IT Support

Cloud Solutions

Managed IT Services

Cybersecurity

ERGOS Shield

IT Consulting

AI for Business

Data Analytics

Network Services

Software Development

IT Compliance

About Us

Meet the Team

Awards and Accreditations

Careers

Partners

Blog

The Five IT Questions Every UK SME Owner is Asking in 2025 (And The Honest Answers You Need)

by | Nov 5, 2025

Categories: Blog | Cybersecurity | Essential | IT Support | Simon Fisher
Tags: Cloud Computing | Five Questions | IT Support

Business owner pondering questions about their IT

If you run a small or medium-sized business in the UK, you’re probably not waking up each morning excited about your IT systems. More likely, you’re wondering if today’s the day something goes wrong, or worrying about whether you’re doing enough to protect your business from cyber threats you barely understand.

You’re not alone. In fact, you’re part of a much larger conversation happening across the UK right now, with thousands of business owners asking the exact same questions.

We’ve looked at what UK SMEs are genuinely searching for online and talking about with their peers. The good news? The questions you have are the same ones everyone else has. The better news? There are straightforward answers that don’t require a computer science degree to understand.

Here are the five questions that keep coming up, and the honest, practical guidance you need.

Question 1: How much should I actually be paying for IT support?

This is the question on everyone’s lips, and understandably so. When every provider seems to have a different pricing structure, how do you know if you’re getting good value or being taken for a ride?

The straight answer: For a UK SME, you’re typically looking at anywhere upwards of £35 per employee per month for fully managed IT support. That’s roughly £350 monthly for a 10-person company.

But here’s what matters more than the price tag – what you’re actually getting for that money.

What should be included?

A proper managed IT service (often called an MSP, or Managed Service Provider) should give you:

  • Proactive monitoring of your systems (they spot problems before you even notice them)
  • Regular updates and patches (keeping your software secure and current)
  • Help desk support when things go wrong
  • Cybersecurity measures including antivirus and firewall management
  • Data backup and recovery (so you can bounce back from disasters)
  • Strategic planning to help your technology support your business goals

Think of it like car maintenance. You could wait until something breaks and pay a garage by the hour to fix it (that’s ‘break-fix’ support, typically £100 hourly). Or you could have a service plan where someone keeps your car running smoothly, spots issues early, and fixes them before they leave you stranded.

Which sounds less stressful?

The hidden costs of doing it yourself

Before you decide that’s too expensive, consider what it actually costs to handle IT internally:

  • A full-time IT person’s salary (£30,000-45,000)
  • Plus National Insurance, pension contributions, and benefits (add another 20-30%)
  • Training to keep them current (technology changes constantly)
  • Holiday and sick cover (your IT doesn’t stop when they do)
  • The risk that they’ll leave and take all their knowledge with them

Suddenly, that monthly fee starts looking rather sensible.

What to watch out for

Be wary of providers who:

  • Seem unusually cheap (there’s usually a reason)
  • Add surprise charges for basic services
  • Don’t explain clearly what’s included
  • Can’t provide references from similar businesses

Good IT support should give you peace of mind, not create more questions.

Question 2: Am I doing enough to protect my business from cyberattacks?

This question keeps business owners up at night, and rightly so. The statistics are genuinely worrying – 43% of UK businesses experienced some form of cyber breach or attack in the past year1. That’s nearly half of all businesses.

The uncomfortable truth: If you’re asking this question, the answer is probably “no, but you’re not alone.”

Here’s what’s particularly concerning: whilst 72% of UK SMEs say security is their biggest business challenge, only 27% have someone at board level actually responsible for it. That’s down from 38% just a few years ago.1

The threats you’re facing

Let’s talk about what’s actually out there:

Phishing attacks are by far the most common threat, accounting for 85% of successful cyberattacks on UK SMEs1. These are the emails that look legitimate but are designed to trick you or your staff into handing over passwords or clicking malicious links.

The scary part? They’re getting harder to spot. Criminals are now using Artificial Intelligence (AI) to write convincing messages with perfect grammar and personalised details.

Ransomware is on the rise, where criminals lock your files and demand payment to release them. For a small business, this can be devastating—the average cost of a cyberattack on an SME is now up to £10,0002, and that doesn’t include the business you lose whilst you’re offline.

