Is Cyber Essentials certification worth it?

Organisations with Cyber Essentials certification are 92% less likely to make a claim on their cyber insurance. Certification is mandatory for UK government contracts involving sensitive data. Only 3% of UK businesses are currently certified, giving certified businesses a competitive advantage.

What is ransomware and should UK businesses be worried?

Ransomware is malicious software that encrypts your data and demands payment for its return. Approximately 19,000 UK businesses were hit by ransomware in 2025. The median UK ransom demand has doubled to $5.37 million, and average recovery costs reach $2.58 million excluding the ransom itself.

How much does a cyber breach cost a UK business?

The average cost of the most disruptive breach is £3,550 for UK businesses. For businesses that experienced negative outcomes such as data loss or financial theft, the average cost rises to £8,260. Medium and large businesses face average costs of £10,830 per disruptive incident.

What is multi-factor authentication and why do we need it?

MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.

What is the most common type of cyber attack in the UK?

Phishing is the most common attack type, identified by 85% of businesses that experienced a breach (DSIT 2025). Phishing accounts for 93% of cyber crimes against businesses. AI-powered phishing has driven a 204% increase in phishing emails delivering malware in 2025.

What Is MDR (Managed Detection and Response)?

Managed Detection and Response (MDR) is a cybersecurity service that combines endpoint monitoring, threat hunting, and human-led incident response. Unlike antivirus software, MDR involves security analysts actively investigating and containing threats on your behalf, around the clock.

See How MDR Works

Last updated: March 2026

Direct Answer

MDR (Managed Detection and Response) is a managed security service in which a team of analysts monitors your endpoints, network, and identity layer 24/7 and takes active steps to investigate and contain threats. It goes beyond traditional antivirus or EDR tools by providing human expertise that can identify attacker behaviour, contain compromised devices, and guide incident response. MDR is particularly relevant for SMEs that lack in-house security staff but need more than automated detection can provide. AMVIA delivers MDR through a combination of Huntress and Microsoft Defender tooling, operated by its security team. 21% of businesses that experienced a breach reported a negative outcome such as loss of money or data. 7% of businesses that experienced a breach reported temporary loss of access to files or networks — up from 4% in 2024.

What MDR Includes

MDR services vary, but the following components are typically included in a well-constructed managed detection and response offering.

Endpoint Detection and Response (EDR)

A lightweight agent deployed on every device collects telemetry — process activity, network connections, file changes — and sends it to a managed platform for analysis.

24/7 Threat Monitoring

Security analysts review alerts and investigate suspicious activity around the clock. Issues are triaged and escalated based on severity.

Threat Hunting

Proactive search for indicators of compromise that automated rules may miss. Analysts look for attacker behaviour patterns rather than waiting for alerts to fire.

Incident Containment

When a threat is confirmed, analysts can isolate affected devices, terminate malicious processes, and guide remediation — reducing dwell time and blast radius.

Forensic Investigation

Post-incident, MDR providers can reconstruct what happened, identify the root cause, and recommend steps to prevent recurrence.

Reporting and Evidence

Regular reports on threat activity, investigations, and remediation actions provide an audit trail for compliance, insurance, and board-level review.

Antivirus vs EDR vs MDR

How the three tiers of endpoint security differ in what they detect, how they respond, and what they cost.

Feature	Antivirus (AV)Signature-based	EDRBehavioural detection	MDRManaged + human responseRecommended
Known malware detection
Behavioural / anomaly detection
24/7 human monitoring
Active threat hunting
Incident containment		Manual
Forensic investigation		Limited
Typical per-device cost /mo	£2–£5	£5–£15	£12–£30

MDR is not a replacement for good endpoint hygiene, patching, and MFA — it is an additional detection and response layer on top of these controls.

Frequently Asked Questions

Add Managed Detection and Response to Your Security Stack

AMVIA's MDR service provides 24/7 endpoint monitoring and human-led incident response for UK SMEs. Speak to our team to understand what's covered.

Related Guides

Comparison

SOC vs MDR

Which managed security service is right for your organisation and where they overlap.

Question

Do I Need a SOC?

How to decide whether a managed SOC, MDR, or neither is the right fit for your business.

Pillar Guide

The Complete Guide to Cybersecurity

Where MDR fits in a layered security programme for UK SMEs.