• admin@computersupportcentre.com
  • +44 1282 574444

IT Budgeting Guide

Table of Contents

Executive Summary
  • An IT Budget Is Not Just Laptops and Licences, It Also Includes Support, Security, Connectivity, Backup, Projects, and Contingency.
  • Most SMEs miss out on mapping out their Reactive Spending and therefore find themselves doing so through a need of an Urgent Laptop Replacement, Ransomware Recovery, Unexpected Licences Growing, and “Quick Projects”.
  • A Useful Practical Baseline Approach Is To Create Multiple Budgeting Categories, And Then Each Quarter To Review Those Categories Against One Another.
  • When It Comes To Benchmarking, The Majority Of Businesses In The UK Spend Between 3 – 6% On IT (varies by sector, business size etc.) However, A Bottom-up Budget Is A More Accurate Representation.
  • Managed IT Support Pricing Is Usually Based On Per User Per Month Pricing, And The Price Difference Can Be Substantial. The Scope Of Service Is More Important Than The Price.
  • Include Cybersecurity Budgeting For Prevention Plus Recovery (MFA, Patch Management, Endpoint Protection, Backups, Monitoring).
  • In Separating Essential IT Spend (Continuing Business) From Growth Spend (Improving Business Capability) And Risk Spend (Reducing Business Exposure).
  • Utilize The Capex Versus Opex Split To Help Finance With Cash Flow Forecasting.
  • Establish A Contingency Fund, As Most SMEs Will Face Unforeseen IT Costs Within A Given Year.
  • Developing A Good IT Budget Requires The Document To Be Live, So When New Hires Are On-boarded, Offices Are Relocated, Or Systems Are Upgraded, The Budget Should Be Modified Accordingly.
Who this guide is for
  • UK’s small and medium sized enterprises (SME) with an employee range of 1-250
  • Individuals who manage or operate a company and are responsible for operating the company
  • Individuals who approve the purchase of IT services
  • UK-based SME that use commonly available technologies like Google Workspace, Microsoft 365, web hosted applications, laptops, wireless internet, and outsourced IT Support services.
What an IT budget actually covers

To clarify what an IT budget is and to help an SME identify where the money is likely to be spent in an IT budget, I have listed below five questions that could be used to help develop an IT budget.

1. What do we need to operate on a daily basis?

(Email, storage, hardware, internet, technical support).

2. What do we need to ensure that our data is secure and that we can recover data should be necessary?

(Security features, backup storage, monitoring activities, and readiness to respond to an attack).

3. What do we need to help with growth and efficiency in the company?

(New employees, automation, tools, upgrades).

4. What do we need to prepare for and minimise future surprises?

(Lifecycle replacement, warranty expiry, contingency fund).

5. What does “good enough” mean considering both my company's size and risk?

(Repeatable, manageable baseline). Most SMEs tend to only budget for items that are visible (e.g., laptops, Microsoft 365) and do not consider less-visible items (e.g., Support hours, Security monitoring, Backup testing, Replacement, and Onboarding).

Typical IT cost categories for UK SMEs

The breakdown associated with most UK SME IT budget categories is as follows:

  • Hardware and Device Lifecycle
  • Software and Licences
  • IT Support and Managed Services
  • Cybersecurity (Tools and Services)
  • Connectivity and Infrastructure
  • Cloud Hosting and Hosting
  • Compliance and Risk Management
  • Training and Staff Awareness
  • Project and Upgrade Funding
  • Contingency for Unexpected Costs

We’ll look at each of these different categories and provide insight into good budgeting practices.

Budgeting models & approaches (table)
Model How it works Best for Risks / Watch-outs
“Percentage of revenue” Allocate a % (e.g., 3–6%) Quick first-pass estimate Can mislead; ignores your actual needs
Per-user budgeting Cost per user/month × headcount Knowledge-worker SMEs Needs scope clarity (security/tools)
Per-device budgeting Cost per device/month × devices Device-heavy environments Doesn’t capture SaaS growth well
Zero-based budgeting Rebuild budget from scratch New leadership / big change More effort; needs inventory
Baseline + projects Keep-the-lights-on + planned projects Most SMEs Must maintain discipline on scope
Risk-based budgeting Spend aligned to risk appetite Regulated / sensitive data Requires clear risk ownership
Step-by-step IT budgeting process (repeatable)

