The clearest signs of a bad managed IT provider are slow response times, recurring problems, surprise invoices, missing documentation, no strategic conversations, and a vague answer whenever you ask about security. None of those is fatal on its own. Three or more, and you’re paying for a help desk instead of a partner. This post walks through ten red flags and pairs each with an industry benchmark so you can compare your provider against what good actually looks like.
If you’re already pretty sure something’s wrong, we’ve also covered how to evaluate IT provider performance with hard metrics and how to switch MSPs without losing your data.
The 10 red flags
1. Response times keep slipping
You open a ticket and don’t hear anything for an hour. Then four hours. Then you have to call and check.
Industry benchmark: A reasonable response-time target for a critical (P1) issue is 15 minutes for acknowledgment, with major issues (P2) typically acknowledged within an hour during business hours (aggressive providers target 30 minutes). Resolution is a different number — help-desk benchmarks generally land around a day on average across severities. If your provider can’t even acknowledge a critical ticket within an hour, the rest of their numbers are probably worse.
2. The same problem keeps coming back
The printer fails every Monday. The VPN drops every Wednesday afternoon. The CEO’s laptop has been “fixed” four times this year.
Industry benchmark: A healthy MSP tracks first-contact resolution and recurring-incident rates. Industry first-contact resolution for managed services typically lands in the 70 to 80 percent range. When the same root cause shows up three or more times in a quarter, that’s a process failure, not bad luck. Good providers do post-incident reviews and actually fix the underlying issue.
3. You can’t get a current network diagram
You ask for a network diagram, an asset inventory, or a list of admin accounts. You get vague answers, a six-month-old PDF, or “we’ll get back to you.”
Industry benchmark: Documentation should be current within 90 days at most and reviewable on demand. Frameworks like NIST and CIS Controls treat asset inventories as a baseline control, not a nice-to-have. If your provider can’t produce documentation in a meeting, they probably aren’t keeping it.
4. Every invoice has a surprise
Surprise charges are the number-one complaint we hear from business owners switching MSPs. New employee setups billed separately. Hardware procurement with mystery markups. “Out of scope” project charges for things you assumed were covered.
Industry benchmark: A clean managed-services contract has 90 percent or more of your monthly spend predictable and recurring. Project work should be quoted and approved in advance, not bolted onto a routine invoice. If you can’t predict your IT bill within 5 to 10 percent month to month, scope is being managed badly on purpose.
5. Patches and updates are months behind
You ask when Windows patches were last applied across your fleet. You get a shrug. Or worse, you find out a server has been missing critical patches for six months and nobody noticed.
Industry benchmark: Under CISA Binding Operational Directive 22-01, actively exploited vulnerabilities (those in the Known Exploited Vulnerabilities catalog) must be remediated within 14 days for federal agencies, and CISA has proposed tightening that further. Routine critical patches typically run on a monthly cycle. The standard is “patched promptly with an audit trail” — if your provider can’t produce a patch compliance report on demand, the patches probably aren’t happening.
6. Security conversations never happen
Your provider has never mentioned phishing simulations, MFA enforcement, EDR, dark web monitoring, or your cyber insurance requirements. They’ve never asked about your data classification or backup recovery testing.
Industry benchmark: A modern MSP should be running phishing training, enforcing MFA, deploying EDR, and reviewing backups quarterly. Cyber insurance underwriters now require all of the above. If your provider isn’t talking about security, your insurer’s claims process eventually will, and you don’t want to learn that way.
7. After-hours support is a black hole
You call at 7 p.m. on a Tuesday and get an answering service. The on-call tech doesn’t know your environment. By the time someone competent is involved, the issue has cost you four hours.
Industry benchmark: True 24/7 coverage means a live, qualified technician picks up within 15 to 30 minutes of an after-hours call, with documented context on your environment available in their PSA. Attacks disproportionately happen outside business hours, so this matters more than most clients realize until it bites them.
8. There’s no strategic plan
You’ve never had a quarterly business review. You’ve never seen a 12-month technology roadmap. Budget conversations happen when something breaks, not before.
Industry benchmark: A managed services partner should deliver formal QBRs at least every six months and ideally every quarter, covering performance, security posture, budget, and upcoming risks. If your provider can’t tell you what your IT will need over the next 12 months, you’re paying for reactive support dressed up as a managed contract. Compare that against what a strategic IT roadmap should actually look like.
9. Your team has stopped calling them
The most damning metric is the one nobody measures directly: your employees have learned to live with the problem rather than call IT. The CFO’s printer issues never get reported. The receptionist reboots her own machine because tickets take a day. Workarounds become institutional knowledge.
Industry benchmark: Ticket volume per user typically runs around 1.0 to 1.5 tickets per user per month in a healthy environment. If your ticket volume is dropping while your team’s complaints aren’t, that isn’t an improvement — that’s learned helplessness, and it’s hiding the real picture.
10. They got vague when you asked about ownership
You asked who owns the company. You got an unclear answer about a “platform” or a “holding group.” There’s been a logo change, a new portal, or a change in your account manager that wasn’t explained.
Industry benchmark: Ownership and accountability should be transparent. The past few years have seen private equity rolling up MSPs across the Pacific Northwest, and the result is sometimes invisible to clients until renewal time, when prices jump and the relationship you signed up for is gone. We cover this dynamic in detail in our MSP acquisition guide. It’s a red flag worth tracking on its own.
How many of these is too many?
One or two of these on their own can be explained. A tough month, an off quarter, a new tech who hasn’t found their footing yet.
Three or more is a pattern. Five or more, and the structural problem isn’t going to fix itself. The question shifts from “is this provider working” to “what does my exit look like.”
If you’re in that territory, the next step isn’t a frustrated email. It’s a quiet, honest evaluation against the criteria here and a low-stakes conversation with one or two alternative providers. You can have those conversations without signing anything, and they tell you very quickly whether your current setup is normal or below average.
If you recognized your provider in three or more of these red flags, start a no-pressure conversation with ROI Technology. Call (888) 707-3652 and we’ll walk through your situation, tell you what good looks like, and let you decide what to do next on your timeline, not ours.