Typical costs
What this stuff actually costs.
Indicative UK pricing as of 2026. Ranges, not promises. Always get a current quote — SaaS prices move, and discounts apply for annual commits, charities, education, and bundles.
Productivity & identity
| Line item | Typical cost | Notes |
|---|---|---|
| Microsoft 365 Business Standard | ~£14 / user / month | Productivity suite without security extras. |
| Microsoft 365 Business Premium | ~£19 / user / month | Recommended. Adds EDR, MDM, conditional access. |
| Google Workspace Business Standard | ~£12 / user / month | Productivity suite. |
| Google Workspace Business Plus | ~£18 / user / month | Includes Vault for retention. |
| Password manager (Bitwarden Teams) | ~£3 / user / month | Business tier. |
| Password manager (1Password Business) | ~£6 / user / month | More polished UX. |
| FIDO security keys (YubiKey) | ~£45 each, one-off | For admins and directors. |
Backup & recovery
| Line item | Typical cost | Notes |
|---|---|---|
| M365 backup (Veeam / Acronis) | ~£4–£8 / user / month | Essential. Microsoft doesn't back up your M365 data. |
| Server / endpoint backup | ~£15–£40 / device / month | Depends on volume. |
| Off-site / immutable storage | ~£0.02–£0.05 / GB / month | Ransomware-aware target. |
Security tooling
| Line item | Typical cost | Notes |
|---|---|---|
| EDR (often bundled in M365 Premium) | £0 if bundled, else ~£5 / device / month | Don't pay twice. |
| Phishing simulation training | ~£1–£3 / user / month | KnowBe4, Proofpoint, Hoxhunt. |
| Email security (advanced anti-phish) | ~£2–£5 / user / month | Defender for Office P2, Mimecast, Proofpoint. |
| Cloud SIEM (small SME) | ~£100–£400 / month | Often included in MSP package. |
Certifications & assurance
| Line item | Typical cost | Notes |
|---|---|---|
| Cyber Essentials (self-assessed) | ~£300–£700, one-off + annual renewal | Achievable in weeks. |
| Cyber Essentials Plus | ~£1,500–£3,500, annual | External technical check. |
| ISO 27001 (SME) | ~£10k–£40k year 1 | Heavier-weight. |
| Penetration test (web, SME) | ~£3k–£10k per test | Useful annually for customer portals. |
Insurance & response
| Line item | Typical cost | Notes |
|---|---|---|
| Cyber insurance (£1m turnover) | ~£500–£2,500 / year | Depends on industry and security posture. |
| Cyber insurance (£5m+ turnover) | ~£2,500–£15,000 / year | Wider range. |
| Incident response retainer (standalone) | ~£5k–£15k / year | Often bundled with insurance. |
People & advice
| Line item | Typical cost | Notes |
|---|---|---|
| Managed Service Provider (general) | ~£30–£60 / user / month | Lower end = helpdesk; higher = security work. |
| Fractional / virtual CISO | ~£1k–£5k / month | A few hours a week. |
| Independent annual review | ~£2k–£8k, one-off | Outside view, no MSP allegiance. |