You’re hoping for a neat number. Something like “£47.50 per month and all your problems disappear.” Unfortunately, cyber security doesn’t work like a Netflix subscription. It’s more like insurance mixed with common sense and a bit of ongoing discipline. Still, let’s put real, UK-relevant numbers on it so you’re not guessing in the dark. The Reality: What Most Small UK Businesses Actually Spend Typical annual spend per employee (UK SME range) Low/basic protection: £50–£150 per user/year Moderate (recommended): £150–£400 per user/year Advanced (regulated industries): £400–£1,000+ per user/year Rule of thumb Most UK SMEs spend: 3% to 10% of their IT budget on cyber security If you’re spending zero, you’re not saving money. You’re just delaying a more expensive problem. What You’re Actually Paying For (Breakdown) 1. Endpoint Security (Antivirus / EDR) Protects laptops, desktops, and servers Detects malware and suspicious activity Typical cost:£20–£80 per device/year 2. Email Security & Phishing Protection Filters malicious emails Blocks spoofed domains Typical cost:£1–£4 per user/month Guidance:https://www.ncsc.gov.uk/guidance/phishing 3. Multi-Factor Authentication (MFA) Often included in Microsoft 365 / Google Workspace Adds a second login step Typical cost:Free – £5 per user/month Guidance:https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services 4. Data Backup & Recovery Protects against ransomware and data loss Enables fast recovery Typical cost:£5–£25 per user/month 5. Staff Training & Awareness Phishing simulations Basic cyber awareness Typical cost:£10–£50 per user/year Expert reality: This is one of the cheapest and most effective controls, yet consistently ignored. Humans are impressive like that. 6. Cyber Essentials Certification (UK Standard) Government-backed baseline security scheme Builds credibility with clients From the National Cyber Security Centre:https://www.ncsc.gov.uk/cyberessentials/overview Typical cost:£300–£500 per year (basic level) 7. IT Support / Managed Security (Optional but Common) Monitoring systems Responding to threats Managing updates Typical cost:£30–£100 per user/month Example: What a Real Small UK Business Might Pay Scenario: 10 employees CategoryMonthly CostAnnual CostEndpoint security£40£480Email security£30£360Backup£100£1,200MFAIncluded£0Training—£300Cyber Essentials—£400Total~£170/month~£2,740/year That’s roughly: £274 per employee per year Or about the cost of one minor IT disaster you didn’t see coming Why “Cheap” Cyber Security Backfires False economy in action Cutting corners usually means: No backups Weak passwords No staff training Which leads to: Ransomware Fraud Downtime Expert insight “Most cyber attacks exploit basic weaknesses rather than sophisticated vulnerabilities.”— National Cyber Security Centre So attackers aren’t hacking like in films. They’re logging in because someone reused a password. Hidden Costs Most Businesses Forget If something goes wrong: Downtime: lost revenue Recovery costs: IT support, forensic work Fines: via the Information Commissioner’s Officehttps://ico.org.uk/ Reputation damage: clients quietly leaving The average breach cost for SMEs can run into thousands to tens of thousands of pounds. Suddenly that £200/month doesn’t look so offensive. So What Should You Budget? Simple guidance Micro business (1–5 staff): £500–£2,000/year Small business (5–20 staff): £2,000–£8,000/year Growing SME (20+ staff): £8,000–£25,000+/year If you want one clean answer Aim for: £150–£300 per employee per year as a solid baseline That gets you: Protection Recovery capability Basic compliance Not perfection, but enough to stop being the easiest target. Final Thought Cyber security isn’t about spending the most. It’s about spending just enough to avoid being obviously vulnerable. Right now, attackers are scanning thousands of businesses like yours looking for: Weak passwords No backups No MFA If your setup says “minimal effort applied,” you’re on the shortlist. Spend sensibly, cover the basics properly, and you quietly remove yourself from most attackers’ to-do list. Not glamorous, but extremely effective. We have created Professional High Quality Downloadable PDF’s at great prices specifically for Small and Medium UK Businesses. Which include various helpful documents and real world scenarios your business might experience, showing what to do and how to protect your business. Find them here. Post navigation The Simplest Way to Secure Your UK Office Wi-Fi and Network (Without Turning It Into a Science Project) Why Your Small UK Business Is a Cyber Criminal’s Favourite Target (Yes, Really)