That work simply is not covered by standard support agreements. From an MSP point of view, those activities sit outside day-to-day reactive support and need to be scoped and priced separately.”
From a customer’s point of view, it feels like it should be included. From an MSPs perspective, it often sits outside day-to-day support.
Most contracts cover general support and reactive fixes. Planned work, major changes, or on-site activity is usually treated separately. The issue is that this boundary is not always explained clearly during the sales process.
The simplest way to avoid this problem is to ask one direct question before signing:
- Where does support end, and where does chargeable work begin?
If that line is unclear, you are relying on assumptions. Assumptions are expensive.
Why is this Managed IT quote much cheaper than the others?
The answer is usually about what is included, or more likely, what isn't.
Cheaper contracts are often reactive by design.
- Something breaks
- You log a ticket
- The issue gets fixed
Very little happens in the background unless you raise a problem.
Nick Bass puts it like this:
“With cheaper contracts, the MSP is basically waiting for you to call when something breaks. A proper managed service should be fixing issues before the customer even notices them. The difference is proactive monitoring, patching, and prevention, which simply aren’t included in many low-cost agreements.”
What is often missing includes:
- Monitoring
- Patching
- Regular system checks
- Preventative maintenance
Removing these elements makes the monthly fee look attractive. However, modern IT environments do not perform well when left unattended.
Problems build quietly in the background and tend to surface all at once. Usually this happens at the worst possible time.
A cheaper contract is not always the wrong choice, but it does mean accepting more risk, the key is understanding that upfront.
So are you genuinely saving money, or just delaying the cost?
Is Cyber Security automatically included in Managed IT contracts?
Cybersecurity is where assumptions cause the most financial damage.
A phishing email, a compromised account, or a ransomware alert is often the moment businesses discover what isn’t included in their IT agreement.
Many businesses believe that having IT support automatically means that cyber security is included. But "cyber security" is such a broad term, it's important to be very clear about what is or isn't included in your service.
Even if your contracts says "cyber security included" this might mean:
- Basic antivirus only (free or basic tools with limited features set and limited response to modern threats)
- Firewalls installed but rarely reviewed or updated
- Security tools installed but not actively managed
- No monitoring outside of office hours
- No regular vulnerability scanning or patch management
- Backups in place but never tested for recovery
- No incident response plan if a breach occurs
Paul Hibberd, Business Development Manager of One2Call explains the issue:
“People often assume a managed IT agreement includes proper cybersecurity tooling, but that is frequently not the case, especially as costs scale with user numbers. What’s included might only be basic antivirus, not active monitoring, threat response, or recovery if something goes wrong.”
The real cost appears when something goes wrong.
- Investigation work
- Remediation
- Recovery
These are rarely included and costs can escalate quickly.
Backups are another common blind spot. There is a big difference between:
- Having a backup
- Having a monitored, tested, and recoverable backup
Many businesses do not realise this difference until they need to restore data.
A better question to ask is not “Do we have cybersecurity?” but “What exactly does our cybersecurity include?”
Why was this not explained when we signed?
Unfortunately this a question a lot of businesses end up asking their IT service provider.
This can be due to basic misunderstandings, but can also come from how some businesses operate during the sales process.
In some cases, unclear pricing makes it easier for an MSP to win the business.
- A low headline price gets the contract signed
- Additional and often essential services are introduced later (like security, backup recovery, and emergency support)
- Those services are often introduced as a point when they are needed urgently
In effect, the contract is cheap because the MSP is transferring cyber risk and remediation costs back onto you, the customer.
Owen Hanley, Sales Director of One2Call is blunt about this approach:
“Unclear pricing allows some MSPs to win on headline price, then rely on additional charges later to make the contract profitable. That is unfair on clients. It often leaves businesses locked into agreements where costs only become clear when work is urgently needed.”
Once you are locked into a contract, your options are limited. You may need the work done quickly, or switching MSPs may feel too disruptive.
