Choosing an MDR Provider: Boutique or Big Brand (Part 2) 

 January 16, 2024

By  Jane Frankland

In last week’s blog I started to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. I began by discussing the first core feature – technology – I believe you should consider, along with the benefits and potential drawbacks. This week, I’m focused on the second feature – contract terms.

So, whether you’re an enterprise or a small to medium sized business, by the end of it, you’ll have a better understanding of which option will best suit your organisation’s needs.

Core Feature #2. Contract Terms

Market intelligence firm, IDC, recently  reported that one of the key areas of frustration for procuring MDR services is contract terms and duration. For decades, ITDMs have had no choice but to suffer lengthy fixed contracts from their third- party providers. While these contracts offer cost predictability, to some extent, they also limit flexibility over the contract term.

When e2e-assure, a TDR provider surveyed ITDMs and CISOs in the UK market, they found that 37% of buyers expressed frustration with this standard practice. Their research also revealed that this frustration had additional consequences, as organisations found it challenging to ensure that their cybersecurity measures remained effective.

Rigid contracts pose a significant challenge when client requirements surpass the initial statement of work. In such cases, the constant addition of new security options becomes necessary, rather than smoothly evolving the original contract. Unfortunately, this approach is far from ideal for security teams as the onboarding process for new services can be expensive and inefficient, ultimately impairing their agility.

Looking at boutique providers, they tend to have more flexible contracts that are tailored to fit the specific needs of their clients. They put client satisfaction at the heart of what they do, which leads to stronger long-term relationships. For example, some offer fixed term contracts with a break clause, which allows their clients to terminate their services if they don’t get value within a specified period of time – usually around six months. Alternatively, some offer more flexible monthly subscription models which their clients can cancel at any time without a penalty. This can be beneficial for smaller organisations with limited budgets, who want a more customised solution, or to test the waters and see a return on investment without making a long-term commitment.

In contrast, big brand providers tend to offer more standardised contracts and pricing models. The rigid nature of these contracts may not be ideal if you need a more customised and flexible solution. However, this can make it easier to compare services and costs between different MDR providers.

Service Level Agreements

Whilst part of the contract, SLAs are the cornerstone of any successful MDR provider relationship. By agreeing on a set of performance metrics, service levels and timelines, organisations can ensure that their provider is delivering services in accordance with their expectations.

When selecting an MDR provider, look for SLAs that are tailored to your specific needs. A good SLA should include detail on all setup costs (such as onboarding, training, data migration, and technical support), reporting metrics (e.g., Mean Time to Detect and Mean Time to Respond etc), details on how the MDR provider will handle escalations or outages, as well as terminations and offboarding. Additionally, service level credits that would provide financial compensation in case of a breach of contract.

An MDR provider with a robust SLA is an important factor in determining the success of an organisation’s cybersecurity strategy. SLAs not only ensure that the business is getting the services they need but also provides a clear framework for resolving any issues that may arise. By selecting an MDR provider with clear and comprehensive SLA, you can rest assured that your provider is held to a high standard and will provide you with reliable and secure services.


When it comes to pricing and securing a good deal, you may find you have more leeway with a boutique provider. Most are focused on growing revenue and gaining recognisable brand logos unlike big brand providers where the attention is on EBITDA margins, client stickability, and satisfying investors with high growth and monthly recurring revenues (MRR).

This last point is worth remembering as it can cause complications when switching MDR providers. For an MDR provider to recognise the MRR, it must make its product licensing conditional with its service. However, this means its clients lose the ability to walk away with their product licenses, should they terminate their contract. As boutique providers tend to be less constrained, you should find they’re OK with you purchasing your own product licenses. The only downside to this is that the licenses might cost you more as big brands have better buying power.

Now I want to hear from you…

If you’ve already invested in an MDR solution, I’d love your insights. Please tell me are there any specific contract terms-related questions you wish you’d asked your provider before making the purchase? Or, if you haven’t yet decided on an MDR provider, please tell me what are the burning questions you’d like answered?

Please share your thoughts and questions in the comments below. Then, if you’re looking for an MDR provider, register for e2e-assure’s webinar, Choosing your MDR Provider: Boutique or Big Brand. It’s being held on Wednesday 21 February at 11AM GMT.

Register here – https://bit.ly/3TvuNHf


Did you enjoy this blog? Search for more blogs that you want to read!

Jane frankland


Jane Frankland is a cybersecurity market influencer, award-winning entrepreneur, consultant and speaker. She is the Founder of KnewStart and the IN Security Movement. Having held executive positions within her own companies and several large PLCs, she now provides agile, forward thinking organisations with strategic business solutions. Jane works with leaders of all levels and supports women in male dominated industries like cybersecurity and tech. Her book, IN Security: Why a failure to attract and retain women in cybersecurity is making us all less safe' is a best-seller.


Follow me

related posts:

Leave a Reply:

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch