Managed Security Services: CISO Does Not Bear Sole Liability
Benedikt Langer
8 min. read In many organisations, the CISO is seen as the person who stands accountable for security. ...
Read Article
8 min read · As of 23.04.2026
On 22 April 2026, Cognizant CEO Ravi Kumar S described the shift from time-based to outcome-based IT services models as inevitable in a Fortune article. The market argument is compelling: combined with operational functions, this creates an addressable market of more than 6,000 billion US dollars. For DACH board members, this is more than an industry headline. Cognizant, Infosys, Accenture and several competitors are already restructuring their contract models, forcing supervisory boards to take a position of their own. Anyone renewing framework agreements in the next nine to twelve months should understand the mechanics.
Key Takeaways
- News anchor: Fortune article dated 22 April 2026 featuring Cognizant CEO Ravi Kumar S, market argument of 6,000 billion USD including operational functions.
- Structural shift: Transition from time-based to outcome-based IT services contracts, driven by agentic AI as the productive work layer.
- Board-level consequence: New SLA types, profit-sharing models and exit clauses must be addressed in supervisory board discussions.
- DACH ripple effect: T-Systems, Atos, Bechtle, Adesso and mid-sized IT service providers will roll out their own packages in the coming quarters.
- Time window: Board members who have not taken a position by mid-2026 will lose negotiating leverage to providers driving the discussion.
What the market argument means at C-level
What is an outcome-based IT services model? Outcome-based IT services models tie a provider’s compensation to measurable business results rather than hours worked. Provider and customer define KPIs for efficiency, availability or conversion and agree on a compensation scale tied to achieving those KPIs. The provider thus shares in the economic risk and benefits from the impact delivered. Prerequisites are clear data, defined audit mechanisms and a shared understanding of the measurement basis.
Cognizant argues in the Fortune article that this shift is impossible without agentic AI. To make business-process impact measurable, you need a productive work layer of agents that can orchestrate processes end-to-end. Traditional consulting providers do not have this layer in-house. Providers that have increased platform investments over the past 24 months now hold a favorable negotiating position. Those who missed this window will still be offering time-based contracts in 2026 and lose market share.
For supervisory boards, the logic is straightforward. Three questions arise from this shift: Which of our current IT providers have outcome models in the pipeline? Which of our business processes are suitable for outcome contracts? What internal prerequisites are missing to execute outcome contracts cleanly? These three questions can be resolved in a single supervisory board meeting, with preparation by the CIO and CFO. Failing to ask them means letting the market shift pass you by.
6,000 bn USD
Addressable market from IT services and operational corporate functions, Cognizant CEO Ravi Kumar S argument
Source: Fortune article, 22 April 2026
Three Contract Components Boards Must Understand by 2026
Outcome-based models introduce contract types that don’t exist in traditional IT agreements. Three elements should feature in every supervisory board briefing for contract negotiations over the next 12 months.
The first element is the KPI appendix. An outcome contract stands or falls on the measurement basis. Classic examples include processing time per insurance claim, time-to-resolution per service ticket, conversion in a sales funnel, or uptime of a critical platform. The KPI must be measurable, controllable by the provider, and verifiable by the customer. Fuzzy definitions here create dispute material for the entire contract life.
The second element is the compensation model. Outcome contracts typically use three components: a base fee covering operations, a variable component tied to KPI achievement, and a bonus for exceeding targets. The split between these three is negotiable. Aggressive outcome models push the base fee lower but demand higher variable shares. Conservative models keep a strong base and use the variable only as an incentive lever.
The third element is the exit clause. Outcome contracts are harder to terminate than time-and-materials deals. Anyone exiting early must clarify how ongoing processes are handed over, what happens to accumulated data and models, and which notice periods apply. A weak exit clause can make the contract practically irrevocable, weakening negotiating power in the next round. The managed-services debate has examined the same angle from a different perspective.
What Boards Should Take Away for 2026
- Outcome contracts belong on the next supervisory board agenda
- KPI appendices need compliance and data-protection oversight
- Exit clauses are the single most important negotiating position
- Internal platform maturity determines contract readiness
Watch-Out Risks
- KPI-definition disputes spanning the entire contract term
- Weak platform maturity blocking outcome-based execution
- Exit complexity when terminating early
- Data-protection and IP issues during deep provider interventions
What the DACH Ripple Effect Is Likely to Produce
DACH IT-service providers will show their cards in the next two quarters. T-Systems has announced outcome bundles for the mid-market, while Atos and Bechtle are extending platforms for the next contract generation. Mid-tier players such as Adesso, MaibornWolff, and Cocomore are experimenting with outcome modules—especially in platform and data-product settings. Boards that already have a clear map of their provider landscape can steer the movement proactively.
