Can AI actually make my business worse?

28 May 2026

Yes, AI can make things worse

AI can make your business worse in six practical ways: it can give customers bad answers, leak or misuse data, make staff less productive, increase costs without creating value, amplify unfair or inaccurate decisions, and automate a process that should have been fixed first.

The uncomfortable part is that most of these failures do not look dramatic at the start. They look like a helpful chatbot, a cheaper support workflow, a new meeting note taker, a Copilot rollout, a spreadsheet assistant, or a clever internal search tool. The damage appears later, when customers receive incorrect information, staff stop trusting the system, sensitive data is pasted into tools you do not control, or the business spends months chasing a use case that never produces a measurable return.

That is why the question is not whether AI is good or bad. The question is whether the way you are implementing it improves the business system around it. If your process is messy, AI can make the mess faster. If your data is wrong, AI can make the wrong answer sound more confident. If your team does not know when to challenge an output, AI can reduce judgement rather than improve it.

In a UK SME, a sensible first AI project might cost £3,000-£8,000 for discovery and risk mapping, £5,000-£25,000 for a focused pilot, and £20,000-£75,000 for a production workflow with integrations, training, monitoring, and support. That investment can be worth it. It can also be wasted quickly if the business problem is vague.

What the UK data says about the risk

The UK is not at a point where every business has mature AI systems. DSIT's 2025 AI Adoption Research found that around 1 in 6 UK businesses, 16%, currently use at least one AI technology. A further 5% said they planned to adopt AI, while 80% were neither using AI nor planning to adopt it. Adoption was higher in large businesses at 36% and mid-sized businesses at 23%, while micro businesses were at 14%.

That matters because the market noise makes AI sound universal. It is not. Many businesses are still experimenting, and many do not yet know how to measure value. The same DSIT research found that most businesses using AI reported productivity gains, but most had not experienced a change in revenue. It also found that 35% of businesses currently using or planning to use AI did not know how much they had spent on AI-related activity in 2024.

Those numbers should make leaders pause. Productivity gains are useful, but they are not the same as profit, customer retention, cash flow, or lower operating risk. If you save three hours a week but add another subscription, new management overhead, extra checking work, and nervous staff, the net benefit may be close to zero.

Cyber risk is also part of this. The UK Cyber Security Breaches Survey 2025/2026 reported that 43% of businesses experienced a cyber security breach or attack in the previous 12 months, equivalent to about 612,000 UK businesses. Only 25% of businesses had a formal incident response plan. Adding unmanaged AI tools into that environment can widen the places where data leaves the business.

Customer experience can get worse first

The most visible way AI makes a business worse is bad customer experience. A chatbot that cannot answer the real question is not a saving. It is a queue blocker. A support assistant that invents a refund policy is not helpful. It creates a complaint. A sales email generator that sends bland, inaccurate messages can damage trust faster than a slower manual process.

The UK has already seen the reputational version of this. In January 2024, DPD disabled part of its AI-powered online chatbot after a customer prompted it to criticise the company and swear. DPD said an error after a system update was responsible and that the AI element was being updated. The point is not that DPD is uniquely careless. The point is that a customer-facing AI system can become a public brand problem in a single interaction.

For smaller businesses, the risk is usually less viral but more commercially painful. A local accountancy firm cannot afford an AI assistant giving incorrect tax deadline advice. A care provider cannot afford a bot mishandling a safeguarding concern. A specialist manufacturer cannot afford a sales assistant quoting the wrong lead time. A recruitment agency cannot afford automated messages that make candidates feel ignored or misrepresented.

The practical test is simple: if the customer would reasonably rely on the answer, the AI output needs a control. That control might be human review, restricted source material, retrieval from approved documents, confidence thresholds, escalation rules, or a complete decision not to automate that interaction.

Data protection and legal exposure can increase

AI can make a business worse by creating data protection risk that did not exist before. Staff may paste customer records, HR notes, contracts, financial data, board papers, medical details, or supplier disputes into consumer AI tools because the tool is convenient. If the business has not set rules, it may not even know this is happening.

In the UK, the legal frame is not one single AI law. It includes UK GDPR, the Data Protection Act 2018, PECR for electronic marketing, the Equality Act 2010 where bias or discrimination is relevant, employment law, and sector regulation for areas such as finance, legal services, healthcare, and education. The ICO's guidance on automated decision-making and profiling says UK GDPR gives people rights around solely automated decisions with legal or similarly significant effects. The ICO gives examples including automatic refusal of an online credit application and recruitment practices without human intervention.

The fine ceiling is not theoretical either. The ICO's data protection fining guidance states that the higher maximum amount is £17.5 million or 4% of worldwide annual turnover, whichever is higher, for an undertaking. Most SMEs will not face anything near that ceiling, but the ceiling shows why AI data handling should not be treated as a casual software trial.

The safest operating rule is this: do not enter personal, confidential, commercially sensitive, or regulated data into an AI tool unless the business has approved that tool, checked the contract, understood where the data goes, and documented the purpose. For higher-risk use cases, complete a data protection impact assessment before launch.

AI can make staff slower, not faster

AI is often sold as a productivity gain. Sometimes it is. But badly introduced AI can make staff slower because they spend time prompting, checking, correcting, formatting, explaining, and undoing poor outputs. A ten-minute manual task can become a twenty-minute AI-assisted task if the tool is used in the wrong place.

