Five critical IT questions you should ask your MSP in 2025

Key takeaways:

MSP Questions 2025: If you’re working with an IT managed service provider in 2025, don’t be afraid to ask tougher, deeper questions about your information technology. Ask these five critical questions to ensure your managed service provider is aligned with your long-term goals:

• What infrastructure, cybersecurity, or technology changes should we plan for in the next 6–12 months? 
• How does our IT performance compare to industry benchmarks? 
• Where can we apply AI or automation to streamline workflows and reduce manual tasks? 
• What are our biggest IT risks, and how is our MSP proactively addressing them? 
• Are we meeting the latest governance, risk, and compliance (GRC) standards for our industry? 

If your vendor isn’t coming to you with the “big questions,” you’re probably already behind. 

This adage about the importance of proactive customer service rings true—especially when it comes to having strategic conversations with your IT managed service provider (MSP). All too often, IT managers are so caught up in the day-to-day demands of their IT operation, they delay discussions of system planning and forecasting until the yearly budgeting cycle.  

If this sounds like the relationship you have with your MSP, it might be time for a reset. Fortunately, you can shift your MSP relationship from tactical to strategic, simply by asking the right questions. Ask them often enough, and eventually your MSP will come to you with answers before you ask.  

The year 2025 will go down as a year of ground-breaking advances in generative/tactical AI, cloud architecture and edge computing. While these technologies offer substantial productivity gains for most companies, they also dramatically increase the potential attack surface for hackers. There’s a lot to cover in a strategic, future-focused Q& A session with your MSP. Fortunately, I’ve got a cheat sheet of critical conversation starters that can transform your MSP relationship and ensure you stay one step ahead of your development needs. Let’s dive into some of my favorite questions to ask MSPs. 

MSP Questions 2025: Top strategic conversations to have with your MSP

Question No.1: What security, technology or infrastructure changes should we plan or over the next 6-12 months?

Good partners help you think ahead. They should continuously review your security layers, hardware refresh cycles, software renewals and compliance structures for needed updates. In 2025, most companies will be looking for ways to thwart AI-enabled hackers and improve the work-from-anywhere flexibility of their network, as a baseline.  

Considering everything we’re likely to see in new tools and threats this year, I’d ask your MSP to take a closer look at these specific areas: 

• Endpoint security solutions. More advanced managed solutions such as extended detection and response (XDR) and identity threat and detection response (ITDR) management help provide more granular visibility into endpoint risks and safeguard identity management, even in highly dispersed, cloud-based workplace configurations. 
  

• Hardware and software lifecycles. MSPs can find waste in the system and continuously redirect your budget to higher priorities.
  

• Additional cloud disaster recovery plans including redundant backup. A good managed service provider can create hybrid cloud disaster recovery plans so you’re not exclusively reliant on your cloud provider’s backup systems and have the recovery speed you need. 
  

Question No.2: How are we performing compared with similar organizations in our industry?

Your MSP should understand your industry peer group and how its competitive landscape shapes your IT key performance indicators. Some industries, such as healthcare and finance, for instance, have higher standards than others due to the sensitivity of the data being handled in your system. When you’re looking for questions to ask MSPs, have them compare your performance against industry norms for these benchmarks, including: 

• Patching compliance rate. The percentage of systems that have the latest security patches applied 

• Mean time to resolution (MTTR) and incident response rate. The average time to resolve IT calls and respond to serious issues 

• First call resolution rate. The percentage of full IT fixes on the first contact with the support team 

• IT spend as a percentage of revenue. The proportion of a company’s overall revenue vs. IT yearly budget 

• Downtime frequency and duration. The number and length of unplanned outages 

• User training and adoption rate. The percentage of users completing IT training programs, especially security awareness training 

• Cybersecurity incident rate.The overall number of cybersecurity incidents reported 

• Service-level agreement compliance rate.The percentage of IT services within the agreed-upon parameters
  

As technology makes it easier for companies to gather and parse performance data, the pressure will be on to create meaningful metrics for your IT operations. These statistics will help you justify your budget and focus your IT strategy against important industry norms. 

