A new survey has revealed a concerning gap in cybersecurity preparedness among UK small businesses as only 10 percent provide staff with AI security training despite widespread fears about emerging threats. The MoneySuperMarket survey of 250 UK sole traders and SMBs with 1 to 49 employees found that 44 percent of small business owners worry that using AI without proper safeguards exposes them to cyber threats, and one in five say they would feel unprepared if targeted by a cyber attack.
Scotland Leads Regional Adoption Interest
Scotland leads regional AI adoption interest at 50 percent, ahead of the South East at 48 percent and South West at 43 percent, while Wales and Yorkshire lag at 20 percent. Scotland also ranks highly in cybersecurity concern with 60 percent worried about AI related risks, suggesting Scottish SMBs are paying more attention to both sides of the AI deployment trade-off.
Training Gap Exposes Vulnerabilities
The data quantifies a gap that enterprise readers have suspected with SMBs interested in AI but lacking the operational maturity to deploy it safely. The findings come as the wider UK business community grapples with rising cyber incidents. The UK Cyber Security Breaches Survey 2025 to 2026 shows 43 percent of businesses and 28 percent of charities reported a cyber incident in the past year.
Implications for Security Vendors and Policymakers
For UK SaaS vendors selling into the SMB market, the survey is a clear procurement signal as built in compliance and security defaults matter more than configurable controls. For the National Cyber Security Centre and CyberFirst, the gap between SMB AI adoption interest at 36 percent and SMB AI security training provision at 10 percent is exactly the kind of measurable gap that targeted interventions such as published baseline guidance, free Cyber Essentials Plus uplift, and simplified training resources can close in months rather than years.
Wider Security Training Challenges
The AI training deficit forms part of a broader cybersecurity skills challenge facing UK organisations. More than half at 52 percent of UK SME employees have received no cybersecurity training, and more than a third of UK SMEs at 38 percent invest less than 100 pounds a year in cybersecurity. Security experts warn that as AI tools enable attackers to craft increasingly convincing phishing messages and impersonation attempts, the lack of staff training leaves small businesses particularly vulnerable to evolving threats that target human rather than technical weaknesses.