Cut 18 percent.
Lose nothing that matters.
How a 95-person Calgary directional service company reduced operating IT cost by 18% during the early 2026 downcycle without cutting a single baseline control - and was ready to scale back up when the cycle turned.
FOR: Operators · 75–150 people · downcycle cost compression
Quick answer
A 95-person Calgary directional service operator entered the early 2026 downcycle needing to cut operating IT cost by roughly 18% - without cutting a single baseline control (EDR, MFA, backup, patching, NOC monitoring). Vencer ran the consolidation: license tier right-sizing, vendor consolidation, deferred-not-cancelled project work, ready to scale back up when the cycle turned. Eight months later they did.
A directional service company looking at the wrong side of the cycle.
95 people. Predominantly Montney and Duvernay work. A second-generation Calgary directional drilling company that had been through 2014 and 2020 and recognized the early signals of a third downcycle when WTI dropped through $65 in late 2025 and looked like it was going lower.
The owner of the company - we will call him Tom, though he could have been any of the second-generation owners we have worked with through this exact moment - called us in October 2025. He had just spent the weekend reviewing his Q4 outlook with his CFO. The numbers were not catastrophic. They were just clearly trending the wrong way. Utilization had dropped 14% over six weeks. Two scheduled jobs had been deferred to Q1. Three operator clients were quietly slowing payment. Tom had seen this movie before. He knew what came next.
His question to us was the question every experienced service-company owner asks at this point in the cycle: “I need to take 15% to 20% out of my operating cost over the next ninety days. Where in IT can I cut without breaking what I will need when this turns back?”
The hardest part of the conversation was naming what should not be cut. Tom had been through 2014 with this company, and 2020. He remembered both downcycles clearly. He also remembered the operators he had watched cut too deep in 2020 - specifically on cyber and on backup - and then spend the upcycle rebuilding what they had destroyed, while their better-disciplined competitors had taken their market share. Tom was determined not to make that mistake again. He just was not sure where the right cuts were.
The company’s operational reality was Mixed: Microsoft 365 in the office, WolfePak for accounting, a file server in Calgary with engineering and customer data, field tablets for the crews, two cellular carriers, and a small server room handling specialized scheduling and dispatch software. All of it was running. None of it was the problem. The problem was what they were paying for it.
Cut 15 to 20 percent. Preserve what runs the business. Do not lose the recovery.
Working with Tom and the CFO, we identified the constraint structure for the cuts. Some categories were available to cut without long-term consequence. Some were not. The discipline of the exercise was knowing the difference:
- Cuttable without long-term consequence: SaaS subscriptions with low utilization. License tier mismatches. Vendor contracts with renewals coming up that had leverage available. Discretionary projects that could be deferred. Office systems that were sized for the boom-era headcount and could be right-sized for the new operational footprint.
- Cuttable with caution: Some training and certification budgets. Some equipment refresh cycles. Some non-critical tooling. These could be deferred, but deferring them too long would create catch-up cost later.
- Not cuttable: Cyber baseline. Backup integrity. Identity and offboarding hygiene. Monitoring coverage. These costs would not change much through the downcycle, but their value relative to revenue would actually go up - because the cost of an incident becomes proportionally more painful at lower revenue. Cutting these during a downcycle is one of the most expensive mistakes in operational IT. Tom had watched it happen to others in 2020.
The other constraint was that the company also needed to be ready to scale back up when the cycle turned. The cuts had to be reversible. A cut that saved $40K in 2026 but cost $200K to undo in 2027 was not actually a saving - it was just deferred spending plus penalty. The work was as much about how to cut as it was about what to cut.
The Canadian Centre for Cyber Security’s 2025–2027 outlook is explicit that ransomware threat actors do not check oil prices. The 935% surge in oil and gas ransomware attacks between April 2024 and April 2025 (Zscaler) included a meaningful share aimed at operators in active downcycle posture - because the attackers know that companies under cost pressure tend to have weakened their baseline controls. The cost of a $638K CAD recovery (Sophos 2025 average) at $47 WTI is dramatically more painful than the same cost at $103 WTI.
Service companies that cut from the right places during a downcycle typically emerge with 15% to 20% lower operating cost and the same or better operational posture than they went in with. Service companies that cut from the wrong places typically save 20% to 25% in the short term and then spend 18 to 36 months in the recovery rebuilding what they destroyed - while their competitors with better discipline take their market share. Chapter 11 of The Operating System covers this dynamic in detail.
A Co-Managed engagement, with cost discipline as the primary deliverable.
Vencer was already the Co-Managed partner for the company, so the engagement structure did not change. What changed was the priority of the work. Cost discipline moved to the top of the quarterly review agenda. We restructured the next six months of operational work around three sequential phases.
Phase 1 - the quick wins (months 1 and 2).
The fastest savings came from the categories that did not require operational disruption to cut:
- SaaS audit and consolidation. We ran the same exercise we run for every Co-Managed client - pulled twelve months of subscription costs, identified low-utilization tools, and walked the list with department heads. Result: 11 subscriptions cancelled, 4 consolidated to single accounts, 3 downgraded. Annualized saving: roughly $63K CAD.
- License tier rationalization. The Microsoft 365 licensing was reviewed against actual role-based needs. The field crews moved to the lower tier. Several office staff who had been on the highest tier for no functional reason moved down. Annualized saving: roughly $22K CAD.
- Cellular and connectivity renegotiation. Renewal was three months out. We engaged early, used the renewal window as negotiating leverage, and restructured the plans to match actual usage. Annualized saving: roughly $19K CAD.
