How quickly should a business respond to a cyber incident?

The first hour after detection is considered the golden hour that determines outcome severity. Organisations that detect breaches internally save an average of $900,000 in costs. Only 22% of UK businesses have a formal cybersecurity incident management plan in place.

What is business email compromise (BEC)?

BEC is a type of fraud where attackers impersonate executives or suppliers to trick employees into transferring funds or sharing sensitive data. BEC attacks increased 33% in 2025. The average loss per BEC incident is $137,000. Even organisations with fewer than 1,000 employees face a 70% weekly probability of a BEC attempt.

Is Cyber Essentials certification worth it?

Organisations with Cyber Essentials certification are 92% less likely to make a claim on their cyber insurance. Certification is mandatory for UK government contracts involving sensitive data. Only 3% of UK businesses are currently certified, giving certified businesses a competitive advantage.

What is the most common type of cyber attack in the UK?

Phishing is the most common attack type, identified by 85% of businesses that experienced a breach (DSIT 2025). Phishing accounts for 93% of cyber crimes against businesses. AI-powered phishing has driven a 204% increase in phishing emails delivering malware in 2025.

Comparison

Microsoft Defender for Business vs Third-Party MDR: Which Is Best for SMEs?

A practical comparison for UK businesses — covering features, costs, and which option suits different requirements.

Key Facts

£8,260average breach cost for businesses with negative outcomes

99.9%of compromised accounts had not enabled MFA (Microsoft)

204%increase in AI-powered phishing emails in 2025

241 daysaverage time to identify and contain a breach (IBM 2025)

Last updated: March 2026

Microsoft Defender for Business vs Third-Party MDR

Feature	Microsoft Defender for Business	Third-Party MDR
Best For	Depends on requirements	Depends on requirements
UK Availability	Widely available	Widely available
Typical Cost	Varies	Varies
Complexity	Varies	Varies

When to Choose Each Option

Guidance based on your business requirements.

Choose Microsoft Defender for Business When

Your business has specific requirements that favour this approach. Budget and resources align with this solution. Your existing infrastructure supports it

Choose Third-Party MDR When

Your business needs a different approach. You have different budget considerations. Your team has relevant experience

Cost Considerations

Both Microsoft Defender for Business and Third-Party MDR have different cost profiles. The right choice depends on your business size, existing infrastructure, and specific requirements. AMVIA can help you evaluate which option delivers the best value for your situation.

The AMVIA Recommendation

If you have no dedicated in-house security analyst, choose MDR — not Defender standalone. MDR uses Defender (or equivalent EDR) as the detection layer, then adds 24/7 human monitoring and incident response on top. AMVIA's MDR service starts from £10 per endpoint per month and typically replaces both standalone AV and dedicated security staff costs.

Get a Free MDR Assessment