There is a critical need for small and medium enterprises (SMEs) to integrate artificial intelligence (AI) into their cyber security strategies and conduct comprehensive assessments of their existing systems.
So says Samantha Hanreck, associate consultant for AI business strategy at the Cyber Security Institute, who was speaking at the ITWeb Security Summit 2025 this week.
In her presentation, she addressed how SMEs are frequently the most exposed to cyber threats due to limited resources, a lack of dedicated security teams, and an overreliance on traditional protections.
Hanreck raised a significant point, advising SMEs on the importance of fostering a culture of AI literacy to maximise the benefits of the technology.
Her presentation also addressed the challenges SMEs encounter with structured data management, which hinders effective AI adoption.
To mitigate these issues, Hanreck recommended that organisations evaluate their workflows and readiness for AI, sharing insights from experiences in guiding clients through identifying their needs and implementing automation tools to prepare for future AI integration.
This approach, according to Hanreck, aims to help SMEs stay competitive in the rapidly evolving AI landscape.
She spoke about the need to assess the current AI landscape and identify legacy tools that may need replacement, and ensure that SMEs have an updated AI policy in place.
Hanreck cautioned SMEs on the need to go and check:
- What is my ecosystem?
- What do I have in place right now?
- What tools are legacy tools that aren't going to embed AI that I might need to consider replacing?
- What tools have AI in our roadmap and strategy, and what is their compliance and my risk as a business using those tools?
“So there's a lot of going back to basics to try and understand how to go forward. It does feel a bit backwards, but I like to start at a starting point so that you can move forward rapidly.”
She went on to say: “SMEs are a massive target for cyber [attacks]. I think we need to understand that while AI is coming into play for us and against us, it's also going to increase our risk of being attacked. It also speaks to the statistic that 60% of businesses fail if they are attacked, and highlights the need to have 24-hour protection — because AI doesn't sleep…I think we need to understand that cyber security and AI go very much hand in hand, especially at the rate AI is exploding in the market at the moment.”
Share