The rapid pace of digital transformation has exposed organizations, particularly Small and Medium Enterprises (SMEs), to a rising wave of sophisticated cyber threats. As businesses increasingly depend on digital tools and interconnected systems, attacks such as phishing, ransomware, and data breaches have become more frequent and complex [1]. Unlike large enterprises with advanced infrastructures, SMEs face constrained budgets, limited expertise, and outdated IT systems, making them prime targets [2]. Globally, SMEs account for over 90% of businesses and more than 50% of employment [3]. Despite their crucial economic role, many SMEs lack sufficient cybersecurity awareness and investment, with research showing that over 60% of SMEs fail to recover within six months of a severe cyberattack [4]. This underscores the urgent need for affordable, scalable, and user-friendly cybersecurity solutions.

Artificial Intelligence (AI) has emerged as a powerful enabler of cyber defense, capable of automating detection, responding in real time, and predicting vulnerabilities [5]. Machine learning algorithms are increasingly applied to anomaly detection, malware classification, and behavioral analysis, offering SMEs advanced capabilities without heavy human oversight [6]. Nevertheless, AI adoption among SMEs remains low due to barriers such as high costs, technical complexity, integration challenges, and privacy concerns [7]. Existing cybersecurity frameworks are largely designed for larger firms, leaving SMEs with solutions that are ill-suited to their operational realities. This mismatch has widened the gap in cybersecurity resilience between SMEs and large enterprises.

To bridge this gap, it is essential to develop AI based cybersecurity frameworks that are resilient, scalable, and aligned with SMEs’ needs. Cyber resilience involves not only prevention but also adaptability, rapid response, and swift recovery [8]. Ethical and regulatory considerations are equally critical, as the deployment of AI in cybersecurity raises issues of transparency, accountability, and data protection [9, 10]. With frameworks such as the GDPR and Nigeria Data Protection Act (NDPA), 2023, SMEs must ensure compliance and trustworthiness, supported by Explainable AI (XAI) methods like SHAP and LIME. Current studies often lack SME-specific focus, failing to combine conceptual modeling with real- world validation [11]. This study addresses the gap by proposing and empirically testing a resilient AI based cybersecurity framework tailored to SMEs, integrating threat detection, predictive analytics, and automated response while ensuring ethical and regulatory compliance. By adopting a mixed-methods approach, it advances both academic discourse and practical solutions for enhancing SME cyber resilience.

Cybersecurity has become a fundamental concern in the digital era, particularly for Small and Medium Enterprises (SMEs), which remain highly vulnerable to sophisticated attacks due to limited resources and expertise [12]. The increasing prevalence of phishing, ransomware, and advanced persistent threats has surpassed the capacity of traditional security models, creating a need for intelligent and scalable defenses. Artificial Intelligence (AI) offers transformative capabilities in real time threat detection, automated response, and proactive vulnerability assessment. Techniques such as machine learning (ML), natural language processing (NLP), and neural networks can detect patterns and anomalies often missed by humans [13]. For SMEs lacking dedicated security teams, AI driven solutions enhance efficiency and autonomy, enabling stronger protection without intensive manual oversight [14].

Cyber resilience, defined as the ability to prepare for, respond to, and recover from cyber incidents, has emerged as a strategic imperative rather than a purely technical goal [15]. For SMEs, resilience must be embedded by design to ensure rapid recovery despite financial and technical constraints. Challenges include low awareness, outdated systems, insufficient skilled personnel, and difficulties in regulatory compliance with frameworks such as GDPR and NDPA [16]. While cloud based and AI enhanced solutions hold promise, their perceived complexity has slowed SME adoption. Prior studies demonstrate the effectiveness of AI for malware detection and intrusion prevention [17,18] and emerging evidence shows improved phishing detection and faster response times in SME contexts [19, 20]. However, these studies often lack focus on resilience and long term applicability in real world SME environments.

