AI-driven cyberattacks hit small businesses hard
Artificial intelligence tools have transformed cyberattacks into sophisticated operations that cost small businesses an average of $254,445 per security breach, according to October 2025 data. Criminals deploy AI to create convincing phishing emails, fake voice messages and video impersonations that target companies with limited technology resources.
Human error causes 60 percent of data breaches, with phishing and stolen login credentials accounting for 73 percent of attacks against small and medium enterprises. Employees who use unauthorized AI platforms expose their companies to additional risks, as shadow AI breaches cost organizations $670,000 more than standard security incidents, according to IBM research.
Cybersecurity experts recommend four protective measures for businesses. Companies should require multi-factor authentication, deploy password managers, train workers to identify phishing attempts and maintain updated software systems.
Security professionals say awareness training matters more than expensive technology solutions. Organizations with regular security education see phishing reports increase to 72 percent, helping businesses build stronger defenses against evolving threats.
