The Role of Information Security in Responsible AI for Digital SMEs: A Systematic Review of Frameworks, Challenges, and Best Practices

Charles Ribeiro Quainoo; Md Atiqur Rahman  Ahad

doi:10.55613/jeet.v36i1.193

Authors

Charles Ribeiro Quainoo University of East London
Md Atiqur Rahman Ahad University of East London

DOI:

https://doi.org/10.55613/jeet.v36i1.193

Keywords:

Responsible AI, Security Best Practices, Digital SMEs, AI Governance, AI Ethics, Information Security Governance

Abstract

The integration of Information Security (InfoSec) in Responsible AI (RAI) implementations has emerged as a critical focal point, particularly in addressing the unique challenges faced by Digital SMEs (Digital Small and Medium-sized Enterprises are SMEs whose core operations rely heavily on digital technologies. They are further explained in chapter 2.1, “SMEs and Digital SMEs”. SMEs, used throughout this paper, specifically refers to Digital SMEs). This review examines the evolving role of InfoSec in shaping RAI implementations, emphasizing the importance of integrated frameworks to maximize resource efficiency and cohesively address both domains. While existing studies focus mainly on technical and policy-driven solutions, there is an under-representation of non-technical barriers, particularly the human factor, despite its critical role in InfoSec. Organizational culture, employee awareness, and stakeholder engagement are critical yet often overlooked components of InfoSec, despite their pivotal role in achieving a balance across the three core pillars of InfoSec, that is: people, processes, and technologies. With insights from significant studies and internationally recognized frameworks for AI governance and InfoSec, this analysis highlights the advantages of adopting integrated approaches for simplified and holistic InfoSec and RAI implementations. Emphasis shall also be placed on understanding the role of the Human Factor in these frameworks and identifying its significance in building sustainable and ethical AI practices. By synthesizing existing data, this study provides actionable insights to support SMEs in building resilient, secure, and ethical digital practices tailored to their unique needs.

Author Biographies

Charles Ribeiro Quainoo, University of East London

Charles Ribeiro Quainoo is an information security professional currently pursuing a Professional Doctorate in Information Security at the University of East London. His research and practice focus on responsible AI, digital ethics, and information security, with an emphasis on developing secure, ethical, and resilient frameworks for organizations. He is particularly interested in how responsible AI adoption can be aligned with regulatory requirements and ethical principles to foster trust, accountability, and sustainable digital transformation.
Md Atiqur Rahman Ahad, University of East London

Prof. Md Atiqur Rahman Ahad is a Professor of Artificial Intelligence and Champion for Research and Innovation in the Department of Computer Science and Digital Technologies, School of Architecture, Computing and Engineering, University of East London. He holds a PhD and is a Senior Member of IEEE and OPTICA (formerly OSA), as well as a member of ACM and the International Association for Pattern Recognition (IAPR). He previously served as Professor at the University of Dhaka, Specially Appointed Associate Professor at Osaka University, and Visiting Professor at Brawijaya University. His academic and professional contributions span artificial intelligence, computer vision, and digital technologies, with an emphasis on advancing research and innovation in responsible and impactful AI.

References

ACM. (2025). ACM Digital Library. https://dl.acm.org

Alahmari, A., & Duncan, B. (2020). Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. In *2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)* (pp. 1–5). IEEE. https://doi.org/10.1109/CyberSA49311.2020.9139638

Baker, S., & Xiang, W. (2023). Explainable AI is responsible AI: How explainability creates trustworthy and socially responsible artificial intelligence. *arXiv*. https://doi.org/10.48550/arXiv.2312.01555

Carayannis, E. G., Dumitrescu, R., Falkowski, T., & Zota, N.-R. (2024). Empowering SMEs: Harnessing the potential of Gen AI for resilience and competitiveness. *IEEE Transactions on Engineering Management*. https://doi.org/10.1109/TEM.2024.3456820