Ethical and regulatory considerations further complicate AI adoption. Issues of bias, transparency, and interpretability threaten trust and compliance [21]. Explainable AI (XAI) methods such as SHAP and LIME help improve accountability but remain underutilized due to SME resource limitations [22]. This study draws on the Technology Acceptance Model [23], Resilience Theory [24], and Risk Management Theory [25] to guide the development of a resilient AI based cybersecurity framework tailored for SMEs. By integrating predictive analytics, automated response, and embedded XAI, the framework is empirically tested across selected SMEs. Addressing research gaps in resilience, ethics, and empirical validation [26], this study contributes both to academic discourse and to practical, deployable cybersecurity solutions for SMEs.

This study adopted a sequential exploratory mixed-methods design, beginning with qualitative data collection through semi-structured interviews and proceeding to the design, implementation, and testing of an AI-based cybersecurity framework for SMEs. The qualitative phase involved 20 key informants drawn from 15 purposively selected SMEs in Nigeria, operating in finance, health, education, and e- commerce sectors considered highly vulnerable to cyber risks and regulatory pressures. Interviews provided insights into experiences with cyber threats, existing defense practices, and perceptions of AI- driven solutions. Thematic analysis of these interviews revealed common challenges and user expectations, which guided the system’s design.

Based on these findings, a modular AI-powered cybersecurity framework was developed using Python, TensorFlow, Scikit-learn, and Streamlit. The system integrates three key modules: a machine learning- based Threat Detection Engine, Predictive Analytics for vulnerability forecasting, and Automated Response mechanisms for real-time mitigation. To enhance transparency and trust, Explainable AI (XAI) tools such as SHAP and LIME were embedded. Model training utilized both public datasets (CICIDS 2017, NSL-KDD) and anonymized SME network logs, with preprocessing techniques such as normalization, noise reduction, and SMOTE applied. The framework was deployed in a 30-day pilot across participating SMEs, and performance was assessed using detection accuracy, precision, recall, F1- score, latency, uptime, and user satisfaction metrics.

The study adhered to ethical and regulatory requirements, including informed consent, data anonymization, and compliance with GDPR and Nigeria’s NDPA (2023). Ethical approval was secured from a university ethics board, and system explainability was demonstrated using SHAP plots. While the pilot deployment highlighted the framework’s practicality and effectiveness, limitations such as the small sample size, short evaluation period, and reliance on simulated attacks were acknowledged. Future work will involve scaling deployment, extending testing across more SMEs, and integrating live threat intelligence for real-time adaptability.

This section presents the key findings from the development, simulation, and evaluation of the proposed AI-based cybersecurity framework tailored for Small and Medium Enterprises (SMEs). The results are derived from prototype testing involving 15 SMEs and 20 informants, combining system performance metrics, user feedback, and compliance indicators. The discussion interprets these findings in relation to the research objectives, highlighting the framework’s effectiveness in real-time threat detection, its explainability through SHAP and LIME, and its alignment with regulatory standards such as Nigeria’s NDPA and the GDPR. The results also explore the practical implications of deploying lightweight, AI- driven cybersecurity solutions in SME environments, addressing concerns related to scalability, usability, and ethical design.

AI-Based Cybersecurity Framework for Small and Medium Enterprises (SMEs)

Figure 1: Diagram Illustrates the Proposed AI-Based Cybersecurity Framework for Small and Medium Enterprises (SMEs).

Framework for Small and Medium Enterprises (SMEs).

Figure 1 shows the proposed AI-based cybersecurity framework for Small and Medium Enterprises (SMEs) which is a modular layered system, designed to detect, analyze, respond to, and explain cybersecurity threats in real time while ensuring regulatory compliance. At its foundation, the framework recognizes SMEs’ exposure to threats such as phishing, malware, and unauthorized access. The first layer captures logs, user activity, and network traffic as raw input for analysis. Machine learning models then identify anomalies and suspicious behavior, improving detection accuracy and timeliness. Events are logged and integrated with Security Information and Event Management (SIEM) systems to support centralized monitoring and reporting. Beyond detection, the framework applies advanced analytics to enhance situational awareness. Real-time intelligence and log analysis uncover attack vectors and patterns, while predictive analytics anticipate future risks based on historical data. Automated response mechanisms execute actions such as IP blocking, account lockdowns, or alert escalation, reducing incident response times. An Explainable AI (XAI) layer, leveraging SHAP and LIME, ensures decisions are transparent and interpretable, fostering trust and adoption among SMEs. A user-friendly dashboard provides visibility into threats, responses, and compliance status, while allowing interaction and feedback. A regulatory compliance engine enforces global and regional data protection standards, including GDPR, NDPA, and HIPAA, by tracking consent, highlighting violations, and maintaining audit trails. Altogether, the framework delivers a continuous cybersecurity lifecycle that integrates intelligence, automation, and compliance into a resilient, practical, and cost-effective solution for SMEs.