Three provider tiers deserve special attention. First, global players like Cognizant, Infosys, Accenture, and Wipro, who are pushing into the DACH market in 2026 with platform investments. Second, established DACH incumbents such as T-Systems and Atos, who must defend their turf with outcome extensions. Third, mid-tier specialists offering focused outcome propositions in niche areas and often moving faster than the giants.
For boards, the priority logic is clear. If you work with global providers, demand to see their outcome pipeline. If you work with DACH incumbents, actively request their outcome packages and benchmark them against global options. If you work with mid-tier firms, leverage their specialization and award outcome pilot projects in focused use cases. A blend of all three tiers is often smarter in 2026 than betting everything on a single vendor.
A 12-Month Plan for Supervisory Board Preparation
If you want to embrace the shift in a structured way, you don’t need a strategy off-site—you need a clear quarterly rhythm. The following four phases will give you a solid foundation to take a position by spring 2027.
Q2 2026
Baseline assessment. Which IT service contracts expire when? Which providers include outcome packages in their portfolio? Which of your business processes are outcome-ready? Prepare supervisory board briefing.
Q3 2026
KPI and contract workshop with three top providers. Identify potential outcome pilots, explore draft contracts, involve legal early.
Q4 2026
Negotiate and finalize pilot contract. Clear KPIs, defined escalation paths, documented incentive tiers. Keep internal communication open.
Q1 2027
First experience review. Convert lessons learned into standard contract templates. Roll-out plan for the next quarters, including concrete follow-up contracts.
What Should End Up on the CEO’s Desk
Three decisions are worth putting on the next board agenda. First, a clear stance on the outcome question. Are you ready to pilot outcome contracts with selected providers, or do you consciously stick with traditional time-and-materials and fixed-price models? A deliberate choice in either direction beats opportunistically cherry-picking outcome components without a clear strategy.
Second, a platform inventory. Outcome contracts require internal platform layers that deliver the necessary data sovereignty and auditability. If you haven’t honestly assessed your platforms’ maturity, you’re negotiating blind. A quick internal maturity check with three to five indicators is enough for the supervisory board submission.
Third, clarify accountability. Outcome contract management doesn’t belong in the classic procurement routine. It needs an integrated role combining procurement, IT architecture, and compliance—with mandates from all three domains. Failing to assign this role clearly creates friction at every contract boundary. The CIO wave of recent months shows that hybrid profiles with business and tech accountability are the right answer for such integration challenges in 2026.
One final observation belongs in the strategic discussion. Outcome models subtly shift the power balance between provider and customer. Managing outcome contracts rigorously gives you strategic leverage over providers whose revenue depends on KPI success. Sloppy management, however, cedes negotiation room as providers control KPI definitions through interpretive leeway. This asymmetry is the decisive negotiation question in 2026. CEOs who grasp this won’t just secure better impact—they’ll secure a stronger negotiating position for the next contract cycle.
Frequently Asked Questions
Which industries are particularly well-suited for outcome-based contracts in 2026?
Insurance, banking, energy providers, and retail have processes with strong KPI profiles and established data maturity. Manufacturing and mechanical engineering are selectively suitable, especially in predictive maintenance and quality assurance. Public administration is not yet ready by 2026.
What percentage of variable compensation should be included in an outcome-based contract?
Conservative models use 10 to 20 percent variable components, while aggressive models go up to 40 percent. For mid-sized companies, 15 to 25 percent is a solid starting point for initial pilot contracts.
Which KPIs are particularly prone to disputes?
Subjective KPIs such as customer satisfaction, code-review quality, or innovation levels are more contentious. These should only be included in outcome contracts with clearly defined measurement methods. Objective KPIs like processing time, availability, or conversion rates are more robust.
How long should outcome-based pilot contracts run?
Six to twelve months for the pilot phase, with an option to extend for another twelve months. Longer initial contracts are not recommended during the pilot phase, as lessons learned must be incorporated into subsequent agreements.
How do global providers respond to DACH-specific requirements?
Cognizant, Accenture, and Infosys have dedicated DACH teams with growing contract expertise. Data protection, the EU AI Act, and co-determination structures have been integrated more deeply into contracts over the past 18 months. While willingness to negotiate exists, the depth of detail should be reviewed on a case-by-case basis.
What role does the CFO play in outcome-based contract negotiations?
A central one. Outcome contracts shift cash-flow profiles from predictable to variable. Forecasts become less precise, and quarterly expectations more volatile. CFOs and controlling teams should actively shape contract mechanics rather than being confronted with them only at the first reporting stage.
Editor’s Reading List
Managed Services in the C-Level Context 2026: Build, Buy or Manage
CIO Wave April 2026: Hybrid Tech Profiles in Corporate Mandates
More from the MBF Media Network
MyBusinessFuture: Fortune Report 22 April and IT-Services Outcome Models
Source of cover image: Pexels / Pavel Danilyuk (px:8112180)