Written by: Charles Weaver, CEO of MSPAlliance

Amidst all the discussion around MSP regulation today, an important question must be asked and addressed: are the threats to organizations really from MSPs or break/fix providers posing as MSPs. The answer to this question is critical for “MSP regulation” to proceed without unnecessary harm to real MSPs.

MSPs are not Break/fix Providers

It is no secret that government legislators and regulators are focusing their attention on MSPs to respond to the increasing cyber-attacks on organizations, including state agencies and governments. MSPAlliance acknowledges these efforts to gain better MSP transparency as legitimate public policy oversight functions.

However, it is essential to educate these same regulators and legislators about the distinctions between break/fix providers and proactive managed service providers. These two types of companies are not the same and have many differing characteristics.

While we have written extensively on reactive vs. proactive IT companies, these discussions have occurred mainly within the IT channel and not in the public forum. The general public is not aware of managed service providers’ operational details, other than what they read in the media today. Government officials are generally not aware of the legacy of work performed by thousands of MSPs worldwide throughout the last 25 years.

The running of a managed services business must be practiced consistently to achieve even average results. As the last 20 years have taught us, tens of thousands of break/fix companies have begun to transition their business models to offer proactive managed services. As this transition continues to occur, it is essential to differentiate those MSPs who have achieved a level of professional competency from those companies still learning the trade. These early transitioning companies are mainly providing reactive or break/fix services and are most vulnerable to cyberattacks.

The distinction between break/fix companies and MSPs is important to understand if government regulators hope to achieve meaningful results from their regulatory efforts. More important is that MSP standards and certification frameworks already exist to aid government regulators in categorizing and assessing MSPs and non-MSP organizations.

Recent Cyber Attacks Have Exploited Break/Fix Companies, Not Just MSPs

Several of the more recent cyberattacks impacting end-user organizations have incorrectly attributed fault to the provider, explicitly calling them out as MSPs. At least a few of these ransomware attacks did not involve MSPs; the providers were reactive and break/fix companies based on initial reviews of their websites. Despite how these providers market themselves, the fact that anybody can claim to be an MSP is an issue that must be acknowledged by our profession and any government regulator or legislator.


For governments and regulators to create effective MSP regulation and oversight, it is crucial to understand and define the MSPs to remove non-MSP organizations from the rest of the professional MSP community. Until this happens, any MSP regulation could unnecessarily impact professional MSPs and miss regulation of non-MSP entities.

Tags : break-fix,MSP regulation,proactive IT management,reactive IT
  • Jim
    Posted at 13:39h, 15 July

    Charles: we were discussing this very issue in Atlanta in 2006. Amazing how you could see it coming even then!

    • Charles Weaver
      Posted at 13:44h, 15 July

      Jim – yes we were. I’m not sure how many people were listening but obviously you were!

  • The Role of Reactive IT - MSP Alliance
    Posted at 09:54h, 06 July

    […] you have a dominant amount of your IT management practice coming from break/fix or reactive IT, then you should listen to this […]

Post A Comment
YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.






Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.