Technical Specification

This technical specification outlines the system architecture, functional components, deployment stack, and implementation strategy for an AI-based cybersecurity framework specifically designed for Small and Medium Enterprises (SMEs). The goal is to deliver a cost-effective, scalable, explainable, and regulation-compliant solution.

System Architecture Overview

The proposed AI based cybersecurity framework for SMEs adopts a modular, layered architecture to ensure functional clarity and efficiency. It begins with a Data Collection Layer that gathers logs, user activity, and network traffic, feeding into a Threat Detection Engine where machine learning models identify malicious patterns in real time. A Predictive Analytics Module applies forecasting to anticipate emerging threats, while the Automated Response Layer executes mitigation actions such as endpoint isolation or alert escalation. To enhance transparency, an Explainable AI (XAI) Layer powered by SHAP and LIME provides interpretable justifications for system decisions. A Compliance Engine ensures adherence to data protection regulations like NDPA and GDPR by mapping activities to legal standards and flagging violations. The system is managed through a user friendly dashboard, built with Streamlit that enables administrators to monitor threats, review explanations, and interact with the framework in real time.

Table 1: Functional Components.

Features Implemented

Frontend Interfaces

Home Screen

Figure 2: Home Screen Interface.

The Home Screen serves as the entry point to the cybersecurity system. It provides a welcoming interface where users can either log in to start an analysis session or access basic information about how the system works. The interface is kept simple and intuitive to accommodate SME users who may not have advanced technical expertise. A clear call-to-action such as “Start” or “Log in” ensures ease of navigation. This screen sets the tone for usability, offering a low learning curve while establishing trust and accessibility.

Log Analysis Interface

Figure 3: Log Analysis Interface.

Figure 3 is the core operational interface where users input log data (e.g., network logs, system events) for real-time threat analysis. Once the data is entered, users can click the “Analyze” button, which connects to the Flask backend’s /api/detect endpoint. The interface then displays a threat score, indicating the severity level of any potential risks found. In addition to numerical output, the system generates a human-readable explanation powered by SHAP or LIME, highlighting the specific feature that triggered the detection (e.g., “Access outside business hours”). This builds transparency and confidence in AI decisions

Health Status Interface

Figure 4: Health Status Interface.

The Health Status Interface provides a visual summary of the backend system's health and availability. It pings the API using the /api/health route and displays status updates such as “API Connected”, “Last Check Time,” and operational feedback. This module ensures users are aware of the system’s readiness before initiating any log analyses. For IT managers in SMEs, this screen adds reliability assurance by confirming that backend services are running optimally and securely.

Compliance Overview Interface

Figure 5: Compliance Overview Interface.

This interface maps system behavior against regulatory standards such as the Nigerian Data Protection Act (NDPA) and GDPR. It displays flags for compliance success or failure, such as “NDPA Compliance: Passed” or alerts when violations are detected (e.g., data without consent logging). This is especially helpful for SMEs that often lack in-house compliance officers. It simplifies the complex language of regulations into actionable insights, helping businesses stay compliant and avoid penalties.

User Feedback Interface

Figure 6: User Feedback Interface.

The User Feedback Interface collects post-analysis responses from users to assess usability, satisfaction, and overall system trustworthiness. Features include rating widgets (e.g., “Rate Us”) and an option to submit written feedback. This screen also summarizes the average confidence score or user satisfaction index, helping developers and administrators improve the system iteratively. It reinforces a user-centered design approach and is integral for refining AI models based on real user experiences.

Backend Interface

Figure 7: Flak Backend API-Endpoint Summary.

Figure 8: Diagram of Backend Architecture of AI Cyber security System.

