What does software maintenance actually include (and cost)?
Hosting, patches, backups, small fixes — what a maintenance retainer covers, what it costs in Australia, and the risks of skipping it.
Software is the only business asset people expect to maintain itself. Nobody buys a ute and skips servicing, but plenty of businesses commission a $30,000 system, decline the maintenance plan, and are surprised two years later when it stops working “for no reason.”
Here’s what maintenance actually involves, what it costs in Australia in 2026, and — because we sell maintenance retainers, judge the bias accordingly — an honest section on when you can safely skip it.
Why working software stops working
The code you paid for doesn’t rust. Everything around it moves:
- Dependencies age. Modern software is built on libraries and frameworks that ship security fixes constantly. Skip updates for two years and you’re running known vulnerabilities — and the eventual catch-up upgrade costs more than the updates would have.
- The platforms move. Browsers, iOS and Android, server operating systems, PHP/Node/Python versions — each annual cycle eventually breaks something that worked.
- The APIs you depend on change. Xero, Stripe, Google — they deprecate old API versions on their schedule, with notice that only helps if someone is reading it. The day the old version dies, your integration dies with it. This is the most common “it just stopped” we get called about.
- Certificates and credentials expire. TLS certificates, API keys, domain renewals. Mostly automated these days — until the automation itself fails silently.
- Your data grows. The query that was instant at 10,000 records crawls at a million. Performance decay is gradual, then suddenly a complaint.
None of this is the developer’s defect. It’s weather, and maintenance is the roof.
What a maintenance retainer actually covers
A proper small-business retainer bundles four layers:
1. Keeping the lights on (hosting & monitoring). Server management, uptime monitoring that pages a human before you notice, automated backups — and crucially, periodic test-restores, because an unverified backup is a hope, not a backup.
2. Keeping it safe (updates & security). Dependency and framework patches on a schedule, server OS updates, certificate renewals, and watching the deprecation notices for every third-party API you integrate with.
3. Keeping it working (fixes & small changes). The bug that only appears on the last day of the month; the report column someone needs added; the new staff member who needs an account type that didn’t exist. Most retainers include a small monthly allowance of this work — it’s where the visible value lives.
4. Keeping it known (the relationship). Someone who already understands your system, your data, and your weird edge cases. Without a retainer, every future fix starts with a stranger billing hours to re-learn what the last developer knew. This is the quiet half of what you’re paying for.
What a retainer is not: new feature development. “Add a customer portal” is a project; “the invoice email stopped sending” is maintenance. Good agreements draw that line in writing so neither side feels gamed.
What it costs in Australia (2026)
Two ways the market prices it:
Rule of thumb: 10–25% of build cost per year. A $10,000 tool runs $1,000–$2,000/year to maintain properly; mobile apps sit at the high end (15–25%) because the app-store treadmill forces work even when nothing changed — see our build cost guide for the upstream numbers.
Typical retainer bands:
| System | Monthly retainer (AUD, ex GST) | Usually includes |
|---|---|---|
| Small tool / automation | $100 – $400 | Hosting, monitoring, updates, ~1–2 hrs of fixes |
| Internal system (portal, dashboard) | $300 – $1,000 | The above + priority response, ~2–5 hrs |
| Customer-facing product | $800 – $2,500+ | The above + SLA, on-call, staging environment |
Hosting itself is often modest — many small systems run on $10–$100/month of infrastructure — so most of the retainer is human attention, which is the part that actually prevents failures.
The alternative everyone considers: pay-as-you-go. No monthly fee; call someone when it breaks. It looks cheaper and sometimes is (see below) — but you’re trading a predictable small cost for unpredictable downtime, emergency rates ($150–$250/hr with a “drop everything” premium), and a developer rediscovering your system from scratch each visit.
When you can honestly skip the retainer
Cards on the table — we decline to sell retainers in these cases:
- Internal tools with no server. A desktop utility that renames files or processes PDFs locally can happily run untouched for years. No server, no public exposure, nothing expiring monthly. If it breaks on a future OS update, fix it then.
- Short-lived tools. Built for a migration, a season, a one-off project? Let it die with dignity.
- Systems with no integrations and tolerant users. A simple internal app, no third-party APIs, used by five forgiving staff — an annual health check ($300–$800 once a year) may genuinely be enough.
The cases where skipping is false economy: anything customer-facing, anything handling money or personal data, anything integrated with Xero/Stripe/Google (deprecation roulette), and anything whose failure stops the business for a day. For those, the question isn’t whether you’ll pay for maintenance — it’s whether you pay $300/month calmly or $5,000 in a crisis, with downtime on top. Australian privacy law raises the stakes for personal data: a breach via an unpatched system can be a notifiable incident, not just a bad week.
Questions to ask any maintenance provider
- “What exactly is included, and what’s billed extra?” The fixes-vs-features line, in writing.
- “What’s the response time when something is down?” And is that a target or a commitment?
- “Where are backups kept and when did you last test a restore?” The second half of that question filters most providers.
- “Do you monitor API deprecations for my integrations?” The person who says “what integrations do you have?” is already ahead of most.
- “If we part ways, what’s the handover?” You want: your code in your repository, credentials documented, infrastructure in accounts you own. (Same ownership questions that matter when choosing who builds it in the first place.)
Frequently asked questions
How much does it cost to maintain custom software in Australia? Plan on 10–25% of the original build cost per year. In retainer terms: small tools $100–$400/month, internal systems $300–$1,000/month, customer-facing products $800–$2,500+/month, ex GST.
Can the original developer be skipped — can anyone maintain it? Any competent developer can maintain well-built software, if you own the code and the documentation exists. The original builder is just faster, because re-learning a system is real billable time. This is why code ownership belongs in your build contract.
Is hosting the same thing as maintenance? No — hosting keeps the server running; maintenance keeps the software alive on it. Plenty of “maintained” systems are actually just hosted, which you discover the day an update is needed.
What happens if we just… don’t? Usually nothing, for a while. Then an API deprecation, certificate expiry or security issue lands all at once, with two years of deferred updates standing between you and the fix. The catch-up project routinely costs more than the retainer would have across the same period.
The boring promise
Our IT support & maintenance retainers exist because we don’t disappear after launch — hosting, updates, security patches, and the small fixes that pile up when nobody’s watching the server. If you’ve got a system limping along unmaintained (ours or anyone’s), tell us about it and we’ll give you a straight assessment of what it needs — including “honestly, just an annual check-up” if that’s the truth.