In most small businesses, the “IT person” was never hired to be the IT person. They are the office manager, the controller, the operations coordinator, or the most technically curious employee in the building. They got the WiFi password first, so people started asking them when the printer broke. Five years later, they are managing the firewall, troubleshooting Microsoft 365, and trying to figure out HIPAA compliance in their spare time. The business gets cheap IT support. The employee gets burned out and starts looking for a job that does not involve resetting passwords at 9 PM.
At a glance: Most small businesses (10 to 50 employees) have an “accidental IT person”, a non-IT employee who became the default technology resource over time. The hidden cost shows up in three places: the strain on that employee, the strategic decisions made without proper guidance, and the security gaps nobody is watching. Untrained people making confident IT decisions are often a higher cybersecurity risk than untrained people who are openly overwhelmed, because false confidence resists outside review. This is not a problem you solve by replacing the employee. It is a problem you solve by moving IT decisions to a provider qualified to make them, with the internal person remaining as the point of contact. Full managed IT services is usually the right answer for this pattern. Co-managed only fits when the internal person has actual technical training and current cybersecurity expertise. The right time to fix this is before the employee leaves, not after.
You probably know exactly who this is in your business. The person who handled the new laptop setup for the last three hires. The one who knows the password to the accounting software. The one everyone messages on Teams when the projector is not working. If your business is between 10 and 50 employees, there is a strong chance you have this person. They are usually excellent at their actual job. That is exactly the problem.
How Do You Know You Have an Accidental IT Person?
The pattern is hiding in plain sight once you know what to look for. Check whether any of the following sound like your business.
| Signal | What It Looks Like in Practice |
|---|---|
| One person knows all the passwords | Admin credentials, vendor logins, network configuration all live with one employee who never officially signed up to own them |
| IT work happens after hours | Software updates, troubleshooting, new employee setup all happen on evenings or weekends because there is no time during the workday |
| The “IT person” has another full-time job | They are the controller, office manager, or operations lead. IT is the second job they never asked for |
| Technology decisions get deferred | Hardware replacements, security upgrades, software migrations sit on a list because nobody has time to research them |
| The same problems keep recurring | Recurring printer issues, recurring login problems, recurring slow days. Nobody has the time to actually solve them at the root |
| The “IT person” is talking about leaving | Quiet job searching, increased frustration, comments about being pulled in too many directions |
| Compliance documentation does not exist | HIPAA risk assessments, security policies, backup verification. These are supposed to exist but nobody owns them |
If two or more of these describe your business, you have an accidental IT person. The question is whether you address it now, while they are still with you, or later, after they have left and taken every password and vendor relationship with them.
What Is the Real Cost of the Accidental IT Person Model?
The cost is rarely measured because it does not show up on an invoice. It shows up in three places: the employee, the business decisions, and the security posture.
The employee cost is the most visible. Someone who was hired to do operations, accounting, or office management is now spending 15 to 30% of their week on IT work they have no formal training for. They are problem-solving alone, often outside business hours, often under pressure. The work is invisible to leadership because it does not produce a tangible deliverable. Over time, this is one of the most common reasons high-performing employees in small businesses quit. They leave for a role where they get to focus on the work they were actually hired to do.
The business decision cost is harder to see but more expensive. When the person making IT decisions does not have time to research them or expertise to evaluate them, the decisions get made under pressure with incomplete information. A firewall gets purchased because a vendor cold-called at the right moment. A backup solution gets selected because it was the cheapest option that came up in a Google search. A software platform gets chosen because the salesperson was persistent. None of these decisions are bad in isolation. Together, they produce a technology environment that nobody designed and nobody fully understands.
The security cost is the one that becomes existential when something goes wrong. A 2025 Verizon Data Breach Investigations Report found that small and medium-sized businesses experience ransomware data breaches at more than double the rate of large enterprises, 88% versus 39%. The reason is rarely technical sophistication. It is that smaller businesses do not have anyone whose actual job is to watch their network, and the accidental IT person cannot do that job on top of their real one. By the time a problem surfaces, the attacker has been in the network for an average of nine months, according to IBM’s 2025 Cost of a Data Breach Report.