AI-powered attacks are the new concern for 2025. Criminals are using AI to create more sophisticated scams, deepfake audio and video, and automated attack tools. It’s not science fiction anymore; it’s happening now.

What actually protects you

The good news is that basic cybersecurity measures stop the vast majority of attacks. You don’t need to spend a fortune to significantly reduce your risk.

The essentials every UK SME needs:

  1. Multi-factor authentication (MFA) – this is where you need two things to log in (like a password plus a code sent to your phone). It’s a bit of a faff, but it stops 99% of automated attacks.
  2. Regular backups – stored somewhere separate from your main systems. If the worst happens, you can restore everything and keep going.
  3. Staff training – your team are your first line of defence. They need to know what suspicious emails look like and what to do if they spot one.
  4. Up-to-date software – those update notifications aren’t just annoying; they’re often fixing security holes that criminals exploit.
  5. Basic access controls – not everyone needs access to everything. Limit who can see sensitive data.
  6. A response plan – know what you’ll do if something does go wrong. Who do you call? How do you isolate the problem?

If you’re looking at that list thinking “we don’t have half of those,” don’t panic. Start with one. Get MFA set up this week. Then tackle the next item next month. Progress matters more than perfection.

The Cyber Essentials scheme

The UK government’s Cyber Essentials certification is specifically designed for businesses like yours. It’s a set of basic security controls that, when implemented correctly, defend against the most common cyber threats.

It costs a few hundred pounds to get certified, and many insurance companies now offer discounts if you have it. More importantly, it gives you a clear checklist of what you need to do.

Question 3: Should I be using AI in my business, and if so, how?

AI has gone from science fiction to everyday reality remarkably quickly, and business owners are understandably confused about what it means for them.

The balanced view: Yes, you should be exploring AI, but thoughtfully, not frantically.

Here’s what’s happening: 81% of UK organisations either agree or strongly agree that they should invest in AI initiatives3. That’s a massive number. But at the same time, 43% of SMEs have no plans to adopt AI4, with concerns about cost, security, and complexity as main barriers.

So there’s this interesting tension – everyone knows they should be doing something with AI, but they’re also worried about the risks.

Where AI actually helps SMEs right now

Forget the hype about AI replacing your workforce or revolutionising everything overnight. Here’s where it’s genuinely useful for businesses your size:

Customer service: AI chatbots can handle basic customer enquiries 24/7, freeing your team to deal with complex issues that need a human touch. They’re not perfect, but they’re getting better.

Administrative tasks: AI can help with scheduling, sorting emails, summarising documents, and managing calendars. These are the tedious jobs that eat into your team’s time.

Marketing: AI tools can help create social media content, suggest email subject lines, analyse what your customers are interested in, and even generate first drafts of marketing materials (though you’ll want a human to polish them).

Data analysis: If you’ve got spreadsheets full of customer data or sales figures, AI can spot patterns and trends much faster than a human can.

Accounting support: Many accounting packages now include AI features that can categorise expenses, flag anomalies, and even predict cash flow issues.

The key is to start small. Pick one area where you’re spending too much time on repetitive tasks and look for an AI tool that addresses it specifically.

The security considerations

Here’s what you need to be careful about:

  • Don’t put confidential customer data into public AI tools like ChatGPT. Assume anything you type could become public.
  • Make sure you understand where your data is being stored and who can access it.
  • Have a clear policy for your staff about what they can and can’t use AI for.
  • Remember that AI makes mistakes. Always check its output before using it.

Most Managed IT Service Providers can now help you implement AI tools safely, with proper security controls in place. It’s worth having that conversation.

 

Question 4: Do I really need to move everything to the cloud?

This question usually comes with a healthy dose of scepticism, often because someone’s been trying to sell you cloud services without properly explaining what they are or why you’d benefit.

The nuanced answer: You don’t need to move everything to the cloud, but you probably should move some things – and here’s how to decide what.

First, let’s demystify this. “The cloud” simply means using software and storing data on someone else’s computers (servers) that you access via the internet, rather than having everything on computers in your office.

You’re almost certainly using some cloud services already. If you use Microsoft 365 or Google Workspace for email, you’re in the cloud. If you bank online, use Xero for accounting, or have an online booking system, that’s all cloud-based.

