Cyber Essentials Security Stack for Under £50 per User per Year
For many small businesses, cybersecurity can feel expensive and complicated. The good news is that achieving the technical controls required for Cyber Essentials does not require a large security budget.
In fact, with the right combination of built-in tools and low-cost services, most UK SMEs can build a practical security stack for under £50 per user per year.
Below is a simple stack that aligns with the five core Cyber Essentials control areas while remaining affordable and easy to manage.
1. Endpoint Protection (Malware Protection)
Every device in your organisation must have protection against malware.
The good news is that most Windows devices already include a capable security solution:
Microsoft Defender Antivirus
Microsoft Defender provides:
Real-time malware protection
Ransomware detection
Automatic threat intelligence updates
Integration with Windows security features
For many SMEs, Defender provides more than enough protection to meet Cyber Essentials requirements without additional cost.
Typical cost: £0 (included with Windows)
2. Firewall Protection
Cyber Essentials requires a properly configured firewall between your devices and the internet.
Windows already includes a built-in firewall:
Windows Defender Firewall
This firewall:
Blocks unsolicited inbound connections
Allows controlled outbound access
Protects devices on public networks
For most small businesses, ensuring this firewall remains enabled on all devices is sufficient.
Typical cost: £0
3. Multi-Factor Authentication (MFA)
Cyber Essentials requires stronger protection for important accounts such as:
Email
Cloud platforms
Administrator accounts
If your organisation uses Microsoft 365 or Google Workspace, MFA can be enabled at no additional cost using authenticator apps such as:
Microsoft Authenticator
Google Authenticator
MFA dramatically reduces the risk of account compromise.
Typical cost: £0
4. Password Management
One of the most common causes of security breaches is weak or reused passwords.
A password manager helps staff create and store strong, unique passwords securely.
A good low-cost option is:
Bitwarden
The free tier works well for individuals, while the business plan provides secure sharing and administration.
Typical cost: ~£10 per user per year
5. Security Updates
Keeping systems up to date is one of the most important Cyber Essentials controls.
Windows devices should use:
Windows Update
This ensures:
Security patches are installed automatically
Critical vulnerabilities are fixed quickly
Devices remain protected from known exploits
Cyber Essentials requires that high-risk vulnerabilities are patched within 14 days.
Typical cost: £0
Example SME Cyber Essentials Stack
Security ControlToolCostEndpoint protectionMicrosoft Defender Antivirus£0FirewallWindows Defender Firewall£0Security updatesWindows Update£0Multi-factor authenticationMicrosoft Authenticator£0Password managerBitwarden~£10
Estimated annual cost:
£10–£20 per user per year
This leaves plenty of room within the £50 budget for optional additions such as phishing training or email security.
The Key Point for SMEs
Cyber Essentials is not about buying the most expensive security tools. It is about implementing sensible security controls consistently across your business.
Many organisations already have the tools they need — the challenge is configuring them correctly and ensuring staff follow good security practices.
How Prestige Cyber Guard Can Help
At Prestige Cyber Guard, we help SMEs implement practical, cost-effective cybersecurity controls that align with Cyber Essentials requirements.
If you are unsure whether your business is ready for Cyber Essentials certification, we can help you:
Assess your current security posture
Identify gaps in your controls
Prepare for Cyber Essentials certification
👉 Learn more or get in touch:
https://www.prestigecyberguard.co.uk/contact
