Menu

CASE STUDY

Market Study in Managed Cybersecurity Services for a Global IT Services Provider

How a global IT services provider sharpened its IAM and Cloud Security positioning through market intelligence and strategy, AI integration across its service lines, and outcome-linked pricing constructs.

<b>SARTHAK BRAHMA</b><br>CEO, HEX Advisory Group SARTHAK BRAHMA
CEO, HEX Advisory Group

Industry

IT Services

COMPANY SIZE

Global Enterprise

GEOGRAPHY

Global

TIMELINE

10-12 weeks

01. Executive Summary

A major global managed IT services provider engaged HEX Advisory Group to conduct a market study of the managed cybersecurity services space, with a focused lens on Cloud Security and Identity & Access Management (IAM). HEX assessed the client’s service portfolio against current market expectations, drew a analysis on the emerging major market trends and commercial constructs, evaluated AI and automation integration opportunities across their managed service lines, and mapped the competitive landscape to identify differentiation levers and cross-portfolio integration plays.

~35%

Agentic SOC productivity uplift in mature implementations
over five years

$52.4B

SMB cybersecurity market opportunity by 2034
(13.7% CAGR)

9

Peer providers benchmarked across IAM, Cloud Security & integration strategy

HIGHLIGHTS

  • Framed the market shift in cybersecurity, cloud security, and IAM, and defined how enterprise expectations, commercial models, and productivity KPIs are being reshaped by AI, regulatory pressure, and identity sprawl.
  • Benchmarked pricing model prevalence, governance fees, and commercial alignment metrics across Risk Reduction, Compliance, and Operational Resilience pillars, and recommended outcome-linked pricing constructs with performance bonus and service credit mechanisms
  • Quantified the Agentic SOC productivity trajectory and built AI/automation use case libraries across IAM and Cloud Security, along with a competitive view of Accenture, Capgemini, TCS, Wipro, HCLTech, Cognizant, Kyndryl, CGI, and Infosys to sharpen the client’s integration strategy and GTM approach

02. The Opportunity

CLIENT BACKGROUND

The client is a global managed IT services provider with an extensive managed cybersecurity services portfolio spanning Security Operations Center (SOC) services, Identity & Access Management (IAM), cloud security, threat detection and hunting, endpoint protection, and adjacent security domains. The organization serves enterprise and mid-market clients across multiple industries and geographies, delivering integrated cybersecurity solutions through a broad portfolio of managed security offerings.

 

THE SITUATION

The cybersecurity landscape is being reshaped by AI adoption, regulatory expansion, and the dissolution of the traditional network perimeter. Enterprises now operate across hybrid IT, cloud, SaaS, APIs, and partner ecosystems; static, perimeter-based controls no longer align with how users, data, and applications operate. Buyers increasingly expect automation-first delivery, hyperscaler-aligned tooling, unified service bundles, and outcome-based commercial constructs. The client needed an external view of whether its Security Services portfolio, pricing approach, and integration model remain competitive against peers executing platform-led, as-a-service strategies.

 

WHAT WAS NEEDED

  • A structured assessment of how enterprise clients consume Security Services today and how the client’s IAM and Cloud Security offerings align with current client expectations and industry practices
  • A review of current pricing and contracting approaches in the security services market and recommended pricing constructs linked to measurable outcomes and scalable delivery models
  • An evaluation of how leading service providers embed AI, analytics, and automation across security operations, with high-impact AI use cases mapped for the client
  • Identification of emerging security themes and differentiation levers, along with a framework for integrated value creation across the client’s Applications, Workplace, Cloud, and Infrastructure portfolios
  • Benchmarking of RU (Resource Unit) rates across geographies for key security services including Managed SOC, Threat Hunting, SOCaaS, EDR, WAAP, SSE, and others

03. The Solution

OUR APPROACH

HEX applied a six-workstream approach covering service portfolio and market alignment, pricing and commercial frameworks, AI and automation integration, emerging themes and differentiation levers, integration across the client’s portfolios, and RU rate benchmarking. The team combined primary research across leading service providers with structured frameworks for productivity drivers, deal environment maturity, and commercial alignment metrics, and validated findings against observed market deal outcomes.

