An Introduction to Retained Services

Why clients would use retained services, and the pros and cons of retainers for independent security professionals.

7 min read · Written by Grant Rayner on 23 Aug 2023

Share by email

The last few articles have focused on consulting services. As an independent security professional, one of the weaknesses of only providing consulting services is that they may not always allow for an ongoing stream of revenue. While you’re busy delivering a project, you’ll have limited bandwidth for marketing and sales activities. This dynamic will almost always result in a post-project dip in activity, which will have an impact on revenue.

Retained services, or ‘retainers’, provide an opportunity to avoid this issue and ensure a stable ongoing revenue stream. However, as you’ll learn shortly, there are also downsides to using retainers.

In the context of security consulting services, a retainer refers to an ongoing payment structure where a client pays a consultant (or consulting firm) a set fee for a specific set of services, or to be on-call for needs as they arise. Typically this fee is paid on a monthly basis, providing a regular stream of revenue.

In this article, I’ll focus on the pros and cons of offering retained services. I’ll also provide some recommendations regarding whether you should include retained services in your portfolio of products and services.

I’ve been retained by several clients over the years. Overall, these experiences have made me avoid entering into retainer agreements unless there’s a compelling reason to do so. I’ll expand on some of these experiences later in this article.

Before we look at the pros and cons of retainer agreements from the perspective of you as an independent security professional, it’s useful to understand why a client would want to retain your services in the first place. What’s in it for them?

Benefits to Clients

When a client retains the services of an independent security consultant, it provides several benefits. Here are five reasons why a client organisation may hire you on retainer:

  1. Consistent and Dedicated Support. By retaining a security consultant, the client ensures they have consistent access to a knowledgeable professional whenever they need support.
  2. Cost-Efficiency. While the initial cost of a retainer may seem high, it often translates to cost savings over time. The client avoids having to pay the costs associated with having a full-time in-house expert, while still having the benefit of ongoing access to specialised knowledge. The potential for retainer arrangements to offer cost savings over ad-hoc hourly billing, especially if the client uses the services frequently, is one of the key reasons a client will be willing to enter into a retainer agreement. This point also suggests that you’ll be offering a lower rate for your retained services that you would for ad-hoc consulting services.
  3. Proactive Approach to Security. Having a retained security professional will enable the client to better monitor threats and risks, allowing them to identify and mitigate risks and threats before they escalate into significant issues. Taking a more proactive approach will also reduce the likelihood of incidents, which could be costly for the client.
  4. Access to Specialised Expertise. Independent security professionals may have specialised skills and experiences that are not available in-house. A retainer ensures that the client has ongoing access to this expertise.
  5. Flexible and Customised Service. Unlike working with a large consulting firm, an independent consultant can often provide more personalised and adaptable services. A retainer allows for the creation of tailored security programmes that align with the specific needs and goals of the client, without the constraints that might come with more standardised service packages.

By entering into a retainer with an independent security professional, a client can ensure that they have dedicated, specialised support at their disposal. An ongoing relationship facilitates better security planning, more effective risk management, and often proves to be a cost-effective solution in the long run.

On balance, retainers can be an appealing option for organisations that want to enhance their security posture without investing in a full-time in-house security team.

As you’ve probably noted, certain types of clients will benefit from retainers more than others. Specifically, clients without an internal security function or with a junior security function. Clients that do have a strong security function are less likely to want to have a security consultant on retainer unless that individual has unique skills not available in the in-house team.

Let’s shift focus to the benefits that you’ll gain by providing retained services.

The ‘pros’ of offering retained services

There are a number of key benefits to be gained by providing retained services as a service to your clients. Here’s five of the key benefits:

  1. Stable Income Stream. A retainer guarantees a certain amount of income over the contract period, providing financial stability and making it somewhat easier to plan for the future.
  2. Long-Term Client Relationships. Working with a client on an ongoing basis helps build a deeper understanding of their organisation and needs, enabling you to provide more effective and customised solutions. In turn, this will lead to increased satisfaction, both for your client and you.
  3. Efficient Time Management. Knowing the workload in advance allows for better scheduling and time management, enabling you to balance multiple client engagements. Importantly, you’ll also be able to schedule time for skill development and other business development activities.
  4. Increased Professional Reputation. Retainer agreements often signify a level of trust and satisfaction from clients. Successful long-term relationships can lead to referrals and an enhanced professional reputation.
  5. Opportunity for Proactive Work. Deeper engagement with clients may allow you to identify and resolve issues before they become major problems. This proactive approach is not only impactful, but will be satisfying for you as a professional.

