SMEs Fall Short on AI Cyber Security Training Despite Rising Risks

The surge in artificial‑intelligence tools has transformed how small businesses market, serve customers and automate routine work. Yet the same technology opens new attack vectors, and recent high‑profile incidents at Marks & Spencer, The Co‑op and Pandora illustrate that sophisticated threats are no longer confined to large enterprises. For SMEs, limited budgets and staffing mean they are often the weakest link, making them attractive targets for phishing and business‑email‑compromise campaigns that now average eleven attempts per year.

A Moneysupermarket poll of 250 owners of firms with 1‑49 employees reveals a stark training gap: just one in ten SMEs offers AI‑focused security education, while 44% fear that unchecked AI use will heighten their cyber risk. The financial stakes are high—research estimates a typical breach costs roughly $127,000 in lost revenue and regulatory fines, and one‑in‑five SMEs could be forced to shut down within three months of an incident. Compounding the problem, the UK cyber‑skills shortage has risen about 8% year‑on‑year, leaving many owners without clear guidance on safeguarding AI‑driven workflows.

To bridge the divide, SMEs should adopt a layered, cost‑effective defense strategy. Basic hygiene—strong, unique passwords, multi‑factor authentication and regular patching—provides a solid foundation. Short, recurring awareness sessions can dramatically reduce human error, the most common breach catalyst. Specific AI policies that define approved tools, data handling rules and usage limits further tighten security. Affordable solutions such as endpoint protection, secure cloud services and automated backups deliver robust protection without breaking the bank, while a documented recovery plan ensures rapid business continuity after an incident. By prioritising these steps, SMEs can reap AI’s benefits while mitigating the escalating cyber risk.