 

WHAT WE DID

  • Cloud Security landscape. Framed cloud security around four pillars (IAM, Data Security and Privacy, Infrastructure and Application Security, and GRC). Identified six adoption drivers reshaping demand, including speed and scale, GenAI data demand, data sovereignty, cloud-native architectures, FinSec pressure, and continuous compliance. Flagged four risk vectors where cloud breaches actually originate, misconfiguration as the primary breach vector, AI Shadow IT, non-human identity sprawl, and software supply chain injection, and matched them to the tool categories the client needs to position against (CWPP, CIEM, CDR, CSPM, DSPM, Container Security).
  • IAM landscape. Traced IAM’s evolution from local authentication in the 1990s to the current Zero Trust and ITDR era where identity has become the primary security boundary. Mapped six IAM service pillars, six enterprise adoption challenges (legacy architecture, NHI visibility gaps, limited ITDR maturity, scaling barriers, hybrid execution complexity, skills gaps), and enterprise expectations on both solutioning and commercial terms. Built a vendor landscape view across Okta, Ping Identity, Microsoft Entra, SailPoint, and CyberArk, with industry-specific use cases across Financial Services, Healthcare, Manufacturing, Retail, Tech/SaaS, and Public Sector.
  • Pricing and commercial frameworks. Quantified the market shift from “buying capacity” to “buying certainty” with prevalence split as Hybrid (60–65%), Consumption-Based (20–25%), Fixed-Fee (5–10%), and Outcome-Based (2–5%). Recommended aligning commercial terms to three value pillars: Risk Reduction KPIs, Compliance and Governance KPIs, and Operational Resilience KPIs. Designed an At-Risk Fee structure with a 5% Performance Bonus upside and tiered Service Credit downside and called out which legacy KPIs are losing relevance versus which are becoming essential.
  • AI and automation integration. Built Agentic AI impact heatmaps for both the IAM and Cloud Security landscapes, scoring automation impact across activities.
  • Deal environment and productivity drivers. Proposed a maturity-based deal environment framework spanning infrastructure complexity, technology constraints, operational process maturity, automation readiness, outsourcing generation (Gen-1 through Gen-3+), and deal size, with a parallel SOC-specific productivity framework built around security data complexity, operating model stability, tooling and automation depth, and risk appetite.
  • Quantum risks and crypto-agility. Flagged public-key cryptography degradation, “harvest now, decrypt later” risk, and transition complexity as the core quantum threats, and benchmarked peer capability across Accenture, TCS, HCLTech, IBM, and Capgemini to show the client where the quantum-readiness bar sits.
  • Integration across the client’s portfolios. Made the case that integration is non-negotiable, anchored on five levers: identity as the horizontal integration layer, reduction in management debt, building sticky partnerships, multiplying AI ROI, and meeting DORA and NIS2 compliance baselines. Recommended five strategic moves and benchmarked against how TCS, Accenture, HCLTech, Cognizant, and Wipro are executing.
  • Competitive landscape and GTM. Built one-page profiles for Accenture, Capgemini, HCLTech, Cognizant, Kyndryl, CGI Group, Wipro, TCS, and Infosys, covering strengths, flagship IP, M&A and partnerships, integration approach, and geography/industry dominance. Synthesized six common solution themes (As-a-Service consumption, CNAPP-bundled Zero Trust, Identity Fabric orchestration, Passwordless, NHI governance, ITDR) and positioned each peer against the client on core integration strategy, cloud-security synergy, and emerging tech focus. 

WHY THIS APPROACH

Security services decisions are being driven less by capability checklists and more by commercial construct, AI leverage, and integration depth. By combining market benchmarking with productivity driver analysis, competitive teardowns, and segment-specific commercial models, HEX gave the client a view that is grounded in observed market outcomes rather than vendor marketing, and that separates structural productivity levers from pricing-led commitments.

04. The Impact

The study equipped the client with an external, evidence-based view of its Security Services portfolio across market alignment, pricing, AI integration, portfolio integration, and competitive positioning, directly informing how the client should evolve its IAM and Cloud Security offerings and commercial constructs.

