A founder running a small professional services firm tries an AI assistant to speed up client proposals. Within twenty minutes, the team is pasting briefing documents into it, nobody reads the terms of service, nobody checks whether data leaves the country, and nobody asks who can see the queries the tool retains.
Six weeks later, a client asks how their data is handled. Nobody can answer.
AI tools carry security risk, like every other piece of software connected to the internet. What matters is whether that risk is proportionate, well-understood, and covered by controls you actually have in place.
What is the security choice you’re actually making?
When a founder asks whether their AI tool is “secure enough,” there are usually two decisions hidden inside that question. The first is whether the tool itself is secure from external attack. The second, more commonly overlooked, is whether the way the firm has configured and deployed it creates risk from within. Both matter, but the second is where the majority of SME incidents occur.
The UK National Cyber Security Centre identifies three main risk vectors for organisations using AI: models can be attacked through techniques like prompt injection, AI tools help attackers scale phishing and fraud, and AI suppliers themselves become high-value third-party targets. Each of those requires a different type of control.
Paul Reynolds Cyber Security, drawing on analysis of 47 AI frameworks and SME incidents, found three recurring failure points in real deployments: lack of data protection protocols, absent access control auditing, and failure to integrate AI tools into existing compliance processes. All three are deployment failures rather than vendor failures. The practical risk sits with the firm, regardless of what the vendor’s marketing says.
SMEs often lack the IT governance infrastructure to catch these failures early. The typical pattern is a business that adopts a tool quickly, finds it immediately useful, and only discovers the access control gap when it causes a problem.
When is existing IT hygiene enough?
If an AI tool has no access to personal data, client records, or commercially sensitive documents, and staff are using it only for genuinely low-risk work like drafting generic marketing copy or brainstorming product ideas, then standard IT practice covers the main bases. A clear written policy defining what may and may not be pasted into the tool, backed by staff training, is the core control.
This applies cleanly to consumer-tier tools used for internal tasks well away from regulated data: prompts to summarise industry articles, generate social captions from scratch, or produce first-draft templates that staff then personalise.
The limit is that this approach depends entirely on staff discipline. Consumer-tier tools typically offer no audit logging, limited admin controls, and terms that may allow provider training on submitted content depending on your settings. If you cannot be confident that every person using the tool will always follow the data policy, the tool needs a more structured deployment. The UK Cyber Security Breaches Survey notes that 31% of businesses already outsource cyber security to external providers, a reliance that tends to extend to AI security without formal review.
When does AI need its own security review?
When personal data, client records, financial information, or any regulated or commercially sensitive material will pass through an AI tool, standard IT practice is not sufficient on its own. The ICO requires a Data Protection Impact Assessment for any AI use involving personal data, and the NCSC advises treating AI models and their data pipelines as high-value assets requiring explicit controls.
This threshold catches more situations than founders expect. Copilot-style tools that search across internal documents surface whatever those documents contain. A customer service AI connected to a CRM touches personal data with every query. A summarisation tool integrated with a shared document workspace processes everything in that workspace, not just the files you consciously selected for analysis.
The ICO’s AI and Data Protection Risk Toolkit guides organisations through a structured DPIA without needing specialist legal knowledge. An initial assessment can be completed in a few weeks for a typical SME if resourced properly, and the ICO explicitly encourages using the toolkit at design and testing stages rather than as a retrospective audit.
Enterprise-grade options such as Microsoft 365 Copilot and Google Workspace Gemini provide admin governance, role-based access control, audit logs, and data residency choices that consumer tools do not. The higher implementation cost is the trade-off for handling regulated or sensitive data with adequate safeguards.
What does it cost to get this call wrong?
The 2024 UK Cyber Security Breaches Survey found that 50% of small businesses and 59% of medium businesses experienced a cyber breach or attack in the last twelve months. For incidents with a material outcome, the median annual cost to a medium-sized business was £10,830. Those figures cover general IT risk; AI tools add their own specific exposure on top.
The Ticketmaster case makes the AI-specific risk concrete. In 2020, the ICO fined Ticketmaster UK £1.25 million after a compromised third-party chatbot on its payment page exposed payment details for up to 9.4 million customers. The ICO found Ticketmaster had failed to assess the risks of using an unreviewed third-party script on a payment page, and had not detected the breach for nine weeks. The same category of risk applies to any business embedding third-party AI components without a prior security review, regardless of scale.
On the regulatory side, the ICO can issue fines up to £17.5 million or 4% of annual worldwide turnover for serious UK GDPR breaches. The EU AI Act, which begins to apply from 2026, sets the highest tier of fines for prohibited AI practices at €35 million or 7% of global annual turnover. For any firm with EU market exposure, that timeline is already relevant to decisions being made now.
What should you ask before deciding an AI tool is secure enough?
Before deciding an AI tool is ready to deploy, run through six questions covering data, access, storage, contracts, monitoring, and oversight. If any cannot be answered clearly, the tool is not ready for live use involving sensitive data. The questions draw on the ICO’s AI and Data Protection Risk Toolkit, NCSC guidance, and SME security work from Clearpath Security and Paul Reynolds Cyber Security.
Ask what categories of data the tool will process: personal data, special category data such as health or financial records, client information, or commercially sensitive material. If any of those apply, a DPIA is required before the tool goes into use.
Ask who can access the tool and the underlying data sources, and whether permissions are genuinely least-privilege and role-based. Copilot-style tools will expose whatever access control misconfigurations already exist in your document environment. Clearpath Security consistently identifies this configuration step as the highest-value control available to an SME.
Ask where data will be stored and processed, whether residency is within the UK or EEA, and whether the vendor holds an independent certification such as ISO 27001.
Ask whether you have a written data processing agreement covering security obligations, sub-processors, breach notification timelines, and data deletion at contract end.
Ask how you would detect misuse or compromise: what logs are available, what alerts can be set, and whether your incident response plan explicitly covers AI-connected systems and data flows.
Ask whether automated decisions affecting individuals can be explained and challenged. The ICO expects significant decisions to have human oversight and a review route. The EU AI Act makes that mandatory for high-risk systems including credit scoring and employment screening.
Six questions with clear answers: if any of those answers are currently missing, that is where the security work starts.
