When MSPs Get Sued

Posted 4.19.2024

by Charles Weaver

When I saw the article (I am not linking it here, you can search for it online) about an MSP (Managed Solution Provider) being sued by their law firm client, I thought this would be a messy can of worms. Turns out, I was right. But it is not a messy can of worms because I think an MSP did something wrong and it will harm the profession. No, this is a messy can of worms because this is a break/fix company who is getting sued and at least some people think they are an MSP. Well, I do not, and I am going to tell you why.  

The first thing I did after I read this story was go to the company’s website to find out if this was a company I knew. Turns out, it was not.  

The next thing I did was to dig deeper into the type of company this was. After a few minutes of poking around the website, it occurred to me that this was not an MSP at all, but a break/fix, or reactive IT (Information Technology) company.  

Now, why is this distinction important? Ralph Waldo Emerson once said, “a foolish consistency is the hobgoblin of little minds, adored by little statesmen, and philosophers and divines.” Put differently, the time has come to realize that a break/fix company calling itself an MSP does not mean that company is an MSP. The time has also come to stop calling break/fix providers MSPs. So, let us dig further and examine what we know.  

Was there a managed services agreement?  

According to the article, there was an oral agreement between the parties. Aside from the legal question of whether an actual agreement was in place, we can say that this practice falls well outside the managed services profession’s best practice of requiring signed agreements between MSP and managed services client. Look at Objective 9 of the UCS (Unified Certification Standard for Cloud & Managed Service Providers) and you can clearly see the requirement for signed agreements between MSP and client.  

Duty of the break/fix company 

According to the article, on February 24, 2023, there were “connectivity issues” experienced by the client. Three days later there was a “major outage” which is the focus of the lawsuit. The outage was followed by a ransomware demand, and despite the client having backups of its data, the data backups were deleted by the ransomware gang.  

One of the immediate questions to be raised is what duty the provider had, absent a documented service agreement. One of obvious reasons UCS Objective 9 has a signed agreement requirement is to prevent situations like this case from ever happening. Of course, disagreements occur between reasonable parties, and so a signed agreement documenting the obligations of both parties can be extraordinarily helpful.  

MSPs who comply with the UCS must demonstrate their use of signed agreements for managed services relationships. The fact that the client had to resort to arguing the existence of a verbal agreement to establish a “managed services relationship” is quite telling. Which, of course, brings us to the ultimate question of whether the provider was, in fact, an MSP.  

Was the provider an MSP?  

Why does this question matter? This question is fundamental, both to this case and to future cases because the duty of the MSP (as defined by a managed services agreement) is different from the duty of a break/fix company. Why is there a difference? Because reactive IT companies are not proactively managing anything. Break/fix (or reactive IT, synonymous terms) respond to problems after they have occurred and repair them, but they do not provide anything close to the same types of solutions as an MSP.  

Even the presence of “MSP tools” in the hands of a reactive IT company does not mean that the client is receiving anything proactive in terms of monitoring, management, or preventative IT services.  

Issues such as recklessness or negligence may be factors in this case, time will tell. But even a cursory review of the provider’s website would lead any MSP to quickly determine that they were not an MSP. In fact, there is nothing on the website I could tell that even mentioned managed services.  

We have a very real separation, a divide if you will, between managed services and reactive IT; we have had it for several decades. Today, in 2024, there is no reason for anyone to be misled by what types of services you are receiving from an IT provider; services are either proactive or reactive, not both.  

The outcome of this case will be interesting for the MSP profession for many reasons, chiefly because it may set a standard of care for reactive IT companies. What everyone else should take from this case is that there are real distinctions and standards of care between MSPs and reactive IT companies.  


Tags : break-fix,fake MSPs,master service agreements,MSA,reactive IT,service agreements,UCS

Sorry, the comment form is closed at this time.

YouTube Logo | MSPAlliance

Subscribe to MSPAlliance on YouTube!

Explore a world of valuable content, including full-length podcast episodes and clips, thought-provoking special interviews, immersive events, enriching webinars, live streams, and more.

Join our community on YouTube, subscribe to our channel, and elevate your MSP journey!

Mobile and Laptop device image of YouTube MSPAlliance Channel | MSPAlliance

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

First Name *
Last Name: *
Contact Email: *
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.






Contact us


510 Meadowmont Village Cir, #289 | Chapel Hill, NC 27517

MSP News

Sign up for MSP News, the weekly newsletter bringing you news and analysis from the managed services industry.