 

RESULTS

  • Sharper portfolio positioning in IAM and Cloud Security, anchored on enterprise-relevant service pillars, identified risk vectors, and a defensible view of where the client should invest to close gaps against peers
  • A modernized commercial playbook combining Hybrid pricing as the default construct with outcome-linked KPIs, At-Risk Fee mechanics, and governance fee guidance benchmarked by deal complexity
  • A concrete AI and automation adoption roadmap for SOC, IAM, and Cloud Security, supported by quantified productivity trajectories and a use case library mapped to service lines
  • A cross-portfolio integration narrative positioning identity as the horizontal control plane and a differentiated SMB GTM motion built around productized tiers and consumption-based commercials.

BEFORE

The client’s Security Services portfolio view was largely inward-out, with limited external benchmarking of how client expectations, commercial models, and AI leverage are reshaping IAM and Cloud Security. Pricing approaches were anchored in traditional constructs, and integration across portfolios was not articulated as a commercial differentiator.

AFTER

The client holds a structured view of the security services market grounded in peer benchmarking, a modernized commercial framework linked to measurable client outcomes, a quantified AI and automation adoption path, and a positioning narrative built around identity as a horizontal control plane and segment-specific GTM models for both enterprise and SMB.

05. Lessons Learned

Several insights from this engagement are broadly applicable to IT services providers competing for large outsourcing deals in markets where automation and platform standardization are reshaping productivity expectations.

 

IDENTITY IS THE NEW INTEGRATION LAYER

With the network perimeter dissolved, identity has become the universal control plane that ties together infrastructure, applications, data, and workloads. Service providers that position identity as a horizontal integration layer across their portfolios create stickier client relationships and unlock cross-sell between managed services, cloud, and workplace engagements.

 

SHIFT FROM BUYING CAPACITY TO BUYING CERTAINTY

Security buyers are moving away from pricing models that reward hours and heads, and toward constructs that reward risk reduction and operational silence. Providers that can commit to outcome-linked KPIs, supported by At-Risk Fee structures, will defend margin better than those defending traditional T&M or fixed-fee constructs.

 

AI LEVERAGE MUST BE STRUCTURAL, NOT COSMETIC

Agentic AI delivers material productivity uplift only when embedded into the SOC and IAM lifecycle at a structural level. Mature implementations can reach high effort productivity over five years, but only when adoption is paired with strong data quality, pre-approved response actions, and governance flexibility. Providers investing in platform-led, AI-first delivery will compete on a fundamentally different cost curve.

 

SEGMENT-SPECIFIC GTM WINS THE MID-MARKET

SMB buyers behave differently from enterprises on every dimension, decision-maker, buying trigger, evaluation process, and pricing preference. Providers that productize security into tiered bundles, price on a consumption basis, and use no-cost risk assessments as the GTM wedge can scale into the mid-market without eroding enterprise economics.

Facing a similar challenge?

HEX Advisory Group is an independent sourcing advisory and benchmarking firm. We bring practitioner-led expertise, conflict-free advice, and proprietary market intelligence through the HEX Index®.

info@hexadvisory.com

www.hexadvisory.com

45 Rockefeller Plaza, New York

Back To Top
HEX-Logo-2026SVG

HEX Advisory Group is an independent IT and BPS sourcing advisory and benchmarking firm headquartered in the United States. Founded in 2022 by former leaders of the benchmarking and sourcing practices at Everest Group, WGroup, and Wavestone, HEX provides contract health checks, outsourcing cost optimization, benchmark-led negotiations, and GCC advisory to global enterprises and private equity firms. Our proprietary HEX Index® platform delivers rate and pricing benchmarks derived exclusively from real outsourcing contracts across 50+ global locations.

Contact Us

Careers

Privacy Policy

LinkedIn

Perspectives

45, Rockefeller Plaza
Suite 2000
New York, NY 10111
USA

Level 3, Good Earth Business Bay II
Sector 58
Gurgaon – 122 098
India

© Copyright Hex Advisory Group. All rights reserved worldwide.