Why Does This Pattern Keep Happening?
This is a structural problem, not a personal one. Three forces push businesses into the accidental IT person model.
The first is cost perception. Hiring a dedicated IT employee feels expensive. The average fully loaded cost runs $130,000 to $150,000 per year, and the work does not always look like a full-time job at smaller sizes. So businesses do not hire. They distribute the work to whoever is willing to absorb it.
The second is availability. The person who knows the most about technology is usually the most willing to help. They get a reputation for being good with computers, and the requests start coming. Saying no requires constant social friction with coworkers who genuinely need help. Most people stop saying no and absorb the role by default.
The third is invisibility. Because IT work does not produce a discrete deliverable, leadership rarely sees how much of it is happening. The office manager who spent four hours on Tuesday troubleshooting a printer and three hours on Wednesday updating a server has no manager noticing that those hours came out of their actual job. The work is invisible until the person doing it quits.
What Does the Right Answer Look Like?
The right answer almost always involves giving the IT work to someone whose actual job is to do it. There are two clean ways to get there.
The first, and usually the better fit, is full managed IT services. The accidental IT person stops being responsible for IT and becomes the single point of contact between the business and the provider. They get to return to the job they were hired for, whether that is operations, accounting, or office management. The provider absorbs everything: helpdesk, monitoring, security, vendor management, compliance, strategic planning. The internal person still has institutional knowledge of the business and the people, which is genuinely useful, but they do not need to be the one fixing the printer or managing the firewall. They just need to be the person who picks up the phone and connects the right conversation.
The second option is co-managed IT, but this fits a much narrower set of situations than most people assume. The decision is not whether the internal person wants to keep doing IT. The decision is whether they are qualified to keep doing IT. Those are different questions, and conflating them is a common cybersecurity risk.
An untrained person who enjoys being the IT person but lacks formal training is often more exposed than one who is openly overwhelmed. They tend to be confident in decisions that should be reviewed by someone with security expertise. They configure firewalls based on what they read online. They set up cloud services without understanding identity and access management. They install software without checking dependencies or vendor reputation. They believe their security posture is fine because nothing has gone wrong yet. The false confidence is the risk. An accidental IT person who is honest about the limits of their expertise is usually safer than one who has convinced themselves they have it covered.
Co-managed IT only fits when the internal person has actual technical training, current certifications, and genuine cybersecurity expertise. If they are a credentialed IT professional working part-time on IT alongside other duties, co-managed lets them keep that work while getting backup for what they cannot cover alone. For everyone else, including most office managers, controllers, and operations leads who got handed the IT role by default, the safer answer is to move the strategic and security decisions to a provider whose job is to make them. The internal person remains the helpful point of contact. The technical judgment lives with someone qualified to exercise it.
The honest reading is this: full managed services usually makes more sense for the accidental IT person pattern, regardless of how much the internal person wants to stay involved. The cybersecurity exposure of an untrained person making security decisions is the most expensive part of this whole problem, and it is the part most businesses do not see until something goes wrong.
Either way, the institutional knowledge stays in the building. The relationships stay in place. The provider absorbs the work that should not have been absorbed by an untrained person in the first place.
How Should You Think About Making the Change?
There are three signals that the change should happen now rather than next year.
The first is when the accidental IT person starts talking about being overwhelmed. By the time someone says this out loud in a small business, they have usually been feeling it for six months. The conversation is a warning, not an opening complaint.
The second is when a security incident, audit failure, or compliance scare puts the business in a position where IT decisions cannot wait anymore. These moments tend to be expensive. Addressing the underlying staffing problem before the incident is meaningfully cheaper than addressing it after.
The third is when the business grows past 20 employees. This is the rough threshold where the accidental IT person model stops being a stretch and starts being a structural risk. The technology footprint at that size is too large for someone to manage on the side. The security exposure is too real to leave to part-time attention.
