Learn / practitioner

How much should an SMB actually spend on IT?

Most surveys give you a percentage of revenue. That is the wrong denominator. The right number lives in cost-per-employee per year — and the range is narrower than you would think.

If you have asked your peer network “what should we be spending on IT?” you have probably gotten answers ranging from 1.5% of revenue to 8%. Both numbers are technically true. Both are also nearly useless for actual budgeting.

Here is the problem with revenue-as-denominator: a 30-person professional services firm doing $20M in revenue and a 30-person manufacturing firm doing $4M have wildly different revenue numbers but nearly identical IT footprints. The endpoints, the identity surface, the security obligations — they are indifferent to your top line.

The defensible denominator is employees (more precisely, managed identities, but for most growing companies headcount is a close-enough proxy). And the defensible answer, based on Gartner, IDC, Spiceworks, and our own client cohort, falls into a much narrower range than you would guess.

The number, before the caveats

For a growing company between 1 and 500 employees, total annual IT spend per employee — including endpoints, software licenses, security, support, and cloud infrastructure but excluding specialized industry-specific software — typically runs:

  • $2,400 – $4,800 per employee per year for a leanly-run firm with productized infrastructure (where we live)
  • $4,800 – $7,200 per employee per year for a typical firm with a mid-tier MSP and standard-issue tooling
  • $7,200 – $12,000 per employee per year for firms with in-house IT staff, premium tooling, or compliance-heavy industries (regulated finance, healthcare, government contractors)

Why the spread? Three things move the number more than anything else: in-house staffing decisions, regulatory exposure, and tooling discipline.

What actually drives the number

In-house vs. outsourced

A single in-house IT generalist costs $130,000+ fully loaded (salary + benefits + recruiting amortization). At our 30-person example, that is more than $4,300 per employee per year for just one person — before any tooling, before any 24-hour coverage, before any specialization. By 75 employees, you can probably afford a real two-person team. Below that, outsourcing wins on capability and cost both.

Regulatory exposure

A SOC 2-pursuing company spends roughly 15-25% more on IT than a non-compliant peer of the same size, because the same tasks now need evidence. HIPAA covered entities run higher again. Government contractors with CMMC obligations can run double. All of that spend is purposeful — it is the table stakes for selling into those markets.

Tooling discipline

The difference between a well-run and a poorly-run IT shop, at any size, is mostly tooling consolidation. Companies that run 4 separate vendors for what should be 1 integrated stack pay more for less coverage. The number that matters here is the cognitive surface area — how many windows you have to keep open in your head to know the state of play — rather than per-license cost.

The math you can defend

Here is a model you can present to your board with numbers that hold up to scrutiny:

ComponentPer-employee annual rangeNotes
Endpoint (laptop refresh amortized)$700 – $1,2003-year refresh; mid-range business laptop
Productivity suite (M365 / Google)$180 – $480Per-seat licensing, mid to premium tier
Endpoint management + security + support$225 – $300The 360SmartIT Department range per computer per year, annual prepay to month-to-month; cloud-backup + MDR add-ons can take it to roughly $475 – $640
Backup + disaster recovery$60 – $120Cloud backup, business-grade
Compliance evidence collection$0 – $400Driven by regulatory posture
Industry-specific softwarevaries wildlyExcluded from this analysis
Network + connectivity (per location)varies by sizeAllocated separately
Subtotal (typical)$1,165 – $2,500The “blocking and tackling”

That is IT spend you would recognize. Add salaries-or-outsourced-services on top:

PathPer-employee per year
Outsourced (productized)$225 – $300 (the 360SmartIT Department range above already includes this)
Outsourced (traditional MSP)$1,200 – $2,400
In-house team (at 75+ employees)$1,500 – $3,500 amortized

Sum the rows: total IT for a 30-person growing firm should rationally land somewhere between $2,400 and $5,000 per employee per year. Below $2,400 and you are underinvesting in something — usually security or backup; above $7,000 and there is likely consolidation work to do.

What this number is and is not

  • It is a check, rather than a target. If you are far outside this band, ask why — there might be a great reason (you sell into healthcare, you have a custom-built product, your security posture is genuinely worth the premium) or there might be a budget hole.
  • It is not a percentage of revenue. We deliberately lead with per-employee math, even though the press loves “industry IT spend at 4.2% of revenue!” headlines. Revenue is the wrong denominator for SMBs.
  • It is an input rather than a decision-making framework. The decision-making framework is what outcomes you are buying with the spend — uptime, security posture, compliance readiness, support quality.

What we tell our clients

When we onboard a new GCO client, we benchmark them against this model in the first 30 days. Most fall within the typical range; some are notably high (usually because of vendor sprawl that consolidation will fix); a few are notably low (almost always because their security posture is undefended). Either way, the number tells us where to start.

If you would like the same benchmark applied to your firm’s IT spend, the build flow gives you the productized-outsourced number for your size and industry. Compare against your current run rate. The delta tells you something useful either way.

Technically reviewed by Tobias Wexler.

Want this turned into a real plan?

The build flow uses the same logic this article describes — three minutes to a configured IT department.