Founder Playbook
SaaS
Cost
SME
Security
Founders

Where SaaS actually costs UK SMEs the most — and it isn't the bit on the invoice

HA

Henry Addico

November 20, 2025
Where SaaS actually costs UK SMEs the most — and it isn't the bit on the invoice

Ask a founder what their software costs and they'll quote the credit-card statement. Ask them what their software is actually costing the business, and the answer gets fuzzy fast.

We pulled the numbers — UK first, with US and EU comparisons — to answer one question: of the things that could be hurting a 10–50 person UK business running on SaaS, which one is the biggest? Is it the licences, the fragmented data, the security work, the hosting, the plugins, or something else entirely?

The short answer surprised us. Here it is.

The ranking

For a typical UK SME, in order of how much it really costs you in a normal year:

  1. Licence sprawl — too many tools, too many unused seats. Biggest single line item, and the one that quietly funds the next four.
  2. Fragmented data — the cost of your tools not talking to each other, paid in staff time and bad decisions.
  3. Security and the "SSO tax" — small most years, brutal in the year you get hit.
  4. Hidden admin — onboarding, offboarding, renewals, shadow IT, switching costs.
  5. Cloud hosting — only really matters if you build your own product.
  6. Plugins and marketplace add-ons — real, but rarely the headline.

And the single biggest finding: the things at positions 2, 3 and 4 are mostly caused by position 1. SaaS sprawl is the parent problem. Everything else is downstream.

1. Licence sprawl is the elephant

UK companies spend on average around £165,000 a year on SaaS, across 27 active subscriptions (Cledara, 2024). For a 20-person business that's £8,000+ per head before anyone has written a line of code.

The kicker: about 40% of those licences go unused in any given month (Productiv, State of SaaS 2024). Earlier data put it at 53%. That's anywhere from £15,000 to £70,000 a year of pure dead spend for a typical UK SME.

Sprawl isn't just unused seats. It's two CRMs because sales and marketing each bought one. It's three project tools because every team picked their favourite. It's the Notion someone set up that has 90% of the same content as the Confluence nobody can close.

You don't get this in a single big bill. You get it in 30 small ones.

2. Fragmented data is the invisible tax

When your CRM, your billing tool, your support inbox, your fulfilment system and your spreadsheet all hold a slightly different version of "who your customer is", someone is paying to reconcile that. That someone is usually your ops lead, your finance lead, or you.

McKinsey and IDC have repeatedly estimated that knowledge workers spend 20–30% of their day looking for, reconciling, or recreating information that already exists somewhere in the business. For a 20-person team on £40k average salaries, that's £160k–£240k of friction a year — almost none of which appears on any invoice.

The integration tools meant to fix this (Zapier, Make, native connectors, custom developer time) typically cost a UK SME £5k–£40k a year. That's the visible bit. The invisible bit is much bigger.

3. Security: small most years, brutal in the year it hits

The UK government's Cyber Security Breaches Survey 2024 is blunt: half of all UK businesses were hit by a breach in the last 12 months, rising to 58% of small businesses (10–49 staff) and 70% of medium ones. The average cost of a single breach was £1,205 — modest at first glance.

But the same survey says 53% of UK businesses are being attacked at least once a month, and a third weekly. The cumulative cost is multiples higher than the headline. And the worst-case — a real ransomware event, a supplier compromise, a data leak that gets you an ICO knock at the door — can be company-ending.

Then there's the "SSO tax". Single sign-on is the standard way to give your team one secure login across all your tools. Many SaaS vendors lock SSO behind their most expensive tier — a recent industry index tracks a median 150% upcharge to turn it on. For a UK SME running 5–10 tools that need SSO, that's easily £20k a year of pure security-premium spend you'd rather not pay but probably should.

Frame this honestly: the expected annual security cost for a 20-person UK SME is £5k–£30k. But the risk-adjusted cost — averaging in the year nothing happens with the year something does — is much higher.

