With a rise in the number of small businesses turning to Artificial Intelligence (AI) to operate day-to-day, the risk of cyber-crime continues to worry owners.

The latest small business report from Intuit QuickBooks revealed that more than two-thirds (68%) reported regular use of AI – which was up more than a quarter from 42% in July 2024. With an increase in those utilising all the digital tools at their disposal, comes the ever-present threat of online criminals.

A survey from commercial insurer NFU Mutual in 2025 found that threat was very much in the minds of small business owners. Two-thirds of those surveyed (67%) said they were concerned about cyber-attacks impacting their business, while nearly one in five called it one of the biggest threats to their businesses’ survival over the next five years.

The use of digital tools is a juggling act for small business owners, with the QuickBooks report showing that more than three-quarters said using AI made them more productive. However, AI use can increase digital risks, and NFU Mutual’s research found that nearly one in three of all small business owners surveyed said they had experienced a cyber attack or data breach, with half of these taking place within the past 12 months.

James Trevis, NFU Mutual’s cyber specialist, said: “Small businesses are increasingly reliant on digital tools and clearly AI is becoming part of everyday business for many.

“Given their size, many often lack the resources to effectively defend against cyber-crime, thus making them prime targets. While risk cannot be eliminated, it can be mitigated through positive action.

“This should include good cyber security hygiene – including two-factor authentication on critical applications – but also planning for the worst. Cyber insurance is a cost-effective measure to support response and recovery from an incident and many policies are full of preventative solutions and support for small customers.

“Taking action on the risk of cyber is not a luxury, for many small businesses it’s essential for protection.”

Commercial insurer NFU Mutual has highlighted the following digital technology that would be at risk for small businesses:

• The use of computers and software including email and other applications to communicate with customers, order materials and sell products
• Servers or digital storage facilities to hold customer and employee data
• A website to promote your business and sell products
• The use of online banking to transfer funds, purchase suppliers and receive payment from customers
• Internet connected devices – such as office computer networks, CCTV and lighting.

To help protect your small businesses, NFU Mutual recommends the following 10 steps:

1. Install a firewall and anti-virus software on all company devices and keep them updated
2. Use strong passwords – but crucially don’t use the same log in details or passwords across multiple accounts and services, always separate personal and business accounts
3. Implement Two Factor Authentication (Multifactor Authentication – MFA) – this is a simple method which requires two different methods to ‘prove’ your identity before you can use a service, generally a password plus one other method such as a text message or fingerprint
4. Ensure all software is up to date and kept updated on a regular basis
5. Back up your files and data weekly and store on a separate, secure device
6. Educate employees around cyber-crime, including how to spot potentially dangerous or fraudulent emails or websites
7. Make sure factory set passwords such as those on hardware like routers and other connected devices are changed periodically and equipment is set up with security in mind
8. Where appropriate, use a Virtual Private Network (VPN) when allowing employees access to company systems remotely. Ensure this too is protected by Two Step Verification
9. Don’t neglect physical security – ensuring all company devices are securely stored and locked away when not in use is just as important.
10. Have a Business Continuity Plan (BCP). This should outline the steps necessary to respond to a cyber incident and help speed up recovery. Crucially this should include a list of vendors (IT, Legal etc) you can call upon at short notice. A cyber insurance policy can provide access to these specialists and pay their costs.