The integration of tools like ChatGPT, Gemini, and Claude brings immense power, but it also introduces new avenues for data leakage and sophisticated cyber attacks. Despite these growing fears, a dangerous gap is widening between AI adoption and the cyber security training required to use it safely.
Retail giants and large enterprises frequently make headlines for operational disruptions and financial losses due to cyber breaches but small and medium-sized enterprises (SMEs) are firmly in the crosshairs for hackers.
Threat actors are increasingly using generative AI to launch highly sophisticated, automated phishing and Business Email Compromise (BEC) attacks. These AI-generated communications are devoid of the traditional spelling errors and clumsy formatting that once made phishing emails easy to spot. As a result, businesses are experiencing an average of 11 targeted phishing or BEC attacks per year.
Recent industry research indicates that one in five small businesses would be forced to close within three months if they experienced a significant cyber breach, with average annual costs in lost revenue and fines reaching up to £100k.
Where are common gaps in AI security training?
Given the rising stakes, the anxiety among founders and operations directors is real but there seems to be a disconnect between fear and action. According to a recent report by 🔗Startups.co.uk, 44% of business owners are concerned that adopting AI without adequate safeguards leaves them exposed to cyber risks but a worrying 90% of SMEs still don’t offer any form of AI security training to their staff.
This deficit is compounded by a broader cyber security skills gap, which grew by 8% year-on-year in late 2025. Many organisations lack clear guidance on how to safely integrate AI tools into their workflows, leading to inconsistent, ad-hoc security practices rather than structured, robust defensive measures.
Building a resilient cyber culture
Organisations need to focus on building cyber resilience in manageable, strategic steps rather than attempting to overhaul their entire infrastructure overnight. To navigate the AI era securely, businesses should consider the following foundational steps:
Implement Clear AI Policies |
Define exactly which AI platforms are approved for use within the business. Establish strict guidelines on what constitutes commercially sensitive information or intellectual property, and explicitly ban the input of this data into public Large Language Models (LLMs). |
Prioritise Continuous Training |
Human error remains the weakest link in any security posture. Even short, regular awareness sessions can drastically improve your team’s ability to identify AI-generated social engineering tactics, suspicious links, and sophisticated phishing attempts. |
Strengthen Baseline Security |
Ensure fundamental cyber hygiene is non-negotiable. This includes enforcing Multi-Factor Authentication (MFA), using robust password management systems, and maintaining automated software updates to patch known vulnerabilities. Guidance from the 🔗National Cyber Security Centre (NCSC) continually highlights these basic steps as the most effective immediate deterrents against opportunistic attacks. |
Defending against AI-driven threats
At Mondas, we believe that fighting highly advanced, AI-driven threats requires an equally advanced defence. Threat actors are weaponising artificial intelligence, which means your organisation must leverage best-in-class software, tools, and informed expertise to stay ahead of the curve. By combining cutting-edge, AI-enhanced security solutions with a well-trained, security-conscious workforce, businesses can confidently embrace innovation without compromising their operational integrity.
Are you concerned that your current security training isn’t keeping pace with rapid AI adoption? Mondas specialise in aligning cutting-edge cyber security strategies with human-centric training. Reach out to our expert team today to secure your digital future.
Article brought to you by Lance Nevill, CISO at Mondas. 🔗Connect with Lance on LinkedIn, first published: Tuesday, 19th May 2026
