AI threatens SMEs’ cybersecurity – is cyber insurance the answer?

Data from 14 different nations has revealed a clear trend: SME owners are seeking out professional advice on cyber insurance, with a significant proportion driven to do so by rising fears around new technology, specifically AI.

With cybersecurity a growing concern for small business owners, media coverage of high-profile cyber attacks against the Co-op, M&S, and Pandora in 2025 has also fueled interest in cyber insurance.

What’s the risk to small businesses?

While reported cyber breaches against UK SMEs dipped from 718,000 businesses to 612,000 in 2025, it’s still true that over 40% of SMEs have experienced a cyber attack. 

As businesses scramble to get to grips with AI technology, they are also becoming aware of the potential risks, with AI empowering cyber criminals to launch low-cost, sophisticated, automated attacks at a higher frequency. In the wrong hands, AI can assist with sending phishing campaigns, generating deepfakes, and creating and deploying malware.

GlobalData’s 2025 SME Survey delved into why business owners were buying cyber insurance. While 39% of respondents said they did so because they were advised by a broker to, 35.8% said that they were interested in a policy because of the “increased risk posed by AI adoption” – making AI the second-biggest draw to cyber insurance, followed by media reports on cyber attacks (34.7%).

Beatriz Benito, Lead Insurance Analyst at GlobalData, commented: “The rapid spread of AI and its integration across all industries is making SMEs feel uneasy and anxious about the technology, perceiving that it may pose significant risk.”

The importance of using AI safely

As well as the threat from cyber criminals’ use of AI, adopting the technology in-house can also create vulnerabilities. Using third-party AI tools and software without properly vetting them could leave your business’s data at risk of being breached if the platforms you use are attacked.

Indeed, as well as being a barrier to growth for many UK entrepreneurs, the lack of AI literacy is a big cybersecurity risk. Research from KPMG revealed that 73% of Brits have received no AI training or education, while the Government’s SME Digital Adoption Taskforce report from summer 2025 revealed that many SMEs lack the confidence to adopt and use new digital and AI tools properly.

This data speaks volumes – many SME owners don’t know how to approach deploying AI, and crucially, don’t know how to protect against its risks and vulnerabilities. Therefore, educating yourself and your team in this should be the first step in safeguarding your business.

Can cyber insurance protect against AI attacks?

According to Benito, business owners are contacting their insurance broker because they want clarity in the face of this confusion.

Specifically, they want to know what protection they have against AI risks as the technology rapidly becomes part of their workflow and is adopted by the world at large. 

However, cyber insurance is not a catch-all solution. Many insurers are in the process of adapting their policies to cover specific AI risks, but SMEs need to be aware of the particular risks they should seek cover for, as they won’t find generic policies covering all possible AI threats. As Benito said: “Given that many standard cyber policies do not mention AI cover, there could be a gap between what clients expect from their policy and what it actually covers.”

She added that GlobalData’s findings should serve as a catalyst for businesses to contact their insurance brokers; and also for insurers to make sure that policies are affordable for SMEs and include specific cover for AI risk:

“SMEs may not always be able to afford the cost of a policy, or the technology (such as software upgrades) required by insurers. Given the high barrier to entry for SMEs, insurers should focus on developing policies covering just the risks that are most common to such businesses.”

Business owners must start interrogating what cyber protections they have in place, both in terms of technology and insurance, and ensuring they buy a policy that covers the risks most relevant to them. Meanwhile, the insurance industry needs to iterate fast to make sure that relevant policies that cover AI-related threats are accessible to all SMEs.