The genuine benefits

Accessibility: Your team can work from anywhere with an internet connection. After the pandemic proved remote working can be effective, this flexibility has become less of a nice-to-have and more of an expectation from staff.

Automatic updates: The provider handles all the technical maintenance and security updates. You don’t need to worry about it.

Disaster recovery: If your office floods or burns down, your data is safely stored elsewhere. This is huge for business continuity.

Scalability: Need more storage or user accounts? Just pay for them. Need fewer? Scale back. You’re not stuck with hardware you’ve purchased that’s now sitting idle.

Cost predictability: You pay a regular monthly fee rather than facing unexpected expenses when servers fail or need replacing.

The legitimate concerns

Internet dependency: If your broadband goes down, you can’t access your systems. This is a real risk, which is why having a backup internet connection (even a 4G dongle) is sensible.

Ongoing costs: Cloud services are subscription-based. You’ll pay every month forever, whereas owning a server is a one-off cost (albeit with ongoing maintenance). Over five years, the numbers often favour the cloud, but it depends on your specific situation.

Data control: Some businesses are uncomfortable with their data sitting on someone else’s servers. That’s understandable, particularly in certain industries with strict regulations.

Migration complexity: Moving from old systems to cloud services can be disruptive if not done properly. You need a clear plan and proper support.

Making the right choice for your business

Consider cloud services for:

  • Email and collaboration tools (Microsoft 365, Google Workspace)
  • Accounting software (Xero, Sage, QuickBooks Online)
  • Customer relationship management (CRM) systems
  • File storage and sharing
  • Business applications you access through a web browser

Keep on-premise if:

  • You have legal or regulatory requirements about data location
  • Your internet connection is genuinely unreliable and unlikely to improve
  • You have very specific legacy software that can’t be cloud-based
  • The costs genuinely don’t work for your use case

For most SMEs, a hybrid approach makes sense – some things in the cloud, some things on-site. It doesn’t have to be all or nothing.

 

Question 5: How do I know if my current IT setup is actually working for my business?

This is perhaps the most insightful question, because it acknowledges something important: IT shouldn’t just “work”, it should actively support your business goals.

The revealing truth: If you’re constantly firefighting IT issues, waiting for things to be fixed, or feeling frustrated by your technology, then no, it’s not working for you.

The warning signs your IT needs attention

Here are the red flags that suggest your current setup isn’t fit for purpose:

Frequent downtime: If systems regularly go offline or slow to a crawl, you’re losing money. Research from Gartner suggests the average cost of IT downtime for SMEs is over £4,500 per minute when you factor in lost productivity and missed opportunities5.

Security scares: If you’re regularly dealing with virus infections, suspicious activity, or security alerts, your defences aren’t strong enough.

Staff frustration: When your team complain about slow computers, systems that don’t talk to each other, or technology that gets in the way of doing their jobs, that’s a productivity problem.

Lack of visibility: If you don’t know what software and devices your employees are using, you have no control over your security or costs.

Reactive rather than proactive: If you only hear from your IT support when something’s broken, they’re not doing their job properly. Good IT support prevents problems, not just fixes them.

Growth limitations: If your technology makes it difficult to add new staff, open new locations, or launch new services, it’s holding you back.

What good IT support looks like

Here’s what you should experience:

  • Regular communication about your systems’ health, not just emergency calls
  • Strategic input on how technology can help you achieve business objectives
  • Proactive upgrades to keep you current without unnecessary expenditure
  • Clear explanations in plain English, not technical jargon
  • Fast response times when issues do occur
  • Training and support to help your team use technology effectively

Assess your current IT setup

1. Infrastructure & Hardware

Question Yes No
Are all computers, laptops, and servers less than 4 years old?
Do you have a documented plan to replace or upgrade ageing hardware?
Is your internet connection reliable with a backup or failover in place?
Are all key systems and devices monitored for performance and uptime?

2. Cloud & Data Management

Question Yes No
Is your business data stored securely in the cloud (e.g. Microsoft 365, Google Workspace, Azure)?
Do you control who can access, edit, or delete company data?
Are backups automatic, encrypted, and regularly tested?
Do you use cloud tools for collaboration and remote work?

