Do small businesses really need cybersecurity?

Yes. 50% of small businesses (10-49 employees) reported a cybersecurity breach in 2025. UK small businesses face around 65,000 hack attempts daily, with approximately 4,500 successful breaches. More than a quarter of SMBs say a single cyber attack could put them out of business entirely.

How common are cyber attacks on UK businesses?

43% of UK businesses experienced a cybersecurity breach or attack in the past 12 months, according to the DSIT Cyber Security Breaches Survey 2025. For medium-sized businesses, this figure rises to 67%. Phishing remains the most common attack type, affecting 85% of businesses that reported a breach.

What are the biggest cybersecurity threats for UK SMEs in 2026?

The top threats are phishing (85% of breaches), ransomware (doubled year-on-year), business email compromise (increased 33% in 2025), and supply chain attacks (35.5% of all breaches now originate from third parties). AI-powered attacks are accelerating all of these threat categories.

How much should a small business spend on cybersecurity?

UK businesses typically allocate 13.2% of their total IT budget to cybersecurity. More than half of UK small businesses increased their cybersecurity spending in 2024. 85% of UK firms plan to boost their cyber budget for 2026. The cost of prevention is significantly less than the average breach cost of £3,550.

MDR vs SIEM: What's the Difference for UK Businesses?

SIEM collects and analyses security logs. MDR provides continuous monitoring with human-led response. For most UK SMEs, MDR delivers better outcomes at lower total cost than SIEM.

Key Facts

£3,550average cost of the most disruptive breach for UK businesses

43%of UK businesses experienced a cyber breach in 2025 (DSIT)

99.9%of compromised accounts had not enabled MFA (Microsoft)

49%of UK businesses have a basic cyber security skills gap (DSIT)

Last updated: March 2026

MDR vs SIEM: Feature Comparison

Feature	MDR£8–£25/endpoint/moRecommended	SIEM£5,000–£50,000+/year
Threat detection
Log collection and correlation	Included
24/7 human monitoring
Incident response
Requires security analysts to operate	No	Yes
Total cost for 100-person business	£800–£2,500/mo	£6,000–£12,000/mo (platform + staff)

When to Choose Each Option

Choose MDR if...

You need effective threat detection and response without hiring security analysts. MDR gives you the complete service — detection, investigation, and response — at a fraction of SIEM-plus-staff costs.

Choose SIEM if...

You have an existing security team, need to meet specific log retention requirements, or require deep correlation across diverse data sources. SIEM is a powerful tool — but only when operated by skilled analysts.

Cost-Benefit Analysis

SIEM platform costs plus the salary of one or more security analysts (£45,000–£65,000 each) typically exceeds £80,000–£120,000/year for a UK SME. MDR provides equivalent or better threat detection and response for £10,000–£30,000/year. For businesses without an existing security team, MDR is the clear winner on both effectiveness and cost.

Get a tailored MDR quote

The AMVIA Recommendation

For UK SMEs without a dedicated security operations team, MDR is the right choice over standalone SIEM. MDR delivers the monitoring and response outcomes that SIEM promises but requires significant in-house expertise to realise. Larger organisations with existing SOC teams can benefit from SIEM as a log aggregation and correlation layer — but start with MDR first.

Get a Free MDR Assessment