Figure 12 demonstrates the backend architecture of the proposed AI-based cybersecurity framework for SMEs offers a high-level blueprint that integrates log ingestion, threat detection, compliance verification, and explainable AI into a unified system. At the entry point, a Log Input module collects access logs, system events, and user activity from SME endpoints, forming the raw basis for monitoring and detection. These logs are processed through a Flask API, which serves as the central orchestrator by routing, validating, and formatting data while exposing RESTful endpoints such as /api/detect and /api/health for seamless interaction with the Streamlit-based frontend dashboard. This ensures SMEs, despite limited infrastructure, can access intelligent and cost-effective real-time threat management. Once routed, data is analyzed by subsystems. The Threat Detection Module applies machine learning to flag anomalies, while the Explainability Module employs SHAP and LIME to provide human-readable justifications, enhancing trust. In parallel, the Compliance Engine maps behaviors to frameworks such as Nigeria’s NDPA and the EU’s GDPR, highlighting violations and recommending mitigation. A PostgreSQL database stores logs, classifications, activity, and compliance reports, supporting audits and model retraining. Together, these components form a modular, scalable, and practical cybersecurity solution tailored to SME resource constraints.

Deployment Stack, Data Flow Summary, Evaluation Metrics and Evaluation Metrics

The deployment stack of the proposed AI-based cybersecurity framework emphasizes simplicity, scalability, and secure integration into SME environments, with Flask powering the backend APIs, Streamlit providing an interactive dashboard, PostgreSQL (with SQLite for lightweight use) managing data, and Docker enabling portable deployment with minimal configuration. Security is reinforced through role-based access control, HTTPS, and JWT authentication. Data flows logically from endpoint log collection to real-time ML-based threat detection, automated responses via Flask, predictive risk profiling, and interpretability through SHAP/LIME, all visualized in the Streamlit dashboard for actionable insights. Effectiveness is evaluated using detection accuracy, false positive rate, precision, recall, latency, uptime, and user satisfaction, balancing technical performance with usability. To further support SMEs, the framework embeds compliance mapping aligned with NDPA and GDPR by enforcing audit trails, data minimization, consent management, and breach flagging, thereby ensuring accountability, regulatory conformity, and ethical data governance.

Qualitative Data Summary (20 Informants from 15 SMEs)

Table 2: Thematic Matrix of Interview Responses.

Source; Authors Field Survey, 2025.

As shown in Table 2, qualitative findings from 20 informants across 15 SMEs reveal the key cybersecurity challenges and expectations shaping the Nigerian SME landscape. Limited internal expertise, noted by 17 informants, forces reliance on third-party vendors, creating capacity gaps in monitoring and incident response. Budgetary constraints, highlighted by 15 respondents, make enterprise-grade tools financially inaccessible, reinforcing the need for low-cost, resource-efficient frameworks tailored to SMEs’ realities. Automation emerged as a strong expectation, with 13 participants emphasizing its role in reducing manual oversight and improving efficiency, aligning with the promise of AI-driven systems. However, 12 respondents raised concerns over the “black box” nature of AI, underscoring the necessity of Explainable AI (XAI) to build trust. Regulatory compliance and contextual relevance also surfaced as critical themes. Ten informants expressed confusion about the Nigeria Data Protection Act (NDPA), while 18 stressed that most existing cybersecurity tools lack localization and fail to reflect the Nigerian regulatory and threat environment. Post-attack recovery remains another gap, as nine participants reported difficulties restoring operations due to weak backup systems. Overall, findings portray SMEs as vulnerable yet cautiously optimistic, signaling demand for an AI-based cybersecurity framework that is intelligent, automated, transparent, regulation-compliant, affordable, and tailored to the Nigerian context.

Table 3: Threat Detection Metrics (Ai System Performance).

Figure 9: Threat Detection Metrics Chart.