Question No.3: Where can we use AI or machine learning automation to improve workflows or reduce manual tasks?

If you think employees aren’t using AI in your organization, you may be surprised to learn the truth. Consider these latest stats from consulting firm McKinsey: 

• Three times more employees are using AI than their leaders imagine. 
• Some 70% of employees believe within two years, AI will change at least 30% of the work they do each day.
  

Leaders are taking note. This same McKinsey report recorded 47% of C-suite leaders saying their companies are developing AI too slowly, even though 69% of respondents said they’d already started investing in AI a year ago. Clearly, the pressure is on to get AI tools working safely and productively in corporate America. 

Now is the time to dive deep into the AI discussion with your MSP. Ask how AI can help reduce tickets, streamline processes, or elevate employee productivity. AI and machine learning for cybersecurity is especially promising right now. Have them look for self-healing systems that detect and neutralize threats automatically and AI models that are built on zero-trust architecture. 

Consider all the ways AI can be used not just for busywork, but also for gathering intelligence and elevating the work process. You can take those suggestions to your MSP as soon as buy-in has been achieved for the work processes. Your MSP can be helpful vetting new AI resources for system compatibility, creating safe data flows, and building AI training programs for employees.  

Question No. 4: Where do you see the most risk in our environment, and what’s being done to reduce it?

This is an important question, because it will separate the simple “break/fix” MSPs from a true provider/partner and trusted adviser. Your MSP should be able to examine your monitoring, remediations and data flows, then give you a detailed analysis of the greatest risk points in your organization.  

Expect more than just monitoring reports from your MSP. Instead, request an analysis of the patterns of risk emerging in your reporting. What’s being done to address these vulnerabilities now, and is it enough? What investments do we need to get ahead of the problem? Have vendor risk management scans been done on all our vendors, new and old, to determine outside risks? The answers to these questions can help your organization address existing gaps and plan for investments that keep you ahead of risks on the horizon. 

Question No.5: Are there any emerging governance, risk, and compliance (GRC) concerns we should be aware of that apply to our industry?

Understanding your industry’s operational risk is a matter of table stakes. But how well do they stay on top of emerging risks or new regulatory burdens in your industry? 

If you haven’t talked about the demands of your industry’s compliance structure since you signed your MSP contract, now is the time to address it again. For instance, The National Institute of Science and Technology (NIST) is working on a new privacy framework  for NIST compliance that could affect nearly every business.  

Other industries, such as banking, legal, manufacturing and nonprofits have updated their standards very recently to address the impact of AI on data safety and get ahead of the enhanced financial reporting that’s being required by the new Corporate Transparency Act. Now is the time to talk about whether your GRC operation is meeting data privacy regulations and 2025 benchmarks for your industry. 

Before you do strategic IT planning, ask your MSP about the big compliance issues. But don’t forget to ask about the smaller ones too, including questions such as: 

• Do we have the right systems in place to run accurate reports for compliance? 
• Are our cybersecurity policies, plans and procedures up to date, and inclusive of any new industry compliance standards being unrolled? 
• Have we properly revised our documentation and cybersecurity procedures to accommodate new software we’ve installed? 
• Are the vendors and any other third parties working with us adhering to the same, updated compliance standards that we are? Is their documentation up to date and compatible with ours? 

MSP Questions 2025: Get the answers you need to take the next step.

Your MSP relationship should be based on a constant dialogue between what’s happening now and where your IT roadmap is headed. The hard questions should be part of a process that builds regular, accurate and meaningful reporting. There’s never been more important time to have an MSP that’s up to the challenge. 

If you’re looking for a new IT partner for proactive IT support, Integris is eager to help. Contact us for a free consultation today.