AI Is Changing Cyber Risk. Here’s How SMBs Can Respond.

2026-06-26 · Source: Feeds - HBR.org · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, short

Summary

Amid a surge in cyberattacks, AI is significantly increasing cyber risk, particularly for Small to Midsize Businesses (SMBs). The article highlights concerns from leaders like JPMorgan Chase CEO Jamie Dimon and Amazon's Andy Jassy regarding models such as Anthropic's Mythos 5 and Fable 5. While large firms like Microsoft spend over \$1 billion annually on security, SMBs face average cyberattack costs exceeding \$250,000, potentially reaching \$7 million, with only 7% deeming their cybersecurity budgets sufficient. Daniel Dobrygowski, author of "Technology Governance," outlines seven affordable steps for SMBs to bolster defenses: implementing multifactor authentication or passkeys, taking inventory of connected systems, backing up and architecting data, using AI to test defenses, vetting vendors, following regulations, and fostering a security-first culture.

Key takeaway

For SMB executives or IT managers concerned about escalating AI-driven cyber threats and limited budgets, you must prioritize implementing core defenses. Focus on multifactor authentication, comprehensive system inventory, robust data backup, and vendor vetting. Additionally, consider using AI tools to proactively test your network's vulnerabilities, making your organization a less attractive target for attackers and significantly reducing potential financial losses.

Key insights

AI amplifies cyber threats, but SMBs can implement affordable, foundational defenses to significantly reduce their vulnerability.

Principles

• Multifactor authentication blocks most common attacks.
• Data backup eliminates ransomware payment necessity.
• Vendor security is critical to your own defense.

Method

Dobrygowski outlines a seven-step cyber defense strategy: implement MFA/passkeys, inventory systems, architect data, use AI for testing, vet vendors, follow regulations, and foster a security-first culture.

In practice

• Implement multifactor authentication or passkeys.
• Scan systems to identify connected devices.
• Employ an LLM to test network vulnerabilities.

Topics

• Cyber Risk Management
• SMB Cybersecurity
• AI-driven Threats
• Multifactor Authentication
• Data Backup
• Vendor Security

Best for: IT Professional, Security Engineer, Consultant

Related on AIssential

• IBM 2026 X-Force Threat Index: AI-Driven Attacks are Escalating as Basic Security Gaps Leave Enterprises Exposed — AI tools are accelerating cyberattacks by enabling faster vulnerability exploitation and lowering barriers to entry for threat actors.
• Executive Interview: DefendSphere — DefendSphere bridges technical security and legal compliance for European SMBs using an AI-driven engine.
• ‘Don’t panic’: AI reality checks dominate major cybersecurity conference — Cybersecurity leaders should prioritize fundamental security practices and human expertise over AI hype.
• Common AI-Based Cyber Attacks (2026 Guide) — AI significantly enhances cyber attack sophistication, automation, and personalization across various threat vectors.
• AI agents can manage your passwords. Should we let them? Plus: The biggest Patch Tuesday ever. — AI's dual impact on cybersecurity involves both automated defense capabilities and accelerated vulnerability discovery, necessitating strategic risk management.
• Cybersecurity Is No Longer an IT Problem — It’s a Business Survival Problem — Modern cybersecurity is a business survival imperative, protecting critical assets across an expanded, complex digital attack surface.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Feeds - HBR.org.