Table 3 and Figure 7 present the quantitative findings from 15 SMEs over a 30-day period, which demonstrate the effectiveness of the proposed AI-based cybersecurity framework. Accuracy ranged between 93.8% and 97.3%, with SMEs 3 and 9 achieving the highest performance. Precision values between 91.5% and 97.0% confirm the system’s ability to minimize false alarms, while recall scores from 94.3% to 97.8% indicate its strength in detecting actual threats. The F1 scores remained consistently above 92 percent, with several SMEs recording results above 96 percent, reflecting a balanced and optimized performance. The false positive rate across SMEs was notably low, ranging from 1.8% to 4.3%, ensuring that benign activities were rarely misclassified as malicious. This is especially important for SMEs with limited resources, as it reduces alert fatigue and prioritizes valid threats. Overall, the results validate the robustness, accuracy, and practical relevance of the AI-based framework, highlighting its potential to serve as a reliable and cost-effective cybersecurity solution for SMEs in Nigeria.

Table 4: System Uptime and Latency.

Source: Authors Field Survey Analysis 2025

Figure 10: System Uptime and Latency.

Table 4 and Figure 8 present the evaluation of system uptime and average latency across 15 SMEs, providing further evidence of the framework’s stability and responsiveness. Average latency ranged from 110 milliseconds to 160 milliseconds, showing that the system processes inputs quickly with minimal delays. The best performance was recorded by SME 3, SME 9, and SME 15 with latencies below 120 milliseconds, while the highest latency of 160 milliseconds in SME 7 still falls within acceptable real- time standards. These results confirm that the system is optimized for low-latency threat evaluation, which is essential for detecting and mitigating fast-moving cyber risks.

System uptime was consistently high during the 30-day evaluation, ranging from 98.3 percent to 99.7 percent. SME 9 achieved the highest uptime at 99.7 percent, followed closely by SME 3 and SME 15. This reliability reflects the robustness of the lightweight, containerized architecture that sustained continuous operation even in resource-constrained environments. Taken together, the low latency and high uptime demonstrate the technical viability of the framework, confirming its ability to operate reliably in live SME environments and support real-time cybersecurity resilience.

Table 5: Post-Deployment User Survey (N=20 Informants, Likert Scale: 1-5).

Source: Authors Field Survey Analysis 2025

Figure 11: Post-Deployment User Survey.

Table 5 and figure 9 is the post-deployment user survey involving 20 SME informants which showed strong positive perceptions of the AI-based cybersecurity framework. Using a 5-point Likert scale, respondents rated the system highly across key adoption factors, with the strongest endorsement given to the statement “We are likely to recommend this system to other SME managers” (mean = 4.8). Cost- effectiveness was also emphasized, with a score of 4.7, confirming the framework’s appeal in budget- sensitive SME environments where affordability is critical. Similarly, respondents agreed that the framework improved their cybersecurity posture (4.6), demonstrating its practical impact in enhancing security resilience. User experience and trust were equally well supported, with ease of use rated at 4.5 and confidence in AI recommendations at 4.3. Transparency and explainability were also positively reviewed (4.4), validating the system’s ethical design and user trustworthiness. Furthermore, compliance support received a 4.5 rating, reflecting alignment with regulations such as the NDPA and GDPR. Overall, the survey results confirm that the framework met both functional and experiential expectations, establishing it as an effective, user-friendly, trustworthy, and regulation-aligned cybersecurity solution for SMEs.

Table 6: SHAP Feature Importance Summary (System-Wide for All Smes). 

Source: Authors Field Survey Analysis 2025

Figure 12: SHAP Feature Importance.

The SHAP (SHapley Additive exPlanations) feature importance analysis provided valuable interpretability into how the AI-based cybersecurity system prioritized threat detection factors across SME deployments. By quantifying average SHAP values, the model’s decision-making process was made transparent, aligning with explainability requirements under GDPR and Nigeria’s NDPA. The most influential feature was access outside business hours (30.1%), underscoring the system’s sensitivity to behavioral anomalies during non-standard operational periods. This was followed by suspicious IP login attempts (24.8%), reflecting a strong focus on remote access security and blacklisted sources. Multiple failed logins ranked third (16.3%), highlighting the system’s emphasis on brute-force detection. Other features also contributed meaningfully to the model’s assessments. Access to sensitive files (12.5%) and unusual data transfer volume (10.2%) both pointed to insider threats and potential data exfiltration risks, while use of outdated protocols (6.1%) captured vulnerabilities stemming from poor security hygiene. Together, these feature weights demonstrate that the system prioritizes contextually relevant cybersecurity risks, balancing user behavior, access anomalies, and technical weaknesses. Importantly, the SHAP analysis not only validates the robustness of the model but also enhances user trust and adoption by making threat detection decisions explainable and transparent.

