AI-Enabled Cybersecurity for Small and Medium-Sized Enterprises (SMEs): A Systematic Review and Evidence-Informed Assessment Framework

Abstract

Small medium enterprises (SMEs) are the biggest population of businesses in the world and are very susceptible to cyber-attacks because of their insufficient financial resources, technical ability and expertise. Artificial intelligence (AI) represents the promise of improving SME cyber resilience by detecting attacks and responding faster. Its practical feasibility is however not clearly known. The systematic review of fifty peer-reviewed articles and independently verified commercially available AI-based cybersecurity solutions (2018-2025) presents in this paper is aimed at assessing the viability and not the performance of AI-powered cybersecurity in SMEs. It has been demonstrated that, despite high detection performance of ensemble, supervised and deep learning approaches in controlled experimental settings, SME deployment is limited by the quality of data, computational requirements and operation maturity. According to commercial knowledge, cloud-based EDR/XDR, MDR and email security enhanced using AI seem to be the most feasible adoption routes. Based on these findings, SME AI Cybersecurity Feasibility Framework (SME-AICF) is proposed as an evidence-based conceptual framework based on the structure of the feasibility assessment of the technical, economic, operational, legal and regulatory, and market dimensions; the framework is conceptual and needs empirical confirmation. Implications on SMEs, policymakers, and vendors as well as priority research gaps are the last elements of the paper.