Internal IT department or external service provider? A guide for businesses with 100–500 employees
Productivity
Internal IT department or external service provider? A guide for businesses with 100–500 employees
TL;DR
When a company exceeds 100 employees, internal IT often becomes too expensive (1.55–1.65 million NOK/year per position including hidden costs). Most in the 100–500 segment, the hybrid model is smartest: an internal manager owns the strategy, while an external partner delivers breadth and 24/7 security.
When a Norwegian company grows past 100 employees, something interesting happens to the IT department: it ceases to be sufficient. What worked with one skilled IT generalist, a few enthusiasts, and a couple of laptops is no longer enough. Now you have Microsoft 365, cloud infrastructure, security monitoring, GDPR requirements, and perhaps a handful of business-critical systems that no one has a complete overview of.
The question most IT managers in companies with 100 to 500 employees ask themselves at this stage is: Should we hire more internally, or is it time to bring in an external operations partner? And how should this division look?
There is no simple answer. But there is a right answer for most in this segment, and it is not just about dollars and cents.
This article takes you through the real costs of both models, what you actually give up (and do not give up) by using an external partner, and why most medium-sized Norwegian companies end up with a hybrid model as the smartest choice.
The real costs: what internal IT actually costs
The most common mistake IT managers make in this calculation is comparing the monthly price of an operations agreement with the salary of a single IT employee. That is not a fair comparison because the salary is just the starting point.
According to SSB's wage statistics for 2025, the average monthly salary for ICT managers is NOK 107,770, equivalent to approximately NOK 1.29 million in annual salary. When you add employer's national insurance contributions, pension, and insurance, the total cost per position is closer to NOK 1.55–1.65 million per year before you have paid for a single tool or course day. In addition, there are:
Recruitment and onboarding: NOK 80,000–150,000 per hire, and the IT leader market is a challenging one to recruit from
Courses and certifications: NOK 15,000–50,000 per employee per year (IT skills become outdated faster than in most other fields)
Tools and licenses: RMM systems, security software, and backup solutions that are not included in the salary
Turnover risk: Losing a key person can cost 50–180% of their annual salary in lost productivity and recruitment costs
What does a 100-person organization cost?
For a Norwegian business with around 100 employees, the cost picture looks like this:
Model | Estimated annual cost | Coverage degree |
|---|---|---|
Internal IT (1 IT manager + 1 technician) | NOK 2.1–2.6 million/year | Office hours, limited specialization |
External operations partner (managed services) | NOK 1.2–1.8 million/year | 24/7 monitoring, full breadth of specialists |
Hybrid model (1 internal + external partner) | NOK 1.9–2.5 million/year | Strategic management internally + operational breadth externally |
Salary basis based on SSB wage statistics 2025. Operating agreement costs based on Norwegian market prices, adjusted against international analyses from Gartner.
The most important insight: According to Gartner, companies that transition to managed services reduce their total IT costs by up to 30 percent, not by sacrificing capacity, but by cutting the overhead that internal IT operations carry as standard.
For businesses with under 250 employees, five-year TCO analyses show that an external operations partner is 18–22% cheaper than equivalent internal capacity. For over 400 employees, the picture is more nuanced, and the hybrid model takes over as the most cost-effective solution.
For businesses with under 250 employees, five-year TCO analyses show that an external operations partner is 18–22% cheaper than equivalent internal capacity. For over 400 employees, the picture is more nuanced, and the hybrid model takes over as the most cost-effective solution.
What you actually get (and give up) with each model
Costs are one thing. What IT managers in medium-sized businesses actually fear is something else: losing control, being locked to a vendor, or having no one to call when something goes wrong at two in the morning.
Let's be honest about it.
Internal IT department: strengths and real weaknesses
An internal IT department provides proximity and context. Your IT people know the systems, the people, and the corporate culture. They are physically present and can react quickly to local issues.
But for businesses with 100–500 employees, this picture is incomplete:
Breadth of expertise is impossible to build internally. An IT manager with two technicians cannot simultaneously be experts in network security, Microsoft 365 administration, cloud infrastructure, GDPR compliance, and user support. Some of these domains require dedicated specialists.
Vulnerability to absence. What happens to IT operations when the IT manager is on vacation, on sick leave, or resigns? For many businesses, the answer is: nothing works as it should.
Reactive operations. Internal IT teams spend most of their time firefighting. Proactive monitoring and prevention require tools and processes that cost more to build than to buy.
External operations partner: what you actually get
A good operations partner is not just a helpdesk you call when something is wrong. It is a team of specialists who monitor your environment continuously and who have seen the problems you haven't encountered yet.
Concretely, this means:
Dimension | Internal IT | External operations partner |
|---|---|---|
Coverage hours | Office hours (approx. 1,700 hours/year) | 24/7/365 |
Breadth of expertise | 1–2 areas of specialization | Full team across all domains |
Security monitoring | Limited | Dedicated SOC available |
Patch compliance | ~70 % | 95 %+ |
Scalability | Requires new hire | Adjustable in contract |
GDPR and compliance | Rarely specialized | Included in service level |
The drawback is real: an external partner does not know your business as well from day one. It takes time to build trust and context. And if you choose the wrong partner, it can be costly to extract yourself from the agreement.
