In early 2025, the cyber threat landscape for SMEs has shifted dramatically, with AI-enhanced attacks making national headlines and exposing just how vulnerable smaller businesses have become.
Real-World Incidents Are Already Happening
In 2024, global engineering firm Arup lost the equivalent of £20 million when scammers used AI-generated deepfake video to impersonate the company’s CFO in a Microsoft Teams call. The attackers tricked an employee into transferring the funds during what appeared to be a routine executive meeting.
The same year, criminals impersonated WPP’s CEO Mark Read using WhatsApp and AI-generated video. They invited a senior leader to a fake virtual meeting in a bid to extract funds under the guise of a new business venture. Fortunately, that attempt was caught before any damage was done.
These examples aren’t isolated - they represent a disturbing trend that’s moving fast.
The AI Threat in Numbers
🎯 46% of cyberattacks now target SMEs
💸 Average cost of an AI-driven breach: £108,000
🎭 Deepfakes are now used in 1 in 7 targeted scams
🧑💼 86% of SME employees feel unprepared to spot AI threats
Nearly half of all cyberattacks now target small businesses, and average losses from AI-enhanced breaches have soared to over £100,000 per incident. For SMEs - where budgets and in-house expertise are often limited - the risks have never been greater.
Why Are AI-Driven Threats Keeping SME Owners Awake at Night?
AI Makes Attacks More Sophisticated
Gone are the days of obvious phishing scams. AI now enables attackers to craft messages that are context-aware and tailored to your business, making them far harder for employees to spot and resist.
Deepfake Technology Raises the Stakes
With AI-generated audio and video, attackers can convincingly impersonate executives or trusted partners, tricking staff into transferring funds or sharing sensitive data.
Attackers Move Faster
AI can scan for vulnerabilities and launch attacks at a speed no human can match, adapting in real time.
The Skills Gap is Widening
Most SMEs don’t have dedicated cyber experts, making it difficult to keep up with the pace and complexity of AI-driven threats.
Employee Anxiety is Rising
86% of UK SME employees say they’re more worried about cyber risks than they were a year ago, and most don’t feel confident identifying AI-generated threats.
Case Study: How One Click Can Cost Thousands
Imagine a UK-based SME, TechNova Solutions, receiving an urgent email from their supplier requesting a payment to a new bank account. The email sounds authentic - same tone, same formatting. It was generated by an AI phishing tool using scraped email history and language patterns.
Acting quickly, the finance manager approves a five-figure payment.
Only days later does the company realise the supplier never changed their banking details - and the funds are gone.
What’s at Stake?
💸 Financial Loss: SMEs are losing billions each year to cyberattacks, and AI is accelerating the damage.
🤝 Reputation and Trust: One breach can undo years of brand-building.
🚨 Operational Disruption: A severe attack could shut your business down within days.
What Can SME Leaders Do?
At ITbuilder, we believe cybersecurity is about more than just technology - it’s about people, process, and partnership. Here’s our advice:
✅Adopt a Proactive Security Mindset. Antivirus alone won’t cut it. Invest in multi-layered, AI-ready tools.
✅Regular Training and Awareness. Your people are your front line. Make sure they know what a deepfake looks (or sounds) like.
✅Partner with Experts. If you lack in-house talent, work with a trusted IT partner who understands your risks.
✅Test and Review. Use pen testing and simulated attacks to identify weaknesses before a criminal does.
✅Plan for the Worst. Build a strong incident response plan. If the worst happens, you’ll be ready to recover quickly.
“Security is always top of our agenda and we have a dedicated team for this – so whether it’s putting in place the right measures, or dealing with the aftermath of a breach, we can help get your business up and running and staying secure.”
— James Naylor, Managing Director, ITbuilder
Is Your Business AI-Ready?
Take 60 seconds and ask yourself:
🤖 Do my staff know what a deepfake email or video might look like?
🚨 Would we spot a fake invoice before it’s too late?
🛠️ Is our IT setup built to respond in real time to an evolving threat?
🛡️ Do we have a recovery plan if we were hit tomorrow?
Now, if you're unsure about any of these, don’t wait for a breach. Let’s assess your current defences and identify practical next steps to strengthen them.
👉 Book a free, no-obligation consultation now!
References:
- Cyber Security Breaches Survey 2025 - GOV.UK
- AI threats top concern for UK SMEs' cybersecurity in 2025 | SecurityBrief UK
- SMEs: our solutions against cyberthreats in 2025 - Tyrex Cyber
- Cyber Threats in 2025: Why Businesses Must Stay Ahead of the AI Curve | SCCI
