If you want to succeed at managed services, providing good service at a reasonable price will win the day with many businesses, according to the results of an annual survey by a professional organization of CIOs.

And, of course, keeping their technology up and running will go a long way toward satisfying the customer.

The survey by the Society for Information Management (SIM) of more than 1,200 of its members – released in the fourth quarter of 2016 - found that system availability and uptime, service quality and helping the IT organization rein in costs matter most when a business calls on a third-party firm to provide at least some of its IT services.

About four of every five businesses represented in the survey outsource at least some of their work. And it all comes down to three factors, according to Leon Kappelman, a professor of information systems at the University of North Texas and the lead researcher in the SIM study.

"More than anything, it's about speed and flexibility," Kappelman told ITBestOfBreed. "And being able to get [needed] skills."

Amid a widely believed shortage of IT skills, solution providers could step in and plug the gaps their customers can't plug on their own. That's especially true for those that have expertise in security, cloud, application and software development and maintenance, along with analytics and big data, the four largest IT investment areas, according to the SIM survey.

Those results mirrored what George Pashardis, regional sales vice president for solution provider ePlus Technology, based in Herndon, Va., is seeing. He said security is the top or second priority among businesses in all vertical industries, while the other is big data and analytics.

"A lot of skills are hard to find; cybersecurity, for example," which leads CIOs to reach out to someone who can provide them, Kappelman said.

Security, specifically, ranked as the chief worry among CIOs, one of the largest areas of investment, and the second highest among a list of IT investments that CIOs believe deserves more money. (No. 1 is analytics/big data/business intelligence).

Yet, Kappelman believes IT organizations are not placing enough emphasis on security. He cited data from the study in which a majority of organizations – 54 percent – have chief information security officers or someone with similar responsibility to oversee IT security efforts. Drilling down, he said it was "flat out crazy" that only about 20 percent of the largest organizations – those with more than $5 billion in annual revenue – have CISOs or others with responsibility of overseeing security.

The study revealed that the smaller the business, the less likely it was to have a CISO or equivalent position. Among the smallest of businesses – with up to $50 million in annual revenue – only 11.3 percent indicated they had someone in charge of security.

All this could provide an opening for managed security service providers. In a recent report on CRN.com, security industry venture capitalists said the role of MSSPs will become more important and lead to a rise in managed security services this year.