3. Cybersecurity

Question Yes No
Do you use multi-factor authentication (MFA) across all critical systems?
Are all company devices protected by antivirus or EDR software?
Are software updates and security patches applied automatically?
Have staff received cybersecurity training in the past 12 months?

4. IT Support & Monitoring

Question Yes No
Do you have a dedicated IT support provider or internal support process?
Are systems proactively monitored for issues (before they cause downtime)?
Can staff get remote support when working offsite?
Do you track IT performance or ticket response times?

5. Strategy & Planning

Question Yes No
Is your IT setup aligned with your business goals and growth plans?
Do you have a current IT or digital transformation plan?
Do you set aside a budget for IT improvements each year?
Is IT included in your business risk or compliance reviews?

Overall Score

Add up all your “Yes” answers out of 20.

Score Rating Meaning
17–20 🟢 Excellent Your IT setup is secure, modern, and supports your growth. Focus on innovation and optimisation.
13–16 🟡 Good You have a solid foundation, but there are areas where improvement could boost efficiency or resilience.
8–12 🟠 Needs Improvement You have some key IT capabilities, but gaps could expose you to risk or limit productivity.
0–7 🔴 At Risk Your IT environment likely leaves you vulnerable to downtime, data loss, or cyber threats.

The tool sprawl problem

Here’s something you might not realise is a problem: UK SMEs are now using between 5 and 20 different software tools to manage their operations. That sounds normal until you consider the implications:

  • Multiple passwords for staff to remember
  • Tools that don’t integrate with each other
  • Duplicate data entry
  • Security vulnerabilities you don’t know about
  • Rising subscription costs

85% of UK IT administrators say they want a single, unified platform to manage devices, identities and access6. That doesn’t mean one piece of software does everything (that’s unrealistic), but it does mean choosing tools that work together properly.

Taking stock of your situation

Ask yourself these questions:

  1. When was the last time someone reviewed our entire IT setup?
  2. Do we have a documented IT strategy that aligns with our business plans?
  3. Could we recover quickly if disaster struck?
  4. Are we spending more time managing IT than we should be?
  5. Is technology enabling our growth or limiting it?

If you’re unsure about any of these, it’s worth having a proper IT audit. Many managed IT service providers will do this as a free initial consultation.

Graph: UK SME Revenue Growth – High v Low Technology Adoption (2021-2025)7

A graph showing High tech adopters grow more than low tech adopters

 

 

 

 

 

 

What happens if you do nothing?

Let’s be honest about the elephant in the room. Reading about what you should do is one thing. Actually doing it is another – especially when you’re busy running a business and IT feels like just another expense.

But here’s what happens if you ignore these issues:

The cybersecurity statistics are against you. With 43% of UK businesses experiencing attacks in the past year1, doing nothing is essentially gambling with your business. One successful ransomware attack can shut you down for days or weeks. Some businesses never recover.

The technology gap widens. Your competitors are adopting new technologies, improving their efficiency, and delivering better customer experiences. Stand still and you fall behind.

Your team get frustrated. Good employees will leave if they’re constantly battling with poor IT systems. Recruiting and training replacements costs far more than sorting out your IT.

Regulatory requirements tighten. Data protection laws aren’t getting more relaxed. If you experience a breach and can’t demonstrate you took reasonable security measures, the fines can be substantial.

The costs compound. Small IT problems become big IT problems. What might cost £500 to fix now could cost £5,000 in six months – plus all the business disruption.

Taking the first step

If all of this feels overwhelming, here’s the good news: you don’t have to fix everything at once.

Start with one thing. This week, do one of these:

  • Book a free IT assessment with a reputable managed service provider
  • Set up multi-factor authentication on your most important systems
  • Have a conversation with your team about their IT frustrations
  • Review what software and subscriptions you’re actually paying for
  • Schedule regular backups and test that they work

Next month, tackle something else from the list.

The businesses that thrive aren’t the ones with perfect IT from day one. They’re the ones that recognise IT as a strategic asset, not just a cost centre, and take consistent steps to improve it.

A final thought on choosing IT support

Throughout this article, we’ve mentioned managed IT services repeatedly. That’s because, for most SMEs, outsourcing to specialists makes far more sense than trying to handle everything internally.

