The rapid advancement of artificial intelligence (AI) in the last few years has helped small businesses in many ways – from marketing and customer service to automating routine tasks and analysing data more efficiently.
However, the rise in AI technology also means that there’s been a greater number of cyber attacks on businesses across the UK, with even long-standing giants like Marks & Spencer, The Co-op and Pandora being hit by increasingly sophisticated threats last year that both disrupted operations and led to significant financial losses.
Naturally, this has caused significant anxiety among founders and small business owners, yet a new survey by Moneysupermarket reveals that just 10% of SMEs offer AI security training to employees – highlighting a widening gap between AI adoption and what’s needed to use it safely.
The ongoing risk of cyber attacks for SMEs
Big names being targeted by cyber attacks means that smaller businesses with fewer resources are especially vulnerable to increasingly sophisticated cyber threats.
According to the latest government figures, 43% of businesses reported cyber breaches or attacks in the last 12 months – equating to around 612,000 firms. It also reported that while medium and large businesses were more likely to have experienced this, 42% of micro businesses and 46% of small businesses also reported a breach or attack during the same period.
In terms of the most common types of cyber attacks, Bridewell’s Cyber Security in CNI Report 2026 reveals that phishing and business email compromise (BEC) are used the most to target businesses, with organisations experiencing an average of 11 phishing or BEC attacks per year.
Meanwhile, research by Samsung found that one in five SMEs would have to close down within three months if they experienced a cyber breach, while a cyber security attack would cost them a combined £100k annually in lost revenue and fines.
Stephen Libby, former cybersecurity expert and recent winner of the BBC show The Traitors, told the phone manufacturer that “a single incident can disrupt operations or even force businesses to close”, and that it’s “crucial that businesses make sure they’re using devices with strong built-in security and privacy protections to keep sensitive information safe.”
Small businesses are falling behind in AI security training
Unsurprisingly, the high number of cybersecurity-related incidents has left many small businesses worried about their ability to protect sensitive data, maintain business continuity, and respond effectively if they become the next target of an attack.
In a survey of 250 sole traders and business owners with 1-49 employees, Moneysupermarket found that 44% of respondents are concerned that adopting AI without adequate safeguards may leave their businesses more exposed to cybersecurity risks.
However, it also found that just 10% of SMEs are providing staff with AI security training. Concerningly, one in five respondents also reported that they’d feel underprepared if their business were targeted by a cyber attack.
This gap boils down to a few things. Many small businesses simply don’t have the time, budget, or specialist staff to prioritise cyber security training, especially when day-to-day operations already stretch their resources.
Additionally, the skills gap in cybersecurity – reported to be up 8% year-on-year in late 2025 – means many business owners are lacking clear guidance on how to safely integrate AI tools into their workflows, which can lead to inconsistent security practices rather than structured measures.
How can businesses strengthen their cybersecurity?
Businesses should focus on building stronger cyber resilience in manageable steps, rather than trying to overhaul everything at once.
For example, using basic cybersecurity practices, such as using strong and unique passwords, enabling multi-factor authentication (MFA), and regularly updating software to close any security vulnerabilities.
Training is also essential. Even short and regular awareness sessions can help employees recognise any suspicious emails, unsafe links, and social engineering tactics. Human error is often the weakest link, so improving day-to-day awareness can have a significant impact.
As for AI technology specifically, businesses should introduce clear policies on how tools should be used, what data can be shared, and which platforms are approved (such as ChatGPT, Claude, and Gemini).
Finally, small businesses don’t have to spend a fortune on security, as affordable tools like endpoint protection, secure cloud services, and automated backups can help protect information efficiently without a hefty cost. Having a recovery plan is just as important as prevention, as it ensures the business can quickly recover if an attack does happen.