Of course, retained services are not without their disadvantages.

The ‘cons’ of offering retained services

Before you launch ahead and start asking your clients to sign retainer agreements, it’s instructive to consider the potential disadvantages for retainers. Here’s five of the key disadvantages:

  1. Risk of Underutilisation. If the client doesn’t require your services as much as anticipated, you may find yourself with unutilised time that could have been spent on other paying projects. From your client’s perspective, they may feel like they are not getting value for their money. A key lesson here is not to overpromise when setting up the retainer agreement.
  2. Potential Overcommitment. Taking on multiple retainer clients may lead to scheduling conflicts, particularly if several clients need urgent attention at the same time. Managing these commitments can be challenging and have the potential to lead to reduced quality of service or availability. Both factors will affect client satisfaction. Larger consulting companies don’t have this issue, as they’ll always have resources available to support clients.
  3. Possible Complacency. The security of a steady income might reduce the incentive to actively seek new clients or opportunities, potentially limiting business growth and personal development.
  4. Contract Complexity. Retainer agreements must be carefully drafted to clearly outline the scope of work, availability, response times, etc., to avoid misunderstandings or disputes later on. Negotiating and managing these agreements can be time-consuming and may not be appropriate if you’re only being paid a small sum of money each month.
  5. Limited Flexibility with Other Opportunities. Commitment to retainer clients might limit your ability to take on interesting or lucrative ad-hoc projects that come up, restricting your business’s flexibility and potential growth.

Of these points, the one on complacency is important. It’s easier than you think to sit back and enjoy a steady cash flow. It can make you lazy. Furthermore, you should also consider risks associated with losing a retainer client.

Also, don’t underestimate the challenges with contracts, particularly in relation to setting realistic expectations regarding the level of service you’re able to provide. Are you really prepared to be contactable on a 24/7 basis? If not, you’ll need to make sure the contract is clear on your availability.

The next question is whether you should offer retained services at all?

Should you offer retained services?

Yes, but only in moderation and in combination with other services.

There’s several rules I follow when it comes to entering into retainer agreements:

  • Don’t try to force a retainer. Only agree to a retainer in contexts where a retainer makes sense. Otherwise, keep to consultancy agreements on a project-by-project basis.
  • Carefully structure the retainer. You’ll need to be very careful when structuring the services available in the retainer. I’ll discuss how you can approach this aspect next week.
  • Know when to stop a retainer. Both you and your client should maintain open communication and, when it’s clear that the retainer is no longer providing the desired level of value, you should agree to close it down.
  • Balance with other services. Never rely solely on retainers. If you have retainers, continue to deliver other projects. Doing so not only helps grow your business, but also develops your skills and experiences.
  • Continue to promote your business. Avoid the temptation of thinking you have enough business and can press pause on marketing and sales efforts. Continue such activities in the knowledge that you could lose one of your retained clients at any time.

As mentioned in the introduction, I’ve entered into several retained services agreements over the years. Here are a few things I’ve learned from those experiences.

First, I’ve found that you’ll need to take the lead and guide your clients regarding when to enter into a retainer agreement. If your client only needs security consulting services intermittently or for a specific project, a retainer probably won’t be the most cost-effective solution, even if that’s what they’re asking for.

Second, I’ve found that the most number of retainer agreements I can manage at one time (and do other work) is two. Two good retainers provide a steady income stream without draining your time and limiting your capacity for other work. You’ll gain the benefits of retainers while avoiding some of the costs.

Third, don’t underestimate the demands of needing to be continually available to your clients, and responsive to their calls or emails. Over time, being available and responsive can wear you down. It can also distract you from other work. I’ve found supporting the same client over an extended period can be more challenging than complex short-term projects. It’s difficult to maintain consistent levels of support over long periods.

Fourth and finally, be careful how you structure your retainer agreements and be careful regarding how you account for your time. As an example, for my recent retainers, I’ve been required to maintain detailed time sheets. These time sheets were reviewed by the client at the end of each billing period. The obvious challenge here is that some months you’ll work under the agreed number of hours and in some months you’ll work over. Maintaining time sheets also takes time and effort. Expect your time sheets to be scrutinised and questioned, and expect to have to do additional non-billable work responding to queries and adjusting invoices. Fortunately, in my case, my timesheets tend to be more accurate than my clients’ memories. The point is to be aware of what you’re signing up for and not underestimate the time required to administer a retained services agreement.

Next week, I’ll expand on some of these points when I explore different approaches to structuring retainer agreements.