But not all IT providers are created equal. Here’s what to look for:

Experience with businesses like yours: An IT company that mainly works with legal firms might not understand the needs of a manufacturer. Find providers with relevant experience.

Clear communication: If they can’t explain things to you in plain English, they’re not the right fit. Good technical knowledge is essential, but so is the ability to communicate it.

Proactive approach: Look for providers who talk about preventing problems, not just fixing them. Ask how they’ll keep you updated about your IT health.

Transparent pricing: Be suspicious of vague quotes or pricing that seems too good to be true. You need to know exactly what you’re getting for your money.

Local presence: Whilst remote support is great for many issues, sometimes you need someone on-site. Make sure they can actually reach you when necessary.

References: Ask to speak to current clients who are similar to you. What’s their experience been like?

At ERGOS, our strapline is “Stress-free IT for you,” and that’s what good IT support should deliver. Not perfection – technology will never be perfect. But confidence that someone knowledgeable is looking after your systems, explaining things clearly, and helping your business use technology effectively.

Your action plan

Based on the five questions we’ve covered, here’s a practical 90-day action plan:

Month 1: Assessment and immediate security

  • Get a professional IT assessment
  • Implement multi-factor authentication
  • Ensure backups are working (and test a restore)
  • Review and update your cybersecurity insurance

Month 2: Planning and foundations

  • Develop a cybersecurity policy for your team
  • Provide basic security awareness training to all staff
  • Audit what software and subscriptions you’re actually using
  • Create an incident response plan (who do you call if something goes wrong?)

Month 3: Strategic decisions

  • Decide on your IT support model (in-house, outsourced, or hybrid)
  • Plan any necessary migrations (to cloud or new systems)
  • Look at one area where AI could genuinely help you
  • Set regular IT review meetings into your schedule

The key is momentum. Progress matters more than perfection.

Frequently asked questions

How do I know if I need a full-time IT person or if outsourced support is enough?

As a general rule, if you have fewer than 50 employees, outsourced support usually makes more financial sense. You get access to a whole team of specialists for less than the cost of one full-time employee. If you’re larger or have very specific technical needs, you might need in-house support – but even then, many businesses have one internal person backed up by an outsourced team.

What’s the difference between cybersecurity and IT support?

IT support keeps your systems running smoothly – fixing problems, managing updates, helping users. Cybersecurity specifically focuses on protecting your systems from attacks and data breaches. Think of IT support as the mechanics who maintain your car, whilst cybersecurity is the locks, alarm, and tracking device that stop it being stolen. You need both, and good managed IT providers include both.

Can I just use free antivirus software and call it done?

Free antivirus is better than nothing, but it’s only one small part of cybersecurity. It’s like locking your front door but leaving all your windows open. You also need protection against phishing, ransomware, unauthorised access, and data loss. Plus, free versions typically don’t include business-grade management tools or support. For business use, proper commercial security tools, such as Endpoint Detection and Response (EDR) are worth the investment.

How long does it take to move to the cloud?

It depends entirely on what you’re moving and how complex your setup is. Email migration might take a few days to a couple of weeks. Moving business-critical applications could take several months if done properly. The key is proper planning – rushing a cloud migration causes more problems than it solves. A good IT provider will give you a realistic timeline based on your specific situation.

What should I do if I think we’ve been hacked?

First, don’t panic. Second, disconnect affected systems from your network (but don’t turn them off – that can destroy evidence). Third, contact your IT support provider immediately. If you don’t have one, contact the National Cyber Security Centre. Document everything that happened. Notify your cybersecurity insurance provider. And learn from it – what went wrong and how can you prevent it happening again?

Is it worth getting Cyber Essentials certification?

For most UK SMEs, yes. It costs a few hundred pounds, gives you a clear checklist of basic security measures to implement, and demonstrates to customers that you take security seriously. Many insurance companies offer discounts for businesses with Cyber Essentials. Perhaps most importantly, it significantly reduces your risk of common cyberattacks. If you work with government or larger corporate clients, they may require it.

How often should I review my IT setup?

Formally, at least once a year. But you should have ongoing conversations with your IT provider – monthly or quarterly check-ins to discuss what’s working, what isn’t, and what’s coming up. Technology changes quickly, and your business changes too. Regular reviews ensure your IT continues to support your business rather than hold it back.

