Legacy IT: The Hidden Risk That Keeps Biting Managed Services Deals
There’s a quiet, persistent risk that keeps derailing managed services contracts, especially in government and regulated industries: the underestimated chaos of legacy IT.
It’s not the flashiest topic. No one opens a bid review meeting saying, “Let’s talk about undocumented mainframe dependencies today.” But maybe they should. Because once the contract is signed, and your team is knee-deep in operational handover, the problems you didn’t see—or didn’t push hard enough to expose—come roaring to the surface.
I’ve seen this pattern repeat far too often. A bid looks clean on paper. The client says, “Nothing too complex.” You’re under pressure to keep pricing sharp and timelines aggressive. And deep down, you know: there’s probably a spaghetti mess of old systems hiding in there, but you’ve only got partial visibility and limited time.
Still, the bid goes in. You win. Then comes the real cost.
Two recent examples should be a wake-up call:
MLC Life Insurance copped a $10 million fine in 2023 after legacy system failures meant it couldn’t meet its obligations to over 1,000 customers. Total remediation hit $11.8 million.
A New South Wales local council fell victim to a ransomware attack in 2022, with unsupported legacy systems leaving it wide open. The fallout included 80-hour staff weeks and manual water quality checks.
These aren’t edge cases. They’re symptoms of a broader problem.
The 2023 PAC report found that 79% of firms now view legacy IT as a barrier to innovation. That number’s climbing. And it’s not just about innovation—it’s about risk. Legal. Financial. Operational.
So why do we keep underestimating it?
In my experience, it usually comes down to five things:
Clients don’t fully disclose what’s under the hood. Sometimes they don’t even know.
Bid teams assume too much can be fixed too quickly.
Timelines don’t allow for proper due diligence.
Cost pressure leads to undercooked transition plans.
And everyone wants to believe the problems are someone else’s fault, or already fixed.
This gap between promise and reality affects more than pricing. It distorts solution design, warps delivery expectations, and leaves you exposed when things go wrong.
What to do about it?
If you’re bidding on a contract where legacy IT might be lurking—and in regulated sectors, it almost always is—then you need to do three things:
Get nosy. Ask for detailed system inventories. Talk to people who’ve worked in the trenches. Don’t rely on glossy documentation.
Price for reality. Include contingencies. Propose phased transitions. Push back on unrealistic SLAs.
Document the risk. If the environment’s murky, say so in writing. Make the client share in the uncertainty. If you don’t, you’ll own it all later.
It’s not about scare tactics. It’s about trust, transparency, and being smart enough to know where the real risks lie.
Because the next time legacy IT comes back to bite, it’ll be your team cleaning up the mess—unless you’ve already planned for it.