Center for Strategic and International Studies. (2024). Protecting data privacy as a baseline for responsible AI. https://www.csis.org/analysis/protecting-data-privacy-baseline-responsible-ai

Charmet, F., Tanuwidjaja, H. C., Ayoubi, S., Gimenez, P.-F., Han, Y., Jmila, H., Blanc, G., Takahashi, T., & Zhang, Z. (2022). Ex-plainable artificial intelligence for cybersecurity: A literature survey. *Annals of Telecommunications, 78*(1–2), 45–67. https://doi.org/10.1007/s12243-022-00926-7

Coshow, T. (2024). Agentic AI: Behind the 2025 top tech trend.

CXO Today. (2025). 8 key trends in AI/ML product strategy for SMEs and enterprises in 2025.

Elsevier. (2025a). Scopus. https://www.scopus.com

Elsevier. (2025b). ScienceDirect. https://www.sciencedirect.com

Ernst & Young. (2024). Addressing AI risks: Preventing bias and achieving ethical AI use. https://www.ey.com/en_us/insights/emerging-technologies/addressing-ai-risks-preventing-bias-and-achieving-ethical-ai-use

European Commission. (2019). Ethics guidelines for trustworthy AI. https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai

European Commission. (2024). SME definition. https://single-market-economy.ec.europa.eu/smes/sme-fundamentals/sme-definition_en

European Commission. (2025a). Data protection: Rules for the protection of personal data inside and outside the EU.

European Commission. (2025b). Regulation (EU) 2024/1689 on artificial intelligence. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng

Gates, B. (2018). AI can be our friend. CNBC.

Haan, K. (2023). How businesses are using artificial intelligence in 2025.

Hashmi, E., Yamin, M. M., & Yayilgan, S. Y. (2024). Securing tomorrow: A comprehensive survey on the synergy of artificial intel-ligence and information security. *AI and Ethics*. https://doi.org/10.1007/s43681-024-00529-z

High-Level Expert Group on Artificial Intelligence. (2019). Ethics guidelines for trustworthy AI. European Commission. https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai

Hinton, G. E. (2023). Pioneering work in artificial intelligence and deep learning.

Hupe, A., Bretschneider, U., Lange, K., Trostmann, T., Stubbemann, L., Leimeister, J. M., & Refflinghaus, R. (2023). Barriers of SMEs in adopting crowdsourcing and -working and strategies to overcome them (Tech. Rep. No. 16). Kassel University Press.

IBM. (2024a). AI and privacy: Ethical challenges and best practices.

IBM. (2024b). Responsible AI. https://www.ibm.com/think/topics/responsible-ai

IBM. (2025a). Large language models. https://www.ibm.com/topics/large-language-models

IBM. (2025b). Generative AI: Insights, trends, and technologies. https://www.ibm.com/think/topics/generative-ai

IEEE Staff. (2022). Systematic reviews in engineering and technology. IEEE Xplore.

IEEE. (2025). IEEE Xplore Digital Library. https://ieeexplore.ieee.org

IFC. (2021). MSME finance gap: Assessment of the shortfalls and opportunities in financing micro, small, and medium enterprises.

ISC². (2024). About ISC². https://www.isc2.org/about

ISACA. (2021). Cyberresilience in an evolving threat landscape. *ISACA Journal, 3*.

ISACA. (2022a). Developing an artificial intelligence governance framework.

ISACA. (2022b). Information security, cybersecurity and privacy protection - Information security management systems - Re-quirements (ISO/IEC 27001:2022).

ISACA. (2024a). AI governance: Key benefits and implementation challenges.

ISACA. (2024b). Building a secure and compliant AI infrastructure: Lessons from the trenches.

ISACA. (2024c). Responsible AI governance in traditional and emerging ecosystems.

