Samantha Hanreck, associate consultant for AI business strategy at the Cyber Security Institute.

Small and medium-sized enterprises (SMEs) are sitting ducks for cyber criminals, due to their inadequate defences.

That’s according to Samantha Hanreck, associate consultant for AI business strategy at the Cyber Security Institute. 

She warns that the ramifications are far-reaching—a single breach can disrupt operations, harm reputation, and land businesses in hot water with data protection regulators.

"And let’s not forget—SMEs make up the majority of businesses. If they fall, it’s not just the business owners who suffer—its staff, suppliers, and the broader economy. Cyber security isn’t a luxury anymore; it’s essential for survival and growth,” she says.

Hanreck spoke with ITWeb Africa on future-proofing cyber security with AI and adoption strategies for SMEs.

When asked about the influence of AI on the cybersecurity of SMEs, she says: “AI cuts both ways when it comes to cyber security.

“On the one hand, attackers are getting smarter—they’re using AI to scale up things like phishing, password cracking, and scanning for vulnerabilities. These attacks are faster and harder to spot than ever before.”

Hanreck continues: “But the good news? AI is also one of our biggest allies in defence. It can spot patterns, detect anomalies, and flag threats early—stuff that would take a human team hours or days.

“For SMEs with limited budgets, AI brings scalable, affordable solutions like automated threat detection, smart email filtering, and endpoint protection.

“That said, the tools are only as good as the people using them. If your team doesn’t understand how AI works or where it fits into your overall cybersecurity strategy, it’s easy to get a false sense of security. Education and awareness are key.”

Hanreck also highlights the top cybersecurity concerns facing SMEs and ways to manage threats.

She says: "For most SMEs, the most significant issues are budget limits, as many cannot afford full-time IT personnel or top-tier security products.”

There’s also a false perception, among SMEs, that cybercriminals primarily target large corporations, she says. “That's simply not true. And the developing threat landscape facing African SMEs only continues to evolve. Ransomware, phishing, insider threats, supply chain assaults...it's all on the increase."

So, what can SMEs do?

Start with the basics, she says. “Enable multifactor authentication, keep software up to date, and make sure your staff know how to spot dodgy emails.

“Then, look at AI-based tools that give you bang for your buck—like Judy Security or Microsoft Copilot. These platforms bundle threat protection, monitoring, and response into manageable subscription models.

“And finally, consider working with a managed service provider. They bring expertise and 24/7 support at a cost far lower than building a team in-house”