- Deferred discretionary projects. Three projects that had been scheduled for Q1 2026 were deferred to Q4 2026 or later. None of them were operationally critical. The deferral was not the same as cancellation - we documented what the projects would deliver when undertaken, so they could be picked up cleanly when conditions improved.
Total annualized saving from Phase 1: roughly $124K CAD, achieved within sixty days, with zero operational impact.
Phase 2 - the structural cuts (months 2 through 4).
The Phase 2 work was harder because it required actual changes to how the operation was structured - not just trimming subscriptions:
- Office systems right-sized for the new headcount. The company had quietly grown from 75 to 95 people during the upcycle. The office infrastructure had been sized for 110 to handle further growth. When the headcount went the other direction, the over-sizing became cost without benefit. We right-sized network bandwidth, file storage capacity, and meeting room AV systems to the new operational footprint. Annualized saving: roughly $38K CAD.
- Vendor consolidation across overlapping providers. The company had been using three different IT-adjacent vendors for things that could be handled by one. Consolidating reduced the management overhead and gave us leverage on volume pricing. Annualized saving: roughly $47K CAD.
- Equipment refresh cycle deferred selectively. Some hardware that had been scheduled for refresh in 2026 was deferred to 2027, with the understanding that we would monitor it actively for signs of failure. Equipment that was approaching real end-of-life on critical systems was refreshed on schedule. The discipline was not “defer everything” - it was “defer where deferral was safe.”
Total annualized saving from Phase 2: roughly $85K CAD, achieved by month four, with disciplined trade-offs documented for review.
Phase 3 - what we did not cut (continuous).
The most important work in Phase 3 was documenting what was being preserved and why. The cyber baseline. The backup integrity. The 24/7 monitoring coverage. The identity and offboarding discipline. The patching cadence. None of these were cut. Some of them were actually strengthened - because the threat environment in 2026 was getting worse, not better, regardless of what WTI was doing.
Tom and the CFO needed to be able to explain to the board, in writing, why these costs were being preserved while others were being cut. We produced a one-page document that walked through each preserved category, explained the cost of failure, and named the operators we had personally seen in 2020 who had made the wrong cut and paid for it through the recovery. The board approved the cost preservation without a vote.
Operating IT cost down 18%. Baseline controls untouched. Reversibility built in.
Before and after.
The moment it mattered.
The moment that mattered was not the savings number. It was a Friday in February 2026, when one of the company’s competitors - a directional service company of roughly similar size, also in Calgary - was hit with a ransomware incident that took them down for nine business days. That competitor had cut their 24/7 monitoring during their own downcycle cost reduction six months earlier. The attack landed on a Saturday night. By Monday morning, the data was encrypted, the backups had been compromised too, and the recovery cost was already past $400K and rising.
Tom called us that Friday afternoon. He had heard about the competitor’s situation through the local industry channels. He wanted to know whether the company’s own monitoring would have caught the same kind of attack. We walked him through the specific controls and the response posture. He thanked us and ended the call. The CFO sent us a note the following Monday: “Tom said the conversation Friday was the most reassuring twenty minutes he has had since the cycle turned.”
The competitor recovered eventually. They lost three large customer accounts in the process. The market share is now showing up in Tom’s pipeline.
The cycle-aware discipline covered in Chapter 11 of The Operating System - preserving cyber baseline, backup integrity, identity hygiene, and monitoring coverage through a downcycle, while flexing nearly everything else - is the difference between coming out of the downcycle stronger or weaker than going in. Service companies that follow this discipline consistently take market share from competitors that do not.
The Co-Managed engagement model is structurally well-suited to downcycle discipline. The internal IT generalist keeps the institutional knowledge and the field-crew relationships. Vencer brings the cycle-aware perspective, the cost-cutting playbook, and the 24/7 coverage that becomes more valuable as the threat environment worsens regardless of where WTI sits. For Canadian service companies that intend to be on the right side of the next consolidation, the work to maintain operational discipline through the downcycle is one of the highest-leverage uses of management attention available.
Does this story sound familiar?
The pattern in this case study has played out across dozens of Canadian oil and gas companies in the 10 to 100 person range. If you recognize parts of it in your own operation - or you suspect you might - the next step is a structured conversation with a Vencer engineer.
The IT-and-the-Cycle Assessment is a 3 to 5 day structured review of your specific operational situation. We pressure-test where your IT stands today, where it needs to be for what you intend to become, and what one bad day looks like at current state. You leave with a written report, a 90-day plan, and named owners. No hype. No vendor pitch. Just the truth about where you are and what to do next.
For a faster diagnostic, three free tools at vencergroup.com cover the same territory in less time: the Hidden IT Cost Calculator (12 minutes, quantifies your IT cost burden across three price-cycle scenarios), the Cyber Risk Self-Score (5 minutes, scores your cyber baseline against 12 critical controls), and the IT Myth-Buster sheet (the seven objections you’ll hear from inside your own company and how to think about them).
Vencer operates from Calgary headquarters with delivery teams across four continents. For Canadian-headquartered operators with international exposure - whether that means US basin extension, international service contracts, cross-border M&A, or international counterparties with their own cyber and audit requirements - the cross-border operational capability is built in, not bolted on.
Calgary, AB T2P 3J4
insights@vencergroup.com
One operator's outcome. Your situation has different variables. These numbers are real; the applicability to your operation requires conversation. The 30-min review is where that starts.
→ Book the 30-min review