ISACA. (2024d). Who we are. https://www.isaca.org/about-us/who-we-are

Jalil, M. F., Lynch, P., Affizzah, D. B., Marikan, A., & Isa, A. H. B. M. (2025). The influential role of artificial intelligence adoption in digital value creation for SMEs: Does technological orientation mediate this relationship? *AI & Society, 40*(3), 1875–1896. https://doi.org/10.1007/s00146-024-01969-1

Kereopa-Yorke, B. (2023). Building resilient SMEs: Harnessing large language models for cybersecurity in Australia. *arXiv*. https://doi.org/10.48550/arXiv.2306.02612

Leo, N., & Archie, O. (2024). AI and cybersecurity for SMEs: Balancing ethical considerations and operational efficiency. https://doi.org/10.13140/RG.2.2.33120.49923

Liberati, A., Altman, D. G., Tetzlaff, J., Mulrow, C., Gøtzsche, P. C., Ioannidis, J. P. A., Clarke, M., Devereaux, P. J., Kleijnen, J., & Moher, D. (2009). The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate health care interventions: Explanation and elaboration. *Journal of Clinical Epidemiology, 62*(10), e1–e34. https://doi.org/10.1016/j.jclinepi.2009.06.006

Microsoft Azure. (2023). Security and responsible AI guide.

Mitnick, K. (2023). About Kevin Mitnick. https://www.mitnicksecurity.com/kevin-mitnick

Mitnick, K. (2024). 15 cybersecurity quotes from famous people in the field.

Munich Re. (2024). Cyber insurance risks and trends 2024. https://www.munichre.com/en/solutions/for-industry-clients/cyber/cyber-insurance-trends.html

National Institute of Standards and Technology (NIST). (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://www.nist.gov/cyberframework

OECD. (2021a). Digitalization in SMEs: Progress and challenges.

OECD. (2023). SME and entrepreneurship outlook 2023.

Oldemeyer, L., Jede, A., & Teuteberg, F. (2024). Investigation of artificial intelligence in SMEs: A systematic review of the state of the art and the main implementation challenges. *Management Review Quarterly*. https://doi.org/10.1007/s11301-024-00405-4

Oxford Business Review. (2023). The role of digital transformation in scaling SME operations.

Pan, Z., & Mishra, P. (2023). Explainable AI for cybersecurity. Springer. https://doi.org/10.1007/978-3-031-46479-9

Richardson, B., & Gilbert, J. E. (2021). Fairness in artificial intelligence: Challenges and opportunities. *arXiv*. https://doi.org/10.48550/arXiv.2112.05700

Salamon, L. M., & Siegfried, J. J. (2020). Economic power and political influence: The impact of industry structure on public policy. *American Political Science Review, 114*(3), 763–781.

Schneier, B. (2023). About Bruce Schneier. https://www.schneier.com/about/

Schneier, B. (2022). Humans and cybersecurity: The weakest link or the best defense?

Schwaeke, J., Peters, A., Kanbach, D. K., Kraus, S., & Jones, P. (2025). The new normal: The status quo of AI adoption in SMEs. *Journal of Small Business Management, 63*(3), 1297–1331. https://doi.org/10.1080/00472778.2024.2379999

Soudi, M. S., & Bauters, M. (2024). AI guidelines and ethical readiness inside SMEs: A review and recommendations. *Digital Society, 3*(3). https://doi.org/10.1007/s44206-024-00087-1

Verizon. (2023). 2023 Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/

Verizon. (2024). 2024 Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/2024/

Walmsley, J. (2020). Artificial intelligence and the value of transparency. *AI & Society, 36*, 585–595. https://doi.org/10.1007/s00146-020-01066-z

World Bank. (2020). Small and medium enterprises in the pandemic: Impact, responses, and the role of development finance.

World Bank. (2021). Regulatory constraints and opportunities for SMEs in emerging economies.

Yuhan, N., & Hamilton, J. (2024). Strengthening SMEs through cybersecurity and AI: A path to operational excellence. https://www.researchgate.net/publication/384443733