A small accountancy practice in the north of England adopted three AI tools in six months. By the time someone asked where client data was actually going, the firm had an AI-connected email triage system, a document summariser plugged into their cloud drive, and a scheduling assistant with access to the CRM. Three tools, three APIs, and three places where a bad actor could reach in. The cyber risk had grown without anyone planning it that way.
This is the pattern playing out across service businesses that have moved quickly on AI adoption. The tools are live. The governance has not kept pace.
What makes an AI-first service business a different cyber target?
When a service business runs AI across its delivery stack, it doesn’t just add more software. It creates APIs, agents, and data connections that expand the attack surface in ways standard cyber hygiene wasn’t designed to address. Fastly’s 2025 research found that 34% of AI-first organisations reported AI use created a security oversight or blind spot that contributed to their last incident, versus 20% of non-AI-first organisations.
The gap comes from how AI connects systems. A tool that triages email needs inbox access. One that summarises documents needs drive access. One that drafts proposals needs CRM access. Each connection is a new exposure point, and in many small firms those connections are configured once, on admin-level permissions, and never reviewed again.
Shadow AI amplifies this further. Staff who adopt tools informally, and research consistently shows that many do, create data flows the business doesn’t know exist. An employee using a free-tier AI assistant to draft client summaries has likely handed that client data to a third-party system. Whether the tool’s terms permit model training on that data is a question many firms never think to check.
Why does this matter even for small service firms?
The UK government has stated clearly that cyber risk from AI belongs at the top of the organisation, not delegated to IT. An open letter on GOV.UK advises smaller businesses to treat cyber security “at the very top” and points them to the NCSC Cyber Action Toolkit and Cyber Essentials as the practical starting point. Company size doesn’t determine exposure; the data you hold and the tools you connect to it do.
A 2026 UK readiness survey found that 59% of respondents identified data loss prevention as the single biggest area of increased risk from AI-enabled attacks. For service firms, data loss typically means client information. That is a regulatory exposure, a reputational one, and in many cases a contractual breach, arriving at the same time.
UK GDPR and the Data Protection Act 2018 apply regardless of business size. If AI tools process personal data, a lawful basis is required, appropriate safeguards must be in place, and the purpose must be clear. The ICO has published dedicated guidance on AI and data protection, and it does not include a small-business exemption.
For firms serving regulated financial clients, or sitting within a regulated supply chain, the FCA’s operational resilience regime is also relevant. It requires identification of important business services, setting of impact tolerances, and testing under severe but plausible disruption scenarios. A cyber incident that takes AI-connected systems offline is a service delivery problem before it is a technology one.
Where will these risks actually show up?
For many service SMEs, the AI risk surface concentrates in four areas: the APIs connecting your tools to existing systems, the identities with access to those systems, the data flowing between them, and the staff behaviours that policy hasn’t yet caught up with. Fastly’s research identifies agentic discoverability, API security, and web application firewalls as the three leading investment priorities for AI-first organisations managing these exposures.
API risk is probably the most underestimated. Every integration between an AI tool and your systems creates a connection that can be exploited if API keys are stolen, tokens aren’t rotated, or access scopes are broader than needed. Many small-firm integrations are configured with admin-level access for convenience and then left unchanged for months or years.
Identity is where attacks most often succeed in practice. Multi-factor authentication, least-privilege principles, privileged access review, and step-up verification for high-stakes actions are consistently more valuable than niche AI-specific security add-ons. The UK government’s open letter on AI cyber threats makes this point plainly: get the basics right first.
Data loss prevention deserves its own attention. When staff paste client files, CRM records, or draft proposals into AI tools, that data goes somewhere. On a free tier, it may train future model versions. On a paid tier, retention policies vary by provider. The practical question for a service firm is whether there’s a documented policy covering what staff can and cannot feed into AI tools, and a lawful basis for what they do feed in.
When should you act on this, and when can it wait?
The NCSC’s consistent position, backed by the UK government’s open letter, is that basic controls come first, well ahead of specialist AI security products. That means Cyber Essentials certification, multi-factor authentication across all accounts, patch management, tested backups, and supplier due diligence before adding any new AI vendor. These fundamentals protect against the overwhelming majority of real incidents and are more cost-effective than any niche AI security tool.
The inventory question is the second priority. Before you can address your AI-specific exposure, you need to know what it is. That means mapping every AI touchpoint in the business: the tools your team uses, the APIs they connect to, the data they access, and who approved each one. Shadow AI sits in this gap. The inventory reveals it.
Supplier due diligence applies to AI vendors in the same way it applies to any supplier handling client data. The questions that matter: where is data stored, whether it’s used to improve the model, what logging exists, and how incidents are notified. These questions apply equally to AI features embedded in mainstream platforms. Microsoft Copilot, Google Workspace AI, and Salesforce Einstein all carry the same need for a documented answer.
For firms not yet handling significant personal data volumes and using only well-established SaaS platforms, the urgency is proportionately lower. The baseline is still Cyber Essentials and a written AI policy covering data handling. The escalation path is identity controls, supplier due diligence, and DLP monitoring, in roughly that order.
What else connects to this?
Cyber security for AI-first businesses overlaps with several other governance areas worth understanding. UK GDPR and the Data Protection Act 2018 set the legal baseline for any AI processing personal data. The EU AI Act adds obligations for businesses operating in or serving customers in the EU. The ICO’s AI and data protection guidance is the UK-specific starting point and is updated as practice develops.
If your firm serves EU clients, the EU AI Act may impose governance and transparency obligations depending on your use case and the role you play in the AI supply chain. And if you make claims about AI-enabled security, reliability, or performance in your marketing, the CMA’s consumer protection guidance applies. Unsubstantiated claims are an enforcement risk, not just a credibility one.
The practical next reads in this catalogue are the AI vendor due diligence sheet, the four-tier data classification framework, and the minimum viable AI policy for small businesses. Cyber risk runs as a thread through all three: it shapes which supplier questions matter, how you classify data before feeding it to a tool, and what your written policy needs to cover.
The NCSC Cyber Action Toolkit is publicly available, free, and designed specifically for smaller organisations. For a service firm that has moved quickly on AI adoption without building the governance to match, it is the most cost-effective starting point available.