Can small businesses really afford proper IT support?

The question is actually whether you can afford not to. The average cost of a cyberattack on an SME is over £10,000. IT downtime costs over £4,500 per minute. A single ransomware attack could close your business permanently. Proper IT support typically costs £500-£1,500 per month for a small business – far less than the potential cost of things going wrong. Think of it as insurance that also makes your business more efficient.

Comparison: Break-fix vs managed IT support

Aspect Break-fix support Managed IT support
Pricing model8 Pay per hour (£100) when something breaks Fixed monthly fee (£35 per user)
Approach Reactive – wait for problems Proactive – prevent problems
Cost predictability Unpredictable – could be £0 or £5,000 this month Completely predictable monthly cost
Security Your responsibility to manage Included as part of service
Updates and maintenance Only when you request it Automatic and regular
Response time Can be slow – they have many clients to juggle Prioritised – you’re paying for availability
Strategic planning None – just fixing problems Included – aligning IT with business goals
Suitable for Very small businesses with simple IT (under 5 people) Growing businesses who rely on technology (5+ people)

 

Comparison: Common cloud services for UK SMEs

Service type Popular options Best for
Email & collaboration Microsoft 365, Google Workspace Most businesses – it’s now the standard
Accounting Xero, Sage, QuickBooks Essential – cloud accounting is more efficient and accessible
File storage Microsoft OneDrive, Google Drive, Dropbox Businesses needing to share files and work remotely
CRM (Customer management) HubSpot, Salesforce, Zoho Sales-focused businesses managing client relationships
Project management Monday.com, Asana, Trello Teams coordinating projects and tasks
Communication Microsoft Teams (included with 365), Slack Teams needing quick internal communication
Video conferencing Microsoft Teams, Google Meet, Zoom Any business doing remote meetings

 

The bottom line

Technology doesn’t have to be stressful. It doesn’t have to be confusing. And it certainly doesn’t have to be something you deal with only when it breaks.

The five questions we’ve covered in this article – about cost, security, AI, cloud services, and whether your IT is fit for purpose, are questions every UK SME should be asking. The fact that you’re asking them puts you ahead of many business owners who simply hope everything will be okay.

But questions need answers. And answers need action.

Your next step is to take one action – just one – from this article. Book that IT assessment. Set up multi-factor authentication. Have that conversation with your team. Review your current IT spend.

Whatever you choose, do it this week. Because your business deserves IT that supports you, not stresses you.

If you’d like to talk about any of these topics in plain English, without sales pressure, get in touch with ERGOS. We specialise in making IT straightforward for businesses that don’t have time for technical complications.

After all, you started your business to deliver your product or service to customers, not to become an IT expert.

Let us handle the complexity. You focus on what you do best.

This article was written to help UK SME business owners make informed decisions about their IT. Technology moves quickly, so whilst we’ve based this on the most current data available, we recommend speaking with IT professionals about your specific situation. ERGOS Technologies Limited provides managed IT services across the UK, with a focus on making technology stress-free for growing businesses.

Primary Sources:

  1. Cyber Security Breaches Survey 2025 from DSIT and Home Office : https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/
  2. Cyber Security Breaches Survey 2024 from DSIT and Home Office : https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/
  3. Hot Source Creative – “The State of AI Adoption in UK SMEs” : https://www.hotsourcecreative.com/the-state-of-ai-adoption-in-uk-smes/
  4. British Chamber of Commercehttps://www.britishchambers.org.uk/news/2024/07/most-smes-still-struggling-to-embrace-ai/?utm_source=chatgpt.com
  5. Gartner Business and Technology Insights & Trends : https://www.gartner.com/en/insights
  6. Enterprise Times – IT admins battling pandemic of unathorised apps : https://www.enterprisetimes.co.uk/2025/01/30/it-admins-battling-pandemic-of-unauthorised-apps/?utm_source=chatgpt.com
  7. SME Digital Adoption Taskforce : SME Digital Adoption Taskforce: final report – GOV.UK
  8. ERGOS Technologies Limited – standard pricing

Additional Authoritative Sources:

Let ERGOS take the stress out of IT for you

Contact us now to get six months of IT Support for free
Discuss stress-free IT