How common are cyber attacks on UK businesses?

43% of UK businesses experienced a cybersecurity breach or attack in the past 12 months, according to the DSIT Cyber Security Breaches Survey 2025. For medium-sized businesses, this figure rises to 67%. Phishing remains the most common attack type, affecting 85% of businesses that reported a breach.

What is multi-factor authentication and why do we need it?

MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.

How do supply chain attacks affect UK businesses?

Only 14% of UK businesses formally review cyber risks from their immediate suppliers. 35.5% of all global data breaches in 2024 originated from third-party compromises. Supply chain attacks add an average of £241,620 to the total cost of a breach and take 267 days to detect and contain.

What is ransomware and should UK businesses be worried?

Ransomware is malicious software that encrypts your data and demands payment for its return. Approximately 19,000 UK businesses were hit by ransomware in 2025. The median UK ransom demand has doubled to $5.37 million, and average recovery costs reach $2.58 million excluding the ransom itself.

Comparison

In-House Security Team vs MSSP: Costs Benefits and Trade-Offs

A practical comparison for UK businesses — covering features, costs, and which option suits different requirements.

Key Facts

43%of UK businesses experienced a cyber breach in 2025 (DSIT)

65,000hack attempts on UK small businesses every day

82.6%of phishing emails now use AI-generated content (KnowBe4)

204%increase in AI-powered phishing emails in 2025

Last updated: March 2026

In-House Security Team vs MSSP

Feature	In-House Security Team	MSSP
Best For	Depends on requirements	Depends on requirements
UK Availability	Widely available	Widely available
Typical Cost	Varies	Varies
Complexity	Varies	Varies

When to Choose Each Option

Guidance based on your business requirements.

Choose In-House Security Team When

Your business has specific requirements that favour this approach. Budget and resources align with this solution. Your existing infrastructure supports it

Choose MSSP When

Your business needs a different approach. You have different budget considerations. Your team has relevant experience

Cost Considerations

Both In-House Security Team and MSSP have different cost profiles. The right choice depends on your business size, existing infrastructure, and specific requirements. AMVIA can help you evaluate which option delivers the best value for your situation.

The AMVIA Recommendation

For UK SMEs under 500 employees, an MSSP is the right choice over in-house security. Building genuine 24/7 detection and response capability in-house requires specialist staff, expensive tooling, and shift patterns — costs that only make sense at enterprise scale. AMVIA's managed security service delivers MDR, threat intelligence, and compliance support from a predictable per-user fee.

Get a Free Cybersecurity Assessment