The findings of this study highlight the potential of Artificial Intelligence (AI) in strengthening cybersecurity resilience for Small and Medium Enterprises (SMEs), which often lack the resources available to larger organizations. The proposed AI-based framework achieved high detection accuracy and low false positive rates, confirming its viability as a cost-effective defense mechanism. This aligns with prior studies emphasizing the ability of machine learning to detect subtle anomalies overlooked by traditional security systems [17, 18]. A notable outcome was the positive reception of the Explainable AI (XAI) component. Tools such as SHAP and LIME provided interpretable reasoning for detection results, with SME participants noting that understandable explanations increased trust and transparency. This validates the arguments of Leslie [21] and [22] on the importance of explainability in ethical AI adoption. The integration of compliance-oriented features, including audit trails and consent logs aligned with NDPA and GDPR, further enhanced practicality by reducing the regulatory burden on SMEs, echoing [19] on the benefits of automating compliance.

Usability was another strength, with the Streamlit-based dashboard praised for its intuitive interface and real-time monitoring, while the Dockerized deployment simplified installation for resource-constrained SMEs. Collectively, these features validated the system’s suitability as a scalable, user-friendly, and regulation-compliant solution. Nonetheless, limitations remain. The framework is currently optimized for structured log data, with limited capability for unstructured sources. Cloud-native scalability and integration with firewalls or IDS are also pending. Addressing these gaps through expanded data compatibility, cloud deployment, and third-party interoperability should guide future research and testing.

Conclusion

This study concludes that AI can significantly strengthen cybersecurity resilience in SMEs when integrated into lightweight, explainable, and regulation-aware frameworks. By leveraging machine learning models for threat detection, predictive analytics for anticipating attacks, and explainable AI for transparency, the developed framework addresses key gaps in affordability, automation, and compliance that SMEs often struggle with. The successful prototype testing suggests that such a solution is not only technically feasible but also practically beneficial for under-resourced businesses. The integration of ethical AI and regulatory mapping also improves stakeholder trust and supports sustainable adoption.

Recommendations

To maximize the impact of the proposed AI-based cybersecurity framework, several steps are recommended. Broadening deployment and real-world testing is critical. Expanding implementation across a wider range of SMEs and industry sectors will provide valuable insights into the framework’s robustness, adaptability, and performance under varied operational conditions.

Also, there is a need to promote education and capacity building. Targeted training programs should be developed to enhance SME awareness of AI-driven cybersecurity and to encourage the adoption of best practices in digital risk management. Such initiatives will not only strengthen organizational readiness but also increase trust in AI-enabled solutions.

Furthermore, efforts should focus on improving system intelligence and scalability. Incorporating adaptive learning capabilities and migrating to a cloud-native infrastructure would allow the framework to support real-time threat detection, broader scalability, and seamless integration with diverse IT environments. Finally, supportive policies and continued research are essential. Policy-driven incentives can accelerate AI adoption among SMEs, while longitudinal studies will provide deeper insights into long-term effectiveness, regulatory compliance, and sustainability of the framework.

Acknowledgement: The authors would like to acknowledge the support of colleagues and professionals who provided constructive feedback during the development of this study. We also extend our appreciation to the SMEs who participated in the case studies and shared insights that enriched this research.

Funding Statement: This research did not receive any specific grant from funding agencies in the public, commercial, or not-for-profit sectors.

Author Contributions: All authors contributed significantly to the conception, design, execution, and analysis of this research. Asere Gbenga Femi led the theoretical framework, methodology design, conducted data analysis and interpretation. All authors participated in drafting and revising the manuscript and approved the final version for submission.

Availability of Data and Materials: The datasets generated and/or analyzed during the study and the complete framework source codes are available from the corresponding author upon reasonable request.

Ethics Approval: This research did not involve human subjects, medical procedures, or animal testing that would require formal ethics approval. However, ethical standards regarding data confidentiality and informed consent for SME participation in case studies were strictly observed.

