Cyber Security Moves Up the SMB Agenda as AI Adoption Exposes Operational Gaps

IDC research cited in this article reports that over 80% of SMBs are unprepared or in the very early stages of readiness for AI-related cyber threats, despite rapidly adopting AI, SaaS, and third‑party services.[1] Nearly a quarter of surveyed SMBs have not implemented any dedicated protections for AI applications, leaving them exposed to risks such as data leakage, insecure integrations, and AI-driven attack automation.[1]

According to IDC research reported by ERP News, over 80% of SMBs are either unprepared or only in the early stages of readiness for AI-related cyber threats, even as they rapidly adopt AI, SaaS, and third‑party services.[2][4] The same research indicates that nearly a quarter of SMBs have not implemented any dedicated protections for AI applications, leaving them exposed to data leakage, insecure integrations, and AI-driven attack automation.[1][2] From a CyberSE.AI perspective, this reflects a systemic SaaS- and cloud-based AI risk posture problem, where externally hosted AI and ERP/SaaS tools are integrated without mature security governance, controls, or third‑party risk management. Practically, SMBs need structured AI security readiness assessments, CISO-level guidance, and formal AI policies to define data handling, integration security, and monitoring requirements for any AI or SaaS deployment before usage scales further.