Good MSPs take the opposite approach. They explain:
- What you are likely to need
- What it costs
- What could cause that cost to change over time
Even if that makes the initial conversation harder, it avoids far bigger problems later.
So was your contract designed for clarity, or convenience at the point of sale?
Is our Unlimited Support actually unlimited?
Unlimited support sounds reassuring, but it rarely means “everything.”
In many cases, it refers only to unlimited remote help for issues covered by the agreement.
Even "Unlimited" IT support will usually not include:
- Project work
- Training
- On-site visits
- Hardware repairs
- Replacement parts
- New equipment purchases
- After-hours support
- Software licenses
- Cyber incident clean up
Owen Hanley explains the mismatch:
“Clients often expect ‘unlimited support’ to include on-site work or projects, but from an MSP perspective it usually only means unlimited remote support. Without clear explanation, that mismatch in expectations almost always leads to frustration later.”
The phrase itself is not the problem. The lack of explanation is.
One question clears most confusion:
- What does unlimited not include?
Shouldn't this on-site visit be included in my contract?
On-site visits are a common source of frustration.
Most managed IT contracts include remote support as standard. On-site work is usually charged separately, often with agreed call-out rates and response times.
The problem arises when this is not discussed clearly before the contract is signed.
Nick Bass explains why it happens:
“Most issues can be resolved remotely with the right tools, but MSPs often do not make on-site charges clear upfront because they do not want to raise red flags before signing. Unfortunately, that lack of clarity is exactly what causes tension when an invoice appears later.”
When an engineer turns up and an invoice follows, it feels like a surprise. Even if it is technically within the contract, the damage to trust is real.
Clear conversations upfront prevent that awkward moment later.
So have you been told exactly when on-site work becomes chargeable?
Which contract sections do people wish they had read more closely?
Most people skim contracts. That is understandable. Some sections matter more than others.
The Managed IT contract sections most often overlooked by customers include:
- Inclusions and exclusions
- Renewal terms
- Price rises
- Contract lengths, including of third party services needed to support the main service.
- Liability limitation
- Roles and responsibilities
- Exit and offboarding processes
Paul Hibberd highlights a common issue:
“Customers rarely think about offboarding when they sign, but poor handover and unclear exit terms are one of the biggest frustrations when switching MSPs. It’s an awkward conversation upfront, but it saves a lot of pain if the relationship ever changes.”
Talking about leaving at the start can feel uncomfortable. Good MSPs expect it. Professional relationships work both ways.
Do cheap IT contracts end up costing more?
The fact is that downtime has a huge impact on businesses.
According to industry averages one hour of downtime can cost SMEs between £8,000 and £10,000, meaning that low cost, reactive support contracts that do not include work to minimise downtime can be a false economy.
Paul Hibberd explains why:
“A minimum-baseline contract often means bolt-ons are added later, when you are already tied in and have limited room to negotiate. By that point, the business usually has little choice but to accept the additional cost.”
Additional, unplanned costs usually shows up as:
- Downtime
- Emergency work
- Security incidents
- Disruption when switching MSPs
Unplanned IT work is almost always the most expensive, so ask yourself - are short-term savings increasing your long-term risk?
To help, here are 7 essential questions to ask your MSP before signing your next managed IT contract:
- What exactly counts as chargeable project work?
- Are on-site visits included, and if not, when do charges apply?
- What does “unlimited support” exclude?
- Which cybersecurity tasks are actively managed, and which are not?
- Are backups regularly tested and confirmed as recoverable?
- How does pricing change as users, devices, or systems increase?
The Simple Takeaway
Hidden costs in managed IT contracts are rarely hidden in the small print. They are hidden in assumptions.
If you understand:
- What is included
- What is not included
- What changes the cost
You stay in control.
That clarity matters far more than chasing the lowest monthly price. Good managed IT should feel calm and predictable.
No surprises.
No panic.
No awkward invoices.
If you don’t know the answers to these questions, have you asked your MSP to clarify any gaps before they turn into costly problems?
