AI for SMEs: Opportunity or Risk?

Last Wednesday, I attended Annacon, a leading security conference. And as with almost everything these days, the sessions were dominated by one topic: Artificial Intelligence. Every discussion, every deep dive circled back to AI, its promise, its risks, and its impact on security.

After spending the day in these thought-provoking sessions, I walked away with a clear realization: AI is here and it will stay. From writing tools to voice generators, from SaaS platforms to enterprise copilots, Generative AI (GenAI) is transforming how businesses operate.

For small and medium-sized enterprises (SMEs), this shift can be a game-changer, or a ticking time bomb.

At Dunetrails, we believe AI can help SMEs thrive. But only if it’s adopted securely and responsibly. Here are my thoughts after Annacon, and why this matters for every SME leader today.

The Hidden AI Adoption Problem

Recent studies show:

• 75% of employees use AI at work.
• 78% use their own AI accounts.
• 52% won’t admit they’re using AI.

That means your company’s data could already be flowing into uncontrolled environments—without your knowledge. And it’s not just personal data; it’s sensitive business information.

I’ve seen employees email confidential files to their personal accounts just to run them through ChatGPT because the corporate firewall blocked access. I’ve seen people secretly record meetings on their phones to feed them into shady transcription bots. People are resourceful, and if you don’t give them safe tools, they’ll find unsafe ones.

What Secure AI Adoption Looks Like

At Dunetrails, we define secure AI adoption in three steps:

Awareness
Employees need to understand the risks. Public AI chatbots aren’t just answering questions—they’re collecting data. Some may even be malicious, designed to harvest information for resale or exploitation.

Governance
Apply the principle of least privilege. Just like in IT security, employees should only access the data they need for their role. Tools like Microsoft Purview help enforce these boundaries.

Provide Safe Alternatives
If you don’t offer a company-controlled AI solution, employees will look elsewhere. Microsoft Copilot is a great example of a secure, integrated option that keeps data inside your trusted environment.

Innovation vs. Compliance: Finding the Balance

We’re all for innovation—but not at the cost of ethics or security. Regulations like NIS2 have raised awareness and improved practices, even if they required investment. Compliance isn’t just a checkbox; it’s a foundation for trust.

At the same time, innovation drives progress. SMEs have an advantage here: shorter decision cycles mean faster adoption and quicker pivots. Those who embrace AI smartly will thrive. Those who ignore it—or dive in headfirst without guardrails—risk falling behind or worse.

My Biggest Frustration

Companies rushing into AI without understanding the basics. AI is an enhancer, not a replacement. If you have no experience in software development and use AI to build an app, expect holes—security holes, compliance gaps, and operational risks. But if you’re an experienced developer, AI can make you faster and better because you know how to guide it.

The same applies across every domain. AI amplifies your strengths—but also your weaknesses.

The Dunetrails Promise

We help SMEs turn AI into an opportunity without compromising security. Our approach:

• Educate your people about risks and best practices.
• Implement governance with tools like Purview.
• Deploy trusted AI solutions like Microsoft Copilot to keep data safe.

One Piece of Advice for 2025

Inform yourself and your people—and give them access to AI they can use safely under company control.
Because if you don’t control AI in your company, someone else will.

Final Thought

AI will reshape every industry. For SMEs, it’s not a question of if—it’s a question of how. Secure adoption isn’t optional; it’s the only way forward.