New Year, New IT Budget: What SMBs Should Prioritise in 2025

January is budget season. Before you copy last year's IT spend plus inflation, here's what actually deserves your money this year.

The Christmas decorations are down, the mince pies are finished, and finance is asking for your 2025 budget. If you're tempted to just copy last year's IT line items and add 5%, stop.

2025 brings specific IT priorities that weren't on the radar twelve months ago. Here's what deserves your budget this year.

Priority 1: Windows 10 Migration

Microsoft ends Windows 10 support on October 14, 2025. After that date, no more security updates. Your Windows 10 machines become increasingly vulnerable targets.

This isn't optional. It's a deadline.

Budget for:

• Hardware replacement for machines that can't run Windows 11
• Windows 11 Pro licences for compatible machines
• Migration time (data transfer, testing, user familiarisation)
• Potential software compatibility updates

Typical cost: £600-900 per device needing replacement, or £0-50 per device for in-place upgrade if hardware is compatible.

Priority 2: Email Security Enhancement

Phishing attacks grew 47% in 2024 according to industry reports. AI-generated phishing emails are increasingly convincing. Your spam filter from 2019 isn't keeping up.

Budget for:

• Advanced email filtering (Microsoft Defender for Office 365 or equivalent)
• DMARC/SPF/DKIM configuration (often a one-time cost)
• Phishing simulation and training programme
• Incident response planning

Why now: The cost of a successful phishing attack (ransomware, business email compromise, data breach) vastly exceeds the cost of prevention. One UK SMB in five experienced a cyber incident last year.

Priority 3: Backup Verification

You probably have backups. But when did you last test restoring from them?

We've seen too many businesses discover their 'backups' don't work when they desperately need them. 2025 should be the year you move from 'we have backups' to 'we've tested our recovery'.

Budget for:

• Quarterly restore testing (often included in managed services)
• Offsite/cloud backup if you're still relying on local drives
• Microsoft 365 backup (Microsoft doesn't back up your data)
• Documented recovery procedures

Priority 4: Staff Cyber Training

Your people are your biggest vulnerability and your best defence. Trained staff catch phishing attempts. Untrained staff click them.

Budget for:

• Regular security awareness training (monthly, not annual)
• Phishing simulations with immediate feedback
• New starter security induction
• Policy updates and communication

Tip: Training should be short, frequent, and practical. Hour-long annual sessions don't change behaviour.

What You Can Probably Reduce

Legacy software maintenance

Are you paying for support on software you barely use? Audit your software subscriptions. We typically find 15-30% waste.

Overspec'd licences

Microsoft 365 E5 for staff who only use email? Premium tiers on tools used for basic features? Right-size your licences.

Redundant tools

Two backup solutions running in parallel 'just in case'? Multiple video conferencing tools? Consolidate.

The Budget Conversation

When presenting your IT budget, frame it in business terms:

• 'Windows 10 migration' is 'maintaining security compliance'
• 'Email security' is 'preventing the average £50,000 ransomware payment'
• 'Backup testing' is 'ensuring we can recover from disaster'
• 'Staff training' is 'reducing our biggest security risk'

Costs are easier to approve when benefits are clear.

Getting Help

Not sure what your IT should cost? We offer free IT spend reviews. We'll look at what you're paying, what you're getting, and where there might be waste or gaps.

Book a free IT review