Security Strategy, Plan, Budget, AI/ML, AI benefits/risks

Small businesses falling behind in AI-powered cyber defenses

A futuristic padlock with binary code and the text "AI" floating in the center, symbolizing secure data

(Adobe Stock)

A new study of small and medium-sized businesses (SMBs) by CrowdStrike found that only 11% of SMBs surveyed have adopted AI-powered defenses.

According to the May 5 research, the smallest businesses are falling behind: Among SMBs with fewer than 50 employees, only 47% report having a security plan in place, and more than half allocate less than 1% of their annual budget to cybersecurity.

“SMBs are increasingly aware of the cyber risks they face, but remain vulnerable to modern threats,” said Lisa Campbell, vice president of SMB at CrowdStrike. “Many know they need stronger protection, but are held back by limited time, resources and expertise. They need solutions that are affordable and effective, without adding complexity — so they can turn awareness into action.”

The CrowdStrike research also pointed out that while 93% of SMBs consider themselves knowledgeable about cybersecurity risks and 83% report having a plan in place, just 36% are investing in new tools.

Cost concerns also drive decisions: The study found that 67% of SMBs prioritize affordability when selecting a cybersecurity tool, yet just 57% say they prioritize protection against advanced threats. And, only 6.5% believe their existing cybersecurity budget is sufficient.

Chen Burshan, chief executive officer at Skyhawk Security, said SMBs are in a challenging position: their security teams are often just one to three people — overextended and under-resourced.

Meanwhile, they face the same threat landscape as large enterprises.

AI is the great equalizer here,” said Burshan. “The right AI-enabled security tools can help these teams work smarter, not harder — automating detection, prioritizing the most critical risks based on their specific environment, and translating complex security findings into business-level insights. But most SMBs aren’t in the business of building AI security solutions, and that’s why adoption lags, despite growing awareness.”

Trey Ford, chief information security officer at Bugcrowd, pointed out that SMBs outside of hyper-growth definitely feel a squeeze and focus on time-to-market with facilities and administrative spend controls — leaving security under-staffed and under-funded.

Ford said priorities for the SMB need to start and remain with the foundational controls: inventory, patching, and application security tooling and partnerships with engineering.

“Single sign-on and multi-factor authentication matter,” said Ford. “Most small companies with minimal technical debt have already done this. Only pick services that support SSO, and mandate MFA.”

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Business Continuity Plan (BCP)Cost Benefit Analysis

You can skip this ad in 5 seconds