The Coverage Gap: Why MSPs Struggle to Train Every Client
Per-seat pricing can push MSPs to ration security awareness training. Here's how the seat tax creates coverage gaps — and what to consider instead.
Robbin Bun
DefendWise
The Coverage Gap: Why MSPs Struggle to Train Every Client
There is a coverage gap that should keep every MSP owner alert. When training is priced per seat, every additional learner becomes a budget decision.
That can leave smaller clients, contractors, seasonal staff, and lower-risk departments outside the training program — even when they still receive phishing emails, reuse passwords, and handle sensitive systems.
So why are MSPs leaving the vast majority of their clients exposed? It's not negligence. It's not ignorance. It's math.
The Seat Tax That Forces Bad Decisions
Every major security awareness training platform — KnowBe4, Proofpoint, Huntress, Arctic Wolf — charges per seat, per month. The rates vary ($1 to $5 per user), but the economics are the same: every employee you train costs you money.
That creates a straightforward business calculation. Say you manage 20 clients with a combined 2,000 employees. At $2/user/month, training everyone costs $48,000 per year. For most MSPs, that's a significant line item — one that's hard to pass through to clients who are already pushing back on monthly managed services fees.
So you make trade-offs. You train the 10 largest clients and skip the rest. You cover the C-suite and finance team but leave the warehouse staff untrained. You run phishing simulations quarterly instead of monthly because every additional campaign takes hours to configure.
The result is a coverage gap. Not because you don't care — because per-seat economics made the decision for you.
The Liability You're Carrying
Here's where it gets uncomfortable. When an untrained employee at one of your unprotected clients clicks a phishing link and triggers a ransomware incident, the question isn't just "who pays for the recovery?" It's "who knew this was a risk and didn't act?"
MSPs are increasingly finding themselves in the liability conversation after breaches. If you're the managed service provider and you didn't offer — or couldn't afford to offer — security awareness training to a client, that gap is discoverable. Insurance carriers are asking about it. Compliance frameworks require it. And lawyers absolutely love it.
The coverage gap is not just a revenue optimization question. It is a risk management problem that can be baked into the pricing model itself.
What Full Coverage Actually Costs (Today)
Here is an illustrative scenario for a mid-sized MSP with 2,000 total seats across all clients. Actual vendor prices vary by plan, term, volume, region, and partner program:
| Vendor | Per-Seat Rate | Annual Cost (2,000 seats) | Admin Time |
|---|---|---|---|
| KnowBe4 (Gold) | Illustrative per-user rate | Depends on seat count | Manual admin |
| Proofpoint | Illustrative per-user rate | Depends on seat count | Manual admin |
| Huntress SAT | $1.00/user/mo | $24,000 | Low (managed) |
| Arctic Wolf | $3.99/user/mo | $95,760 | Moderate |
Even at the cheapest option, you're looking at $24,000/year to cover everyone. And that's before you account for the admin time to manage campaigns, configure simulations, build reports, and chase down completion rates.
This is exactly why MSPs don't cover everyone. The cost of full coverage is prohibitive, so they cover what they can afford and hope the rest doesn't blow up.
The Hidden Cost: Admin Hours
The dollar cost is only half the story. Per-seat SAT platforms require significant hands-on management:
Campaign setup and scheduling. Someone on your team has to create phishing campaigns, select templates, configure target groups, set schedules, and manage exceptions. For each client. Every month.
Reporting and compliance documentation. When clients ask for their training metrics — and they will, especially during compliance audits — someone has to pull reports, format them, and send them. Manual report generation across 20 clients is a full afternoon, every month.
User management. Employees join, leave, and change roles. Someone has to keep the training platform in sync with each client's directory. Without automation, this is a constant trickle of manual work.
Legacy SAT tools can create recurring admin across user management, campaign setup, reminders, reporting, and client evidence requests.
If your team tracks time against SAT operations, add that labour cost to the per-seat fees before deciding what full coverage really costs.
Why This Problem Is Getting Worse, Not Better
Three trends are making the coverage gap harder to ignore:
AI-powered phishing is exploding. The phishing emails of 2024 were bad. The phishing emails of 2026 are grammatically perfect, contextually relevant, and nearly indistinguishable from legitimate messages. Every untrained employee is a more vulnerable target than they were a year ago.
Compliance requirements are tightening. More frameworks, more auditors, more insurance carriers are requiring documented security awareness training for all employees — not just key personnel. The days of "we train the important people" are ending.
Clients expect it. As security awareness grows in the public consciousness, more end-clients are asking their MSPs: "Are we doing security training?" The MSPs who can say "yes, everyone's covered" win trust. The ones who have to explain coverage gaps lose it.
Breaking the Model
The coverage gap is partly a pricing problem. The answer is not always to convince MSPs to spend more on per-seat training — it is to make full coverage easier to justify commercially.
What if SAT did not cost more when you added clients? What if every employee across every client could be trained for one fixed monthly price? What if recurring admin work was handled by automation instead of spreadsheets?
That is the model DefendWise was built on: $399/month, flat rate, unlimited users under fair use, and automated workflows. AI assists training content, phishing simulations, and reporting. You connect a directory, and coverage can extend across every client without a per-seat vendor bill.
At 2,000 seats, the flat-fee model creates a materially different cost curve than per-seat pricing. Treat the comparison as illustrative, then check your current vendor rates and contract terms.
The coverage gap does not always need a bigger budget. It may need a different model.
DefendWise is flat-rate security awareness training built for MSPs. $399/month, unlimited users under fair use. Model an illustrative scenario →