1. Threat Landscape 2022. European Union Agency for Cyber security. 2003.
2. Ponemon Institute. 2022 State of Cyber security in Small & Medium-Sized Businesses. 2022.
3. World Bank. SMEs Finance: Improving SMEs’ access to financial services. 2024.
4. Cyber Readiness Institute. Cyber security preparedness survey report on SMEs. 2023.
5. Alazab, M, Awajan A, Mesleh A, Alauthman M. A survey of AI-driven cyber security threats and defenses. IEEE Acces. 2022; 10: 10047-10072.
6. Chatterjee S, Rana NP, Sharma A, Dwivedi YK. Artificial Intelligence adoption in cyber security: A systematic literature review. Computers & Security. 2021; 106: 102285.
7. Zhang Y, Obisesan A, Uddin M. Barriers to AI adoption in SME cyber security in developing regions. Information Systems Frontiers. 2023; 25: 543-562.
8. Linkov I, Trump BD, Fox-Lent C. Cyber resilience metrics for emerging threats: A systems-based perspective. Nature Communications. 2022; 13: 1552.
9. Brundage M, Avin S, Clark J, Toner H, Eckersley P, Garfinkel B, et al. The malicious use of artificial intelligence: Forecasting, prevention, and mitigation. Future of Humanity Institute. 2018.
10. Almeida R, Zeni D, Carvalho J. Ethical governance of AI-based cyber security in SMEs: Balancing transparency and regulation. Journal of Cyber Ethics. 2024; 6: 15-29.
11. Liu X, Jiang H. Real-time deployment of AI-based intrusion detection systems in SMEs: Challenges and outcomes. Journal of Cyber security and AI. 2024; 5: 70-84.
12. Safa NS, SolmsRV, Furnell S. Information Security Policy Compliance Model in          Computers and Security. 2022; 122: 102857.
13. Xiang W, Poong YS, Chan FTS. Machine Learning Applications in Cyber security: A Review. Information Systems Frontiers. 2021; 23: 1357-1380.
14. Sarker IH, Kayes ASM, Watters P. Cyber security data science: An overview from machine learning perspective. Journal of Big Data. 2020; 7: 1-29.
15. Bada A, Sasse MA, Nurse JR. Cyber Resilience: An Interdisciplinary Approach to Assessing and Improving Cyber security. ACM Computing Surveys. 2021; 54: 1-36.
16. Ahlan AR, Lubis MS, Selamat MH. Barriers to Cyber security Implementation in SMEs. Information Management & Computer Security. 2022; 30: 521-536.
17. Aydin MA, Gürdür Broo D, Selçuk AA. Deep Learning-Based Malware Detection: A Comparative Study. J Infor Security Applications. 2023; 74: 103473.
18. Musa H, Bello M. AI-Driven Cyber security Framework for Nigerian SMEs: A Pilot Study. Nigerian Journal of Technology. 2022; 41: 115-126.
19. Nguyen TD, Pham MH. Phishing Detection in SMEs Using AI-Based Techniques: Evidence from Southeast Asia. Cyber security. 2023; 6: 18-29.
20. Musa H, Bello M. AI-Driven Cyber security Framework for Nigerian SMEs: A Pilot Study. Nigerian J Tech. 2022; 41: 115-126.
21. Leslie D. Understanding Artificial Intelligence Ethics and Safety. The Alan Turing Institute. 2020.
22. Ribeiro MT, Singh S, Guestrin C. Why Should I Trust You?” Explaining the Predictions of Any Classifier. Proceedings of the 22nd ACM SIGKDD. 2016; 1135-1144.
23. Davis FD. Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Quarterly. 1989; 13: 319-340.
24. Woods DD. Four concepts for resilience and the implications for the future of resilience engineering. Reliability Engineering & System Safety. 2023; 230: 108883.
25. Aven T. Risk assessment and risk management: Review of recent advances on their foundation. Reliability Engineering and System Safety. 2021; 211:                
26. Koutroumpis P, Leiponen A, Thomas LDW. Scaling AI in SMEs: Challenges and Opportunities. Technological Forecasting and Social Change. 2023; 187: 122245.