AI, Supply Chains, and the New Reality of Cyber Resilience

Every SMB owner I have spoken to lately is asking the same thing: “What’s the biggest cyber risk we should be watching right now?”

The truth?  It’s not just one.  Two issues are dominating the resilience landscape today, and they’re hitting SMBs as hard as the big players:

AI-Powered Scams

Generative AI isn’t just making life easier for your marketing team, it’s also turbo-charging cybercrime.

• Phishing emails no longer look like they came from a dodgy hotmail account.  They’re polished, localised, and convincing.

• Deepfake voice calls and even video messages can now trick staff into approving payments or sharing access.

• The old “spot the typo” training simply doesn’t cut it anymore.

Supply Chain Weakness

Big brands from Jaguar Land Rover to airport systems have recently been knocked offline, not by direct attack, but through suppliers.

• One weak link can cause days (or weeks) of disruption.

• For SMBs, being part of a larger supply chain makes them a target, often the path of least resistance.

• Resilience today means asking tough questions of your vendors and proving your own house is in order.

What This Means for SMBs

Resilience isn’t about a single tool, policy, or insurance policy.  It’s about being able to:

• Identify risks (internal and external)

• Strengthen defences in layers

• Train staff to spot the real threats

• Recover quickly when things go wrong

• Adapt as new risks like AI evolve

That’s the difference between hoping you’re safe and knowing you’re resilient.

At SJ Cyber Aware, we’ve built a structured, practical programme, The Journey to Cyber Resilience, that helps SMBs embed these pillars into daily operations.  The stark truth is that in 2025, hoping for the best is no longer a strategy.

What’s your view?  Do you see AI-driven scams as the bigger threat, or supply chain risk?