Daniel Shone, Managing Director at Apex Computing warns that as AI becomes essential for SMEs, its rapid, unstructured adoption is outpacing security and putting sensitive data at risk.
Artificial intelligence is no longer optional for most businesses.
Moving from a “nice to have” to a heavily relied upon business tool in an incredibly short space of time, AI is no longer the preserve of large enterprises with bigger budgets.
SMEs and single-person startups are now reliant on AI for much of the heavy lifting.
It’s embedded in CRMs, powering chatbots, creating content and supporting workflows, helping businesses of all sizes to do more with less.
It’s a very positive thing… But it’s not without its drawbacks.
AI adoption is happening so quickly that many businesses are overlooking the groundwork needed to use it safely.
In many SMEs, AI adoption happens almost by osmosis.
A marketing manager signs up for a generative AI tool to speed up campaigns; a sales team member experiments with AI-powered email drafting; operations teams plug automation tools into existing systems.
There’s no structure, no plan, no oversight or even much visibility.
There’s little wonder that the Logicalis CIO Report found that only 37% of enterprise organisations have full visibility of AI tool usage.
And it’s suspected that in smaller businesses, oversight will be far lower.
The growth is organic, but it’s also dangerous. Because unlike other SaaS tools, AI systems can introduce new data‑exposure risks through how inputs are logged, stored or transmitted.
Depending on configuration, provider policies, and integrations, data entered into AI tools may be retained, accessed by third parties or inadvertently exposed.
Without proper oversight, companies can quickly lose track of what’s being used and where their data is going, making data leakage a pressing reality.
Many AI platforms rely on cloud‑based models and depending on provider policies, account type and configuration settings, information entered into them may be logged, retained for monitoring purposes or processed within third‑party systems.
That’s fine when you’re asking for help drafting a generic email.
It’s far more problematic when employees are pasting in sensitive information, whether customer data, financial figures or company insights.
And the biggest problem is that most employees aren’t even aware of the risk; they make choices to enhance their productivity.
Without policies to guide them and specific AI data handling practices in place, they simply don’t know where caution is required.
So, when new, exciting tools come and offer fast and easy ways to reduce their workload, they use them without stopping to think about the implications.
That’s not to say that AI adoption shouldn’t be contemplated.
The productivity gains it offers are real, reducing the time needed for certain types of task completion to minutes rather than hours, freeing staff from tedious and repetitive but essential work to concentrate on things that can add greater value.
But as with all things, balance is required. When speed comes at the cost of compliance or security, it doesn’t carry value.
Regulatory compliance around data protection is increasing and digital security is one of the most complex and pressing concerns of the vast majority of businesses – and that seems unlikely to change any time soon.
It’s too easy to make mistakes that can completely compromise a business, both financially and reputationally.
First, you need visibility. Too many organisations don’t have a clear picture of which AI tools are being used across their business.
So, start with an audit. Then you can move on to policy creation.
If you want to use AI both productively and safely, you need a clear and realistic policy around use.
No tools should be onboarded without approval.
Not all data is safe to use, so clarify what is and isn’t in simple language.
Highlight what should never be shared. The goal is to allow your teams to use AI responsibly.
Then there’s the need to implement a system of constant review.
Just like any other digital security, AI security shouldn’t be something you set and forget.
The tech is changing constantly and your policies and protection have to change with it.
Some businesses will have dedicated inhouse teams to deal with this.
Others will need to work with external partners who can provide guidance and oversight and your company grows.
Whether for good or bad, AI is here to stay and for SMEs, it represents a huge opportunity.
But it also represents an equally huge risk and all businesses need to be aware of the threat and how to protect themselves against it, before they consider wholesale adoption.
Daniel Shone founded Apex Computing in 2003, later partnering with Chris Gorman to build the award‑winning Managed Service Provider it is today.
Under Shone’s leadership, Apex has continued to grow, supporting customers with IT, cybersecurity and AI solutions.
He specialises in strategic IT and security for SMEs across Greater Manchester and the North West, helping organisations drive real value, resilience and growth.
