In 2024, British engineering firm Arup lost £20 million in a single video call. The employee thought they were speaking with their CFO and other executives about an urgent payment. Every person on the call looked and sounded exactly like their colleagues. The problem? They were all deepfakes.
This is the new reality of emerging cyber security threats. While many small and medium-sized enterprises (SMEs) are just catching on to traditional threats like basic phishing and malware, cybercriminals are already deploying sophisticated AI-powered attacks that make yesterday’s defences look outdated.
Three key future cyber security threats continue to rise in popularity: AI-powered phishing, deepfakes, and supply chain attacks.
Sooner or later, your business will come face-to-face with one of these techniques.
Here’s what you need to know to prepare.
Why Traditional SME Cyber Protection Won’t Hold Up Against Future Cyber Threats
You face the same sophisticated threats as large enterprises, but likely lack the resources to combat them. This is the case for most SMEs we speak to, and it’s made all the more challenging because attackers have evolved their methods faster than most of the defences SMEs already have.
Where once you could spot a scam by poor grammar or generic content, today’s threats are personally crafted using publicly available information about your business, your team, and even your recent activities.
Traditional email filters that once caught obvious phishing attempts now struggle against AI-generated content that perfectly mimics your writing style and company context. But ‘better phishing emails’ are just a fraction of the seismic shift AI is going to force SME cyber protection to undergo in the next few years.
AI-Powered Social Engineering: What Happens When Machines Master Human Psychology?
The most immediate threat facing SMEs is the complete transformation of social engineering through artificial intelligence.
AI agents can now out-phish elite human red teams, at scale. In controlled experiments, AI’s performance versus humans improved by 55% between 2023 and 2025. This means the AI tools available to cybercriminals today create more convincing attacks than expert human criminals could manage just two years ago.
For smaller businesses, AI-powered attacks are likely to come in the form of:
- Voice Cloning Technology: Criminals can now replicate anyone’s voice using just a few minutes of audio from social media or company videos. They use this to make convincing phone calls impersonating executives, suppliers, or clients.
- Deepfake Video Calls: As the £20 million example shows, attackers can create realistic video conferences with multiple fake participants. For SMEs where executives are well-known faces, this poses particular risks during payment authorisations or sensitive discussions.
- Hyper-Personalised Emails: AI analyses your team’s LinkedIn posts, company announcements, and even writing patterns to create emails that perfectly match your colleagues’ communication style.
Immediate Actions You Can Take to Prevent Future Cyber Attacks
- Implement voice verification protocols for financial requests over the phone
- Establish dual-channel verification for any payment changes or urgent transfers
- Train staff to look for verification requests that avoid normal processes
- Create simple code words or phrases for executive communications
Supply Chain Compromises: When Your Trusted Partners Become Attack Vectors
To some extent, your SME’s cyber protection rests in the hands of your:
- Accounting software provider
- Cloud storage services
- Payment processing systems
- Marketing automation tools
- HR and payroll platforms
- And more
Each supplier has access to different aspects of your business data. Each represents a potential entry point for cybercriminals – cybercriminals who have discovered that attacking smaller, less secure partners often provides easier access to their larger targets.
(For context, third-party involvement in breaches has reached 30% as of 2025, with many SMEs unknowingly serving as stepping stones to larger organisations.)
How to Tackle Emerging Supply Chain Cyber Security Threats
Smarter cyber security strategies for SMEs include taking your supply chain into consideration from the planning stage, not as an afterthought.
- Audit all third-party services and their access to your data
- Research the security practices of key suppliers before signing contracts
- Implement access controls that limit what each service can see
- Create backup plans for critical functions if a provider is compromised
- Regularly review and remove access for unused or outdated services
Preparing Your SME for Tomorrow’s Threats, Today
Understanding future cyber threats is only valuable if you can translate that knowledge into action. The emerging threats we’ve discussed share common characteristics that can inform your next steps: they exploit human psychology, abuse trust relationships, and take advantage of complex modern business infrastructure.
Therefore, your defence strategy should focus on three key areas:
People Who Think Like Attackers: Train your team to question unexpected requests, verify identities through multiple channels, and report suspicious activity without fear of blame.
Technology That Adapts: Deploy security solutions that use AI to fight AI. Modern threat detection systems can identify unusual patterns and behaviours that humans might miss.
Processes That Scale: Build verification procedures that work whether you’re a 5-person team or growing to 50+ employees. Make security checks part of normal business operations, not emergency responses.
For small businesses, tackling emerging cyber security threats effectively will rely on you recognising that these aren’t distant future threats. They’re happening now, and your business needs to start preparations today.
Act While You Have the Advantage
Remember that cyber security threats evolve constantly, but the fundamentals of good security remain consistent:
- Verify before trusting
- Limit access to what’s necessary
- Maintain awareness of new attack methods
Don’t wait for the first AI-powered attack or supply chain compromise to affect your business. The time to build robust defences is now, while you have the advantage of foresight.
Worried about the future of cyber threats? Speak to James about how to future-proof your business with smart, tailored strategies.
