4 min read · Written by Grant Rayner on 30 Aug 2023
Share by emailLast week, I introduced retainer agreements as a service. I discussed why clients may want to retain your services and the benefits they get by doing so. I also covered the pros and cons for retainer services for you as an independent security professional.
The art to successful retainer agreements is to tailor the retainer so that it provides a meaningful solution for your client. It follows that if you mismatch the structure of the retainer with the objectives the retainer is trying to achieve, you’ll fail to achieve the objective. Worse, you’ll probably also run into problems with your client.
Let’s explore the different ways you can structure retainers.
An hourly retainer allows your clients to purchase a block of hours per month, which they can use for any services. Unused hours may or may not roll over to the next month, depending on the agreement. This approach seems the most straightforward but, as you’ll learn later, it can result in problems.
A service-specific retainer approach focuses on delivering a specific set of services each month, as agreed upon by both parties. These services could include regular assessments, training, reporting, or other tasks.
You could offer unlimited services for a flat monthly fee. This approach might appeal to clients who anticipate needing a high level of support but can be risky for you if not managed properly.
A project-based retainer involves the completion of a particular project or set of projects within a specific timeframe. This approach can provide more predictability for you and your client but will require detailed planning and a well-defined scope.
Retainer with additional fees is a hybrid model that combines a lower retainer fee with additional charges for specific services or hours beyond a certain threshold. This approach can offer a balance between predictability and flexibility.
This approach offers different levels or tiers of service at different price points, allowing clients to choose the level that best suits their needs and budget. You would typically apply this approach when initially pitching your services to a client, providing them different options.
You could offer an on-call retainer, where your client pays for the guarantee of immediate support in case of emergencies. This approach is common in IT support and legal fields, and has application in security.
In addition to these approaches, there are approaches widely used in other industries that could be applied to security.
Particularly in fields like business management consulting, the fee might be tied to the value delivered rather than the time spent. This approach requires clear metrics and understanding of the value provided. It’s unlikely you’ll use a value-based retainer in security, but it may be possible in the right circumstances.
A equity-based retainer is sometimes used in startup consulting, where the consultant receives equity in the company in exchange for ongoing support and advice. It’s unlikely you’ll be involved in such retainers as an independent security professional, but it’s certainly something to be aware of.
In the legal profession, a retainer might act as a down payment toward the estimated cost of services. The actual billing might still be based on hours worked or specific services rendered. You could adopt a similar approach for security services.
In highly regulated industries, a retainer might be designed to ensure ongoing compliance with laws and regulations, providing regular audits, assessments, or updates as laws change. If you were an expert in aspects of cyber security, and your client didn’t have a full-time chief information security officer, they could retain you for a few hours a week to cover their ongoing compliance or regulatory requirements.
Exclusive or Non-Compete Retainer
Some clients might require exclusivity within a certain industry or market, preventing the consultant from working with competitors. This can provide security for the client but might limit your opportunities to provide similar services to other clients.
Which retainer structure should you use? The simple answer is to select the structure that is most aligned with your clients needs and provides the required level of value.
Of these options, the approach with the most utility is the service-specific retainer. This approach provides certainty for both you and your client. There’s a low possibility of unfulfilled expectations, as it’s clear what the client is getting for their money.
Hourly retainers can be problematic. It’s almost certain that you’ll either exceed or go under the agreed number of hours per month. You’ll need to agree with your client in advance how you will treat these differences. If you consistently underutilise your hours, there’s a risk that your client will eventually want to either reduce the number of hours per month or cancel the contract. A better approach to hourly retainers is to use a retainer with additional fees. This approach ensures you receive a base fee per period (typically a month) and has an agreed remedy if you extend beyond those hours.
Another consideration with time-based retainers is that you’ll need to maintain time sheets, which can be a hassle and are almost invariably scrutinised and questioned by the client.
One of the challenges you’ll face with retainers as an independent security professional is that you’ll be required to guarantee your availability. As a result, you’ll lose some flexibility in how you operate. If you’re required to be ‘on call’ for a client, you’ll be constrained in other activities. For this reason, you would want to limit the number of retainers you accept and you’ll also need to be clear in your contract regarding your availability.
Overall, it’s good to be able to offer retainers as an independent security professional, and you should certainly not shy away from doing so. That said, before agreeing to a retainer, a good rule of thumb is to ask yourself whether the work can be delivered as a project. If the work can be delivered as a project, that may provide a better alternative than setting up a retainer agreement.