Step 1: Inventory what you have and what you rely on

  • Headcount (current + forecasted)
  • Devices (laptops, desktops, mobile phones)
  • Core systems (email, file storage, finance, CRM, line-of-business apps)
  • Locations of employees (office locations, remote)
  • Support model (break-fix vs. managed)

Step 2: Split spend into three buckets

  • Essential for business operation (devices, licences, connectivity, support)
  • Risk mitigation/recovery (security controls, backups, monitoring, incident response)
  • Growth (upgrades, automation, new technologies/systems, migrations)

Step 3: Decide CapEx vs OpEx (simple)

  • CapEx = overhead costs associated with hardware purchases and one-time projects (capitalised).
  • OpEx = recurring subscription costs/service agreements (M365, IT support, data backups, connectivity).
  • (You may want to discuss with your accountant how you should handle this for accounting purposes; however, the goal is to forecast cash flow).

Step 4: Build the 12-month budget

  • Monthly recurring costs (OpEx).
  • Scheduled replacements (CapEx-spreading (budgeting) schedule).
  • Projects (coordinated with company calendar).
  • Contingency funds (realistic estimates for unexpected expenses).

Step 5: Assign ownership and review cadence

  • One person will own budget (finance/operational management) and will also oversee budget performance.
  • One technical-lead position is responsible for coordinating with the IT/business partner/MSP.
  • Quarterly reviews; monthly checks for variances.

Step 6: Track actuals and adjust

  • Addition/removal of users
  • Licences/transfers
  • Failure of devices
  • Delays or expansion of projects
Core budget categories (what to budget for)

1) Hardware & device lifecycle

➢ What it covers :

  • Laptop/desktop, monitor, dock and headsets
  • Mobile / tablet for business if supplied
  • Printer / Scanner (if required)
  • Spare parts and replacement parts
  • Disposal / data wiping if used.

➢ Typical Cost Drivers

  • Number of staff increase (new staff).
  • Frequency of Replacement (many businesses have a replacement frequency of 3-5 years on laptops).
  • Warranty / Support levels.
  • Higher specification positions (Design, Data Science, CAD).

➢ If you understand the budget:

  • Reactive spending (panic purchasing).
  • Staff downtime caused by failed or failing equipment.
  • Security risk with unsupported devices.
  • Increased Technical Support time to troubleshoot old equipment.

Practical budgeting tip:

Create a rolling replacement plan. Plan to replace approximately 25-33% of laptops each year, followed by a rolling replacement plan over a 3-4 year cycle (or approximately 20-25% each year for a 4-5 year cycle).

2) Software & licences

➢ What it covers

In this session we will discuss:

  • Microsoft 365 / Google Workspace
  • Accounting and payroll subscriptions
  • Tools for CRM, project management, electronic signature collection, and line of business software applications
  • Additional licences e.g. security, archiving, backup
  •  

➢ Typical cost drivers

  • Adding/removing users
  • Upgrading to higher-tiered licences (e.g., due to increasing security need)
  • Add-on creep (adding one too many add-ons)
  • Price increases from vendors

➢ If you understand it

  • Shadow IT activity-staff use personal accounts, duplicating work/efforts (increased risk)
  • Loss of valuable features which could assist employee productivity (e.g., increase in cyber threats and loss of data)
  • Planned “emergency upgrade” expense as a result of incidents

Practical budgeting tip:

Conduct a quarterly licence review to identify and remove departed employees from the licence list, transfer to new employee, and review the use of add-on products.

3) IT support & managed services

➢ What it covers

  • Help-desk support (issues, requests)
  • Maintenance (patching, monitoring, routine tasks)
  • Onboarding/off-boarding user accounts
  • Vendor liaison (ISPs, software support)
  • Documentation and reviews. (Varies by provider.)

➢ Typical cost drivers

  • Support model (break/fix vs managed)
  • Number of users/devices/sites
  • Complexity (servers, multi-site, legacy apps)
  • Coverage hours (business hours vs extended)
  • Security requirements (monitoring, incident response)
  • Many UK sources quote managed IT pricing on a per user/month basis with broad ranges based on project scope.

➢ If you understand it

  • Reactive firefighting
  • Inconsistent patching and failure to meet basic security measures.
  • Increased downtime and repeated problems.
  • Always projects never getting finished (“no time”).

Practical budgeting tip:

If you want to budget predictably (monthly) for your IT and have enough money ($) set aside for projects along with a budget for managed support.

