The True Cost of Piecemeal Cybersecurity for Small Businesses

Most small businesses arrive at their current security posture through accumulation rather than strategy. An antivirus licence purchased years ago. An email security product added after a phishing incident. A password manager recommended by the IT provider. A vulnerability scanner that someone read about. Security awareness training that became a compliance requirement. Each addition made sense at the time. Together, they form a patchwork that costs more than most owners realise and leaves gaps that none of the individual tools address.

This post does the arithmetic — honestly, with real market prices — on what piecemeal security actually costs a small UK business, what it delivers, and what it doesn't.

The Typical Small Business Security Stack

Based on what we see when we conduct security reviews for prospective SOC in a Box clients, the following tools appear most commonly in the security stacks of small UK businesses with 25–50 endpoints. We've used current market prices for each — not the introductory rates, but what organisations are typically paying on renewal.

Managed Antivirus / EDR

Pricing varies considerably by provider and tier. For a 40-endpoint organisation, managed antivirus sits at roughly £600–£1,200 per year. A step up to a genuine EDR product with managed alerting — which is what you actually need — costs £2,000–£4,000 per year for the same estate. We'll use £2,500 as a mid-range figure for a mid-market managed EDR licence.

Email Security

Microsoft 365 Business Premium includes Defender for Office 365, which provides meaningful email security. Organisations on lower Microsoft tiers, or not on Microsoft, typically add a third-party email security gateway at £800–£2,000 per year for a 40-user organisation. We'll use £1,200.

Password Manager

Business password managers — 1Password, Bitwarden Teams, LastPass Teams — run at approximately £4–7 per user per month. For 40 users: £2,400–£3,360 per year. We'll use £2,880.

Multi-Factor Authentication

If not included in an existing platform, standalone MFA solutions for 40 users run at approximately £800–£1,500 per year. Many organisations use Microsoft Authenticator (included with Microsoft 365) or Google Workspace MFA at no additional cost — so we'll exclude this from the total on the basis that it should already be covered.

Security Awareness Training

KnowBe4, Proofpoint, and comparable platforms cost approximately £15–25 per user per year. For 40 users: £600–£1,000. We'll use £800.

Vulnerability Scanner

Basic vulnerability scanning for a small environment runs at approximately £1,200–£2,400 per year depending on asset count and features. We'll use £1,500.

Dark Web Monitoring

Standalone dark web monitoring services — monitoring for leaked credentials, domain mentions, data dumps — cost approximately £500–£1,500 per year for a small organisation. We'll use £900.

Cyber Essentials Certification

Assessment fee plus typical preparation support: approximately £1,500–£3,000 for a small organisation, annually on renewal. We'll use £2,000.

Cyber Insurance

Standalone cyber liability insurance for a small professional services firm: approximately £1,200–£2,500 per year depending on turnover, sector, and the controls in place. We'll use £1,800.

The Total

Adding those figures together for a 40-endpoint organisation using a representative piecemeal stack:

• Managed EDR: £2,500
• Email security: £1,200
• Password manager: £2,880
• Security awareness training: £800
• Vulnerability scanner: £1,500
• Dark web monitoring: £900
• Cyber Essentials: £2,000
• Cyber insurance: £1,800

Total: approximately £13,580 per year.

And what does this stack not include? A human analyst monitoring your environment. 24/7 detection of lateral movement, ransomware staging, and insider threat activity. A named contact who calls you when something happens. Active threat hunting. Any ability to detect a threat that's already inside your network and behaving normally enough to evade automated detection.

What SOC in a Box Costs for the Same Organisation

A 40-endpoint organisation falls within our Medium plan: £600 per month, or £7,200 per year. That includes:

• SOC365 detection engine — replacing the EDR
• Threat intelligence including dark web monitoring — replacing the standalone product
• Vulnerability management with EPSS-prioritised scoring — replacing the scanner
• Cyber Essentials certification — included, not an add-on
• Government-backed cyber liability insurance — included on certification
• 24/7 analyst monitoring — not available in the piecemeal stack at any price
• Named analyst with custom detection rules — not available in the piecemeal stack at any price

The difference: £13,580 versus £7,200. The piecemeal approach costs £6,380 more per year — and doesn't include the capability that matters most.

The Framing That Changes Everything

The reason most small businesses haven't made this switch is that the piecemeal tools were added one at a time, each justified individually, and the cumulative cost was never presented as a single line item to be compared against an alternative. When you see the total, the comparison changes.

This isn't a pitch dressed up as analysis. The numbers are real. We encourage you to run the same exercise against your own current tool spend — the actual renewal invoices, not the introductory prices — and compare it against a scoping call conversation about what SOC in a Box would cost for your environment.