That is why the hybrid model has emerged as the preferred solution for precisely this segment.
Read more about how Procano takes full or shared responsibility as your IT department.
The hybrid model: the smart path for the 100–500 segment
For companies with 100 to 400 employees, the hybrid model is not a compromise. It is a deliberate strategy.
The principle is simple: one internal IT manager who owns the strategy, vendor relationship, and business understanding, combined with an external operations partner who delivers operational breadth, security monitoring, and specialist expertise.
What the hybrid model solves
This model addresses the three biggest pain points for IT managers in medium-sized companies:
The control problem: You retain an internal resource who knows the business, owns the IT strategy, and serves as the link to the rest of the organization. You do not hand over control.
The expertise problem: The external partner fills the gaps. Network security, cloud infrastructure, Microsoft 365 specialization, 24/7 monitoring. You buy breadth without hiring directly for it.
Vulnerability problem: No single person is any longer a critical dependency. Operations continue even if the IT manager is out of the office.
A realistic cost example for a Norwegian company with 150 employees
One internal IT manager: approx. NOK 1.55–1.65 million/year incl. social costs. Operations agreement with external partner: approx. NOK 800,000–1.2 million/year depending on service level. Total: NOK 2.3–2.8 million/year for full coverage, 24/7 monitoring, and complete specialist breadth.
By comparison: building equivalent capacity internally with 4–5 IT employees would cost NOK 5.5–7.0 million/year, without necessarily giving you broader expertise in security and compliance.
The real benefit is not just money. It is that your IT manager can spend their time on IT strategy and business development, instead of resetting passwords and chasing error messages.
According to international benchmarks from Gartner, the hybrid model is the most cost-effective solution for organizations with over 400 employees, but for most Norwegian companies in the 100–500 segment, it is right from day one.
Security and compliance: where internal IT most often falls short
For medium-sized Norwegian companies, cybersecurity is no longer a "nice to have." The NIS2 directive, GDPR, and increased requirements from insurance companies mean that compliance has become a board responsibility, not just an IT responsibility.
Here is the problem: most IT generalists are not security experts. An internal IT manager responsible for the entire IT operation simply design not have the capacity to keep up with the threat landscape, implement Zero Trust architecture, and manage a security incident all at the same time.
What an external partner brings to the security table
24/7 security monitoring (SOC): Threats are detected within minutes, not hours or days
Proactive patch management: External operations keep 95%+ of systems updated, compared to ~70% in typical internal setups
Incident response: Dedicated procedures and teams that handle security incidents without paralyzing the entire IT department
Compliance documentation: GDPR reporting, audit trails, and documentation required by auditors or insurance companies
The consequence of underestimating this is not hypothetical. Unplanned downtime affects two out of three Norwegian companies every year, and the costs of a security incident quickly exceed what an operations agreement costs over several years.
An external partner with Microsoft Solutions Partner status in Infrastructure and Modern Work is certified to handle precisely this environment and is held accountable for it through SLA agreements.
How to choose the right operations partner for your business
Not all operations partners are alike, and choosing the wrong partner can make things worse. Here are the factors that separate a strategic partner from a helpdesk with a fancy name:
Five things you should check
Dedicated contact person. Not an anonymous support queue. You should have one person who knows your business and is responsible for delivery.
Microsoft certification. For Norwegian companies running Microsoft 365, Azure, or Dynamics, Microsoft Solutions Partner status is a minimum requirement, not a bonus.
Clear SLA levels. What is the guaranteed response time? What happens in case of a breach? A serious partner specifies this and accepts the consequences of failing to deliver.
Security maturity. Ask concretely: do they have SOC capacity? Do they offer 24/7 monitoring? Have they handled security incidents before, and what was the outcome?
Flexibility in the model. The best partner offers a hybrid model where you can scale up or down as needed, without being locked into a rigid setup.
Warning signs to look out for
Vague answers about what is included in the agreement
No references from companies of similar size and industry
Pricing model that does not include security monitoring as standard
No clear process for onboarding and knowledge transfer
Choosing an operations partner is a strategic decision, not a purchasing decision. The best partners function as an extension of your IT department, not as an external vendor you send requests to.
Next step: map your IT environment before you decide
The decision between internal IT versus an external operations partner should never be made without a thorough review of your own IT environment. What do you have today? What is missing? What does it actually cost?
Most organizations in the 100–500 segment discover in such a review that they are either paying too much for too little, or that they have critical gaps in security and skills they were unaware of.
Three questions you should be able to answer:
What is the actual total cost of IT operations today, including hidden costs?
Which areas of expertise are you missing internally, and what would it cost to hire to cover them?
What is the consequence for the business if the IT manager resigns next month?
Procano offers a free IT assessment for Norwegian businesses with 100 employees and up. You will receive a concrete assessment of your current IT environment, identified gaps, and a recommendation on which model suits your business best. No obligation, no sales pressure.
This page is translated using AI
Give feedback