4) Cybersecurity

➢ What it covers

  • Mainframe Protection (Antivirus/Endpoint Detection Response), Primary Antivirus Systems
  • E-mail Protection (e.g., Anti-Phishing, DMARC), Mainframe Security for WFH
  • Access Control Procedures (Multi-Factor Authentication) for Information Technology (IT)
  • Monitoring and Alerting for Cyber Security Issues
  • Backup and Restore Testing Procedures for Disaster Recovery Plans (DRPs)
  • Security Awareness Training, Service.

➢ Typical cost drivers

  • Risk Level of Data (sensitive, WFH), Cyber Risk Level Associated with WFH
  • Who is responsible for Monitoring Alerting Procedures (Staffed or Non-Staffed)
  • How many Devices are Being Used (Device Count) and User accounts (User Count)
  • What type of Backups will be Conducted (Server; Microsoft 365; all end-user devices)

➢ If you understand it

  • Greater chance of Incurring Significant Expenses Due to Cyber Incidents
  • High Ransom Payment Costs and Recovery Costs
  • Insurance Challenges or Exclusions
  • Loss of Business Due to Interruption Caused by Cyber Events

Practical budgeting tip:

Budget for Cyber Security by Considering both Basic Controls and Recovery Expenses (not just Antivirus Software)

5) Connectivity & infrastructure

➢ What it covers

  • Broadband circuits, routers, business-class firewall devices
  • Wi-Fi access points and switches
  • 4G/5G Failover (if needed for your business).
  • Network Support Agreements

➢ Typical cost drivers

  • Multiple Sites
  • Bandwidth Requirements for Teams, VoIP and Cloud-Based Applications
  • Resilience and Redundant Services
  • Hardware Refresh Program and Licensing

➢ If you understand it

  • No Business Activity during Downtime
  • Poor Quality of Teams Calls with Reduced Productivity
  • Increased Security Risks from Using Consumer-Grade Routers (CGRs).
6) Cloud & hosting

➢ What it covers

  • Website Hosting (if Hosted Is part of your IT environment)
  • Cloud server instances (Azure/AWS)
  • Hosted Applications
  • Storage Solutions such as SharePoint, OneDrive, and Google Drive
  • Backup Storage Solutions

➢ Typical cost drivers

  • Growth of storage space
  • Performance Needs
  • Backup Retention Period
  • Legacy Hosted Applications

➢ If you understand it

  • Surprise reached out of Storage Limits
  • Performance Issues (Slow Applications)
  • Loss of Resilience options for Recovery
7) Compliance & risk management

➢ What it covers

  • Preparation/Certification for Cyber Essentials (where necessary)
  • Security policy preparation (basic level)
  • Audit assistance and Proof Collection
  • Assistance with completing insurance questionnaires (time)
  • Cyber Essentials is a UK Government supported scheme and the fee for certification will differ according to the Size of your Business; IASME has an FAQ which shows a typical cost of assessment, based on how many employees you have, i.e., Micro, Small or Medium.

➢ Typical cost drivers

  • Whether you want to be certified or simply aligned
  • Complexity of your Environment
  • External Audits or Client Questionnaires
  • Incident Response Preparedness

➢ If you understand it

  • Your business will lose contracts because you lack the necessary requirements.
  • You will experience long and painful audits.
  • You will suffer a greater level of disruption during incidents.
8) Training & staff awareness

➢ What it covers

  • Security Awareness -*Phishing*; Safe Handling of Data
  • IT Awareness (induction of new hires)
  • Role-Based Training-Teams; SharePoint; CRM

➢ Typical cost drivers

  • Level of Staff Turnover
  • Type of Training: Annual or Ongoing Micro Training, etc.
  • Risk of Training: Finance, Law, Medicine

➢ If you understand it

  • Increase in Human Error
  • Increase in Support Tickets
  • Low Usage of Licensed Software
9) Projects & upgrades

➢ What it covers

  • Email/Files/Transfer Migrations
  • Implementation of New Systems
  • Used/Upgraded Network/Wireless Capabilities
  • Placing Devices into Production/Distribution
  • Multifactor Authentication/How-to-access for Personnel!
  • Improving Existing Business Processes through Automation.

➢ Typical cost drivers

  • The complexity associated with the number of files transferred.
  • Although the company has developed additional locations the office has not yet relocated.
  • Legacy Clean-up of Older Devices/Systems.
  • Time associated with the establishment of a new testing and training process.

➢ If you understand it

  • Will increase your technical debt.
  • Will make temporary solutions permanent.
  • Will require a substantial technical upgrade (which will also incur substantially higher costs).