4. The hidden admin tax

Every tool needs a champion, a payer, a renewer, an onboarder and an offboarder. Multiply by 27 subscriptions and you have a job.

BetterCloud's 2024 State of SaaSOps found that 65% of apps in the average company are unsanctioned shadow IT — bought on someone's card, never sanctioned, not visible to finance or IT. Cledara's field data suggests SMEs typically burn half to a full FTE across finance and ops just running the SaaS estate once they pass ~25 tools. At UK loaded-cost rates that's £25k–£60k a year of pure overhead.

And switching costs are real. The pricing reshuffles at HashiCorp, MongoDB and Atlassian in the last two years have forced unwanted migrations on small businesses with no leverage. Lock-in isn't theoretical; it's the friction of getting your data out and your team retrained.

5. Cloud hosting (only if you build your own product)

If you sell a SaaS product yourself, your AWS or Azure bill is a real line. Flexera's State of the Cloud 2024 says organisations waste 27–32% of cloud spend on idle or over-provisioned resources, and managing cloud spend is the #1 cloud challenge for the second year running.

If you don't build your own product — most agencies, e-commerce shops on Shopify, services businesses — hosting is a rounding error. Skip the chapter.

6. Plugins and add-ons

Shopify apps, WordPress plugins, HubSpot marketplace bits, Slack apps. Usually 5–15% of total software spend and rarely the headline cost. But they're a warning sign: a stack heavy on third-party plugins is almost always a stack heavy on sprawl, version-lock and security exposure.

The thing the data really says

Five of the six categories are partly caused by the first one. Sprawl is what makes licences expensive (you bought too many), data fragmented (they don't talk), security harder (more surface area, more SSO upcharges), and admin heavier (more renewals, more onboarding, more shadow IT).

So if you're going to fix one thing this quarter, fix sprawl. Everything else gets easier.

A 60-second self-check

Five questions. Be honest.

  1. Could you, in under 10 minutes, produce a list of every SaaS tool the business pays for?
  2. Do you know what percentage of seats on your top 5 tools are actively used each month?
  3. If a key person left tomorrow, do you have a written process to revoke their access across every tool?
  4. Can you get one number — say, monthly recurring revenue — without manually combining two systems?
  5. Are your security-sensitive tools (anything with customer data, code or money) behind single sign-on?

Three or more "no"s and you're paying for sprawl, fragmentation, security risk and admin overhead simultaneously. The good news: one project usually fixes all four.

Plain-English glossary

  • SaaS — software you rent monthly or yearly instead of buying. Think Slack, HubSpot, Xero.
  • SaaS sprawl — having more SaaS tools than you can name, manage or get value from.
  • Single sign-on (SSO) — one secure login that gets your team into all your tools. Better security, less password chaos.
  • iPaaS — "integration platform as a service". The middleware (Zapier, Make, Workato) that gets your tools talking.
  • Shadow IT — tools your team is using that finance and IT don't know about.
  • Cloud egress — what AWS or Azure charge you to move data out of their network. Often surprising on the bill.
  • Lock-in — how hard it is to leave a vendor once you're on it. Usually measured in weeks of pain.

Where to start

If this rings any bells, the fastest way to size the problem in your own business is a short, structured conversation rather than a six-month consulting engagement.

  • An Expert Session (£50, 30 minutes) is enough time to walk through your stack and pick the one change with the biggest payback.
  • Our Founder Confidence Loop is the longer engagement for founders who want a single view of their software, their data and their security — without hiring a CTO.

No hard sell — bring your credit-card statement and a list of your tools, we'll do the rest.

Sources: DSIT Cyber Security Breaches Survey 2024; Cledara 2024–2026 SaaS spend data; Productiv State of SaaS 2024; BetterCloud State of SaaSOps 2024; Flexera State of the Cloud 2024; Zylo SaaS Management Index 2024; Vendr SaaS Trends Report 2025; McKinsey and IDC information-worker studies. Full memo with citations: docs/saas-cost-research-2025.md.