Most businesses delay the change too long because there is never a convenient moment. The IT person is too busy to switch models. The leadership team is focused on growth. The budget conversation gets pushed to next quarter. The result is that the change happens after a crisis rather than before one.
How Does Facet Approach This?
When Facet engages with businesses that have an accidental IT person, the first conversation is usually with that person. They have done a remarkable job under conditions they should never have been asked to manage. The right model depends less on what they want to do and more on what they are qualified to do.
For most businesses in this pattern, our full managed IT services are the better fit. The accidental IT person stops being responsible for IT and becomes the point of contact between the business and our team. We absorb the technology work, document the environment thoroughly, and free up that employee to return to the job they were originally hired for. The strategic and security decisions move to our team, where they belong. The internal person remains a valuable connection to the business without carrying decisions they were never trained to make.
For businesses where the internal person genuinely is a credentialed IT employee with technical training, our co-managed IT model provides specialized depth alongside their existing role. This fits a different and much narrower set of situations than the accidental IT person pattern, and we are honest with prospects about which side of the line their business falls on.
The honest conversation is about what model fits the business now and what makes the work sustainable for the people involved. For the broader framework on evaluating IT providers, see our 7 questions to ask before signing and What an IT partnership looks like blog.
Frequently Asked Questions
Should I replace the accidental IT person with a managed service provider?
Usually not in the sense of letting them go. They have institutional knowledge and relationships that are useful to keep. But the IT work itself usually should move to an external provider. The accidental IT person stays in their actual role (operations, accounting, office management) and becomes the point of contact for the IT provider, rather than the person responsible for IT.
Can a non-IT employee safely handle IT for a small business?
For very simple environments and very small businesses, sometimes. For most growing businesses with compliance obligations, remote workers, or any meaningful security exposure, the honest answer is no. The risk is not whether they can keep the printers working. The risk is whether they are equipped to make confident decisions on firewalls, identity management, backup architecture, and incident response. Most accidental IT people are not, and the absence of obvious problems is not the same as the presence of real security.
When is the right time to move IT work to a managed services provider?
Three signals: when the accidental IT person starts talking about being overwhelmed, when a security or compliance scare forces the issue, or when the business grows past 20 employees. The right time is usually before any of these reach a crisis point, but the change is still possible and often necessary even after one of them does.
What is co-managed IT, and when does it fit?
Co-managed IT is a service model where an external managed services provider works alongside an existing internal IT employee. It fits a narrow set of situations: when the internal person has actual technical training and current cybersecurity expertise. For the accidental IT person pattern, where the internal person is not formally trained in IT, full managed services is usually the safer and more effective answer.
What happens to the accidental IT person after the change?
In the typical scenario, they return to spending their full time on the job they were actually hired for. They stay in the building, they keep their institutional knowledge of the business, and they become the point of contact between the business and the IT provider. They are no longer the person responsible for IT decisions. The strain comes off, and the employee retention risk goes down meaningfully.
Ready to Talk About Your Current Setup?
If you recognize the accidental IT person pattern in your business, the right time to address it is before the person leaves or before something breaks. We can walk through what the right model looks like for your specific situation, with the goal of moving the IT work to a team whose actual job is to handle it.
(309) 689-3900 | Schedule a conversation | info@facettech.com
For broader background, see our Is a managed IT provider worth the cost? blog and our 7 questions to ask before signing guide.
Facet Technologies has provided IT services to Central Illinois businesses for over 30 years. Based in Peoria, we serve healthcare, manufacturing, agriculture, professional services, and government organizations across the region.
Ellie Shaw is the Director of Marketing at Facet and the author of Cyber Treats, Facet's biweekly newsletter featuring topics like IT news, cybersecurity updates, compliance advice, and anything tech. She has been a member of the Facet team full-time since 2016 and enjoys finding new ways to share resources and information about cybersecurity with others.