Practical budgeting tip:

Keep an annual roadmap of upcoming projects (what would you consider “necessary”, “recommended” and “possible”).

10) Contingency & unexpected costs

➢ What it covers

  • Replacement of Emergency Items
  • Immediate Consulting Services
  • Assistance with Incident Response
  • Unforeseen Upgrades of Small Items (For Instance, Expansion of Current Storage).

➢ Typical cost drivers

  • Age of Devices
  • The Security Posture of the Organisation
  • The Stability of Suppliers
  • Employee Turnover

➢ If you understand it

  • Unexpected Budget Surprises and Delayed Approvals
  • Risky Shortcut Strategies (e.g., “We will simply wait until next year” to deal with it.)
  • Downtime while you wait for approvals

Rule of thumb:

Add a Contingency Fund (typically 5 to 15 percent, depending on the level of maturity of the IT Operating Expense).

CapEx vs OpEx

  • CapEx is typically “buy once” (hardware, one-off setup projects).
  • OpEx is ongoing monthly/annual (support, licences, connectivity, backups).

Why it matters: finance teams can plan cash flow and avoid surprise spend.

12-month sample budget breakdown

Example: 25-user UK SME (illustrative only)

Below is a sample structure (you can adjust values). This is designed so a finance team can copy it into Excel.

Category Monthly (OpEx) Annual (OpEx) Annual (CapEx / Projects) Notes
Software & licences £X £X M365 + core apps
IT support (managed) £X £X Per user/month
Cybersecurity tools/services £X £X EDR + backup + monitoring
Connectivity (internet/VoIP) £X £X Include failover if needed
Cloud/hosting £X £X Storage/hosting
Training/awareness £X Annual + new starters
Hardware replacement £X Planned refresh
Projects/upgrades £X Migration / improvements
Compliance/risk £X CE prep/cert if relevant
Contingency £X £X 5–15% depending
Common budgeting mistakes & risks
  • Limiting the Budget to Just Laptops and Microsoft 365
  • Not Allocating for Replacement Devices (Re-Active)
  • Thinking of Cyber Security as a One-time Cost
  • Not Budgeting for Test Backups & Incident Support
  • Comparing IT Support without Identifying the Scope of Each Quote
  • Not Considering License True-Ups (Pay to Replace Employees)
  • Not Having a Contingency Fund
  • Projects Not Planned (Become Emergencies)
  • Lack of Ownership of the Budget Review Process
  • Making the Assumption that “Cloud = No IT Work”

FAQs

It varies significantly by sector and maturity, although many standards suggest 3% - 6% of revenue. This percentage should be viewed as a guideline rather than a target.

IT accounts for a percentage of revenue depending on how much of a dependence you have on IT and how much risk there is. Professional services firms may occupy the high end of this scale, while the low-tech microbusiness may fall at the lower end.

Generally, yes. Remove unused licenses, standardise devices, lessen the reactive impulse of ad-hoc firefighting by using managed maintenance services and optimise existing tools before purchasing new ones.

Fixed OpEx (managed support and subscription/license fees) allows businesses to mitigate unexpected expenses but requires maintaining a separate project/contingency fund.

You should budget for the minimum standard cybersecurity controls (multi-factor authentication, updates and patches, and endpoint protection), backup, restore testing, and how alerts will be monitored.

CapEx consists of most capital-intensive projects or one-time purchases, while recurring services or subscriptions fall into the OpEx category.

Monitor your number of active licenses, your patching status, your backup reliability, the replacement plan for your computers, and your project roadmap.

The appropriate percentage may range from 5 to 15% of your total OpEx based on the maturity of your organisation and the amount of change being experienced.

About This Guide

This guide is written by Computer Support Centre for UK small and medium-sized businesses that want a clear, realistic way to plan and control IT spending. It explains what an IT budget actually includes, where costs typically sit for SMEs, and how to avoid under-budgeting or reactive IT decisions.

The guide is based on our real-world experience supporting UK businesses and focuses on practicality, not theory, helping business owners and managers make informed budgeting choices without technical or financial jargon.

Conclusion

A properly structured and developed IT budget helps to eliminate unexpected costs, reduce risk, and provide support for growth to SMEs in the UK. By understanding the sources of IT expenses and differentiating between essential and discretionary expenses, as well as regularly reviewing IT budgets; SMEs can move away from a reactive (fixing after the fact) approach to IT spending and advocate predictability and controllability around IT expenses. An IT budget is about being more intelligent in the way you spend, not necessarily about spending more.