Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Compliance

How Much Should I Spend on Cyber Security?

Quick Answer

Common guidance says 5-15% of your IT budget. But that's a rough benchmark, not a rule. The right answer depends on what you're protecting, your risk profile, and your compliance requirements.

Quick answer: Common guidance says 5-15% of your IT budget. But that's a rough benchmark, not a rule. The right answer depends on what you're protecting, your risk profile, and your compliance requirements.

The Benchmarks

Industry averages:

  • General businesses: 5-10% of IT budget on security
  • Regulated industries: 10-15% of IT budget
  • Financial services: 15-20%+
Another way to look at it:
  • £10-30 per user per month for small businesses
  • More for high-risk or regulated environments
These are starting points, not targets. Your situation may require more or less.

What Matters More Than Percentages

What are you protecting?

A law firm with client confidential data needs more security than a sandwich shop. What's the value of your data? What's the impact if it's stolen or lost?

What are your compliance requirements?

Regulated industries have mandatory security spending. Defence supply chain, healthcare, financial services—compliance requirements set a floor.

What's your risk profile?

High-value targets need more protection. Who might want to attack you? Nation states? Organised criminals? Opportunistic hackers? Your threat profile affects your needs.

What would a breach cost?

Incident response, business interruption, regulatory fines, reputation damage, customer loss. Spending to prevent a £500k breach is different from preventing a £50k breach.

The Right Question

Instead of "how much should I spend?" ask:

"What security do I actually need?"

Then price that. You might find:

  • The essentials cost less than you feared
  • Or the requirements cost more than you budgeted
  • Either way, you're making an informed decision

Building a Security Budget

Start with the essentials:

  • Endpoint protection (EDR/MDR): £3-10/user/month
  • Email security: £2-5/user/month
  • Backup (including M365): £3-8/user/month
  • Awareness training: £1-3/user/month
  • MFA: Usually free with existing licences
Add based on requirements:
  • Vulnerability scanning: £2-5/device/month
  • SIEM: £5-15/user/month
  • Compliance support: Project and ongoing costs
  • Penetration testing: Annual project cost
  • Incident response retainer: Annual retainer
A typical SME might land at:
  • Basic security: £15-25/user/month
  • Good security: £30-50/user/month
  • Comprehensive security with compliance: £50-80/user/month

The False Economy

Spending too little on security is expensive:

  • Average SME breach cost: £8,500-£25,000 (Cyber Security Breaches Survey)
  • Ransomware average: Much higher
  • Plus business disruption, reputation damage, customer loss
Spending £200/month on security to avoid potential £50,000 losses is good maths.

Our Approach

We build security into managed services rather than pricing it separately. You get:

  • Proper security (not bolt-on basics)
  • Predictable monthly cost
  • No "gotchas" when you need protection
We'll tell you honestly what you need. Not everyone needs everything—but everyone needs the fundamentals.

---

*Disclaimer: Figures shown are indicative benchmarks based on industry research and our experience. Actual security spending requirements vary significantly based on your risk profile, industry, compliance requirements, and threat landscape. This is guidance, not a prescription.*

---

for an assessment.

---

Related Questions