Is the speed of AI development leaving UK SMEs struggling to plug security gaps?
Artificial Intelligence (AI) is perhaps one of the fastest evolving technologies in business today. For SMEs, it can be hard to keep up with these developments and sift through what’s simply noise, and what will deliver tangible business benefits.
As the UK data from our recent SME IT Trends report shows, embracing AI can help UK SMEs streamline operations, improve the admin and user experience, and stand out in a crowded marketplace. Without a doubt, choosing to ignore AI would be choosing to fall behind.
Every gain comes with a cost, however, and not surprisingly security and governance concerns are on the rise. AI presents as many opportunities for UK SMEs to improve their operations as it does for hackers to exploit them. Consequently, a quarter of UK SMEs have experienced an AI-generated cyber-attack in 2024. As with any new technology that falls into the wrong hands, this is a sobering reminder that security is not a destination, but an ongoing journey of continuous improvement every SME must focus on.
For now, UK SMEs must delicately balance AI’s potential with how to best implement it and realise value from the technology. The initial signs are good.
Increasing positivity from UK SMEs towards AI
There is a measurable increase in UK SMEs’ appetite to embrace AI compared to our Q1 2024 report. With this being a bi-annual survey, it’s interesting to see how rapidly general attitudes towards AI, adoption and predicted adoption, and how it can benefit business, is changing for the better.
Over three quarters (81%) of SMEs agree that their organisation should be investing in AI initiatives for IT, an increase from 70% in Q1 2024. Additionally, 75% view AI as a net positive versus 71% in Q1 2024. This optimism is impacting AI adoption amongst UK SMEs, with 34% of UK respondents planning to implement AI in the next six months. Encouragingly, just 9% of UK SMEs said they have no plans to implement AI.
Overall, UK SMEs are starting to embrace the idea of implementing AI into their tech stack, no doubt helped by AI’s increasing popularity. However, in classic British style, their optimism is guarded; 37% of respondents think that the potential impact of AI is the same as six months ago – albeit moving slower than they thought it would.
To avoid falling behind, IT admins within UK SMEs are recognising that they need to be increasingly efficient with their time and need AI to support their decision making and tasks such as content creation, where possible.
Show me the money!
AI’s popularity is being reflected in budget increases, with 33% of UK SMEs predicting that budgets will rise by 10-20% in the future, with the investment in expert IT security staff also slightly increasing. Both must increase hand-in-hand to simultaneously take advantage of AI’s efficiency gains, whilst guarding against AI-generated cyber-attacks.
Speed of AI development leads to security concerns
The dark side of AI is concerning UK SMEs. Almost half (44%) indicated they had experienced a cyber-attack in 2024, with 25% of UK SMEs attributing these to an AI-generated attack.
Unsurprisingly, this is why security is yet again the biggest primary challenge that UK SMEs are facing, according to 61% of surveyed respondents. Furthermore, 64% either agreed or strongly agreed that AI threats are outpacing their organisation’s ability to protect against AI, versus 49% who said this in the previous report.
UK SMEs are tackling this new problem head-on, with nearly three quarters (73%) considering themselves financially prepared to deal with a cyber-attack.
At the same time, 28% of UK SMEs believe their organisation will cut cybersecurity spending in the next year. This has led 69% of respondents to believe that any cuts will increase organisational risk, with 50% becoming more concerned about the business’ security posture in the last six months.
The explosion of generative AI tools, such as ChatGPT, in the last two years has led to an additional rise in ‘shadow AI’; the unsanctioned use of artificial intelligence. With IT teams always needing to do more with less, they may also not have the resources to adopt tools where Generative AI is already embedded and are instead choosing to operate GenAI solutions as standalone tools – further adding to the complexity and fragmentation of an SMEs IT tech stack.
Outsourcing support to managed service providers (MSPs)
The increased attack capabilities that AI presents may be why UK SMEs are planning to deepen their ties with MSPs in the next 12 months, with two thirds (66%) planning on increasing MSP investment.
This in-turn places the onus on MSPs to differentiate themselves, in terms of supporting UK SMEs with AI-enabled roll-outs, as the appetite to integrate AI into the business inevitably increases.
Adoption set to increase but strong governance is required
UK business leaders could fall behind in the AI revolution, posing a substantial risk to their business if they don’t invest in AI. With SMEs accounting for 99% of UK private sector businesses, UK SMEs need to be on-side for AI technologies to snowball in adoption – and cement the UK’s leading role in adopting and regulating the technology.
For now, AI has quickly become a formidable player for SMEs. Its rapid, yet measured adoption, poses significant ramifications – both positive and negative, delivering innovation and operational efficiencies but questions around security still looms large.
Ben Schreiner, SMB Head of Business Innovation at AWS2, perfectly crystalised the decision-making process that should be at the forefront of every UK IT admin, in regard to AI adoption: “Working backwards from a meaningful business or customer challenge and conducting a thorough ROI assessment is crucial to making an informed decision. That way, SMBs can be sure that the potential returns of generative AI justify their investment.”
Despite their worries, SME IT teams seem generally eager to embrace AI. They see it as a net positive for their organisation, and the vast majority of SMEs have plans to implement AI if they haven’t already. As ever, it’s a fine balancing act of adoption and investment, security risks, and achieving real-world outcomes and value from the technology that’s on everyone’s lips.