This happens when leaders roll out tools before defining workflows. Staff get access to Copilot, ChatGPT Team, Claude Team, Gemini, or a specialist SaaS product, but nobody says which tasks are approved, what good output looks like, how to check it, or when not to use it. The result is uneven quality. One person saves time. Another creates inaccurate work. A third gives up and goes back to the old way. A fourth quietly uses an unapproved tool because it is easier.

Training costs are real. For a small team, practical AI workflow training might cost £1,500-£5,000. For a wider rollout with policies, role-specific examples, governance, and follow-up support, £5,000-£15,000 is more realistic. That is not wasted money if it prevents misuse, but it should be part of the business case. AI adoption is not free just because the software licence is cheap.

There is also a morale cost. If staff think AI is being used to monitor them, replace them, or judge them unfairly, adoption will suffer. If they see AI as a way to remove boring work and improve service, adoption improves. The difference is not the tool. It is the implementation.

It can hide bad decisions behind confident language

One of the most dangerous features of modern AI is fluency. A poor answer can sound polished. A weak analysis can look board-ready. A false claim can be written in perfect business English. That is risky because managers may review the style and miss the substance.

This is especially dangerous in finance, HR, legal, compliance, procurement, and customer commitments. AI can summarise a contract but miss a key liability clause. It can screen CVs but reinforce historic bias. It can produce a performance note that sounds neutral but is based on incomplete information. It can forecast demand from a spreadsheet without knowing that the underlying data has changed.

The control is not to ban AI from serious work. The control is to define human accountability. A named person must own the decision, understand the source material, and be able to explain why the output is accepted or rejected. The higher the consequence, the stronger the review process needs to be.

A useful test is to ask: what happens if this output is wrong? If the answer is mild embarrassment, the control can be light. If the answer is financial loss, customer harm, discrimination, breach of contract, regulatory trouble, or reputational damage, the AI output needs documented review before use.

Hidden costs can wipe out the benefit

AI projects often look cheap at the tool selection stage and expensive at the operating stage. A licence might be £20-£100 per user per month, but the real cost includes discovery, data clean-up, integration, security review, staff training, process redesign, monitoring, and support.

For a UK SME, a narrow AI pilot might look like this: £3,000-£8,000 for discovery and process mapping, £2,000-£10,000 for data preparation, £5,000-£25,000 for configuration or prototype build, £1,500-£5,000 for staff training, and £500-£3,000 per month for light support. A more serious production workflow with CRM, helpdesk, finance, or document management integrations can move into £30,000-£100,000+.

Those figures are not a reason to avoid AI. They are a reason to insist on a business case. If a workflow saves 20 hours a month and those hours are worth £600, a £30,000 implementation does not make sense unless there are other benefits such as faster sales conversion, risk reduction, improved retention, or higher capacity. If a workflow saves 80 hours a month, reduces errors, and improves customer response time, the same spend may be sensible.

The worst outcome is the middle ground: enough spend to create complexity, not enough discipline to create value. That is where AI makes the business worse. You end up with more tools, more logins, more meetings, and no measurable improvement.

A simple risk check before you start

Before launching an AI project, score the use case against five questions.

• Business value: What measurable outcome improves? Time saved, faster response, fewer errors, more sales, lower risk, or better customer experience?
• Data risk: Will the tool process personal data, confidential information, regulated information, or commercially sensitive material?
• Decision risk: Could the output affect someone's money, job, access to a service, legal position, health, reputation, or important choices?
• Customer risk: Could a wrong answer create a complaint, refund, breach of trust, or public embarrassment?
• Operational risk: Who owns testing, monitoring, staff training, escalation, and improvement after launch?

If the business value is weak and the risk is high, stop. If the business value is strong and the risk is manageable, proceed with controls. If the risk is low and the value is clear, start small and measure. This is not bureaucracy. It is how you avoid turning AI into expensive guesswork.

A good pilot should have boundaries: one workflow, one owner, one data rule set, one success metric, one review date, and one clear route back to human handling. Thirty days is usually enough to know whether a narrow AI workflow is promising. Ninety days is usually enough to know whether it deserves further investment.

If you are comparing routes, our guide to what determines AI implementation project cost explains why data, integration, governance, and support drive the budget more than the model itself.

When this does NOT apply

This warning does not mean every AI use case needs a heavy project. If a director uses AI to draft a non-sensitive agenda, improve a public blog outline, summarise publicly available research, or create first-draft internal notes that are checked before use, the risk is low. You still need judgement, but you do not need a six-week governance exercise.

It also does not apply in the same way if you already have strong data governance, approved tools, staff training, system monitoring, and clear accountability. In that case, AI may be a straightforward productivity layer rather than a major operational risk.

The warning does apply when AI touches customers, personal data, pricing, contracts, recruitment, performance management, regulated advice, complaints, financial decisions, or anything that would materially affect a person. In those cases, treating AI as a quick experiment can make the business worse.

The honest answer is this: AI is right for you if the business problem is clear, the data is usable, the benefit can be measured, and the team knows where human judgement remains essential. AI is not right for you if you are buying it because competitors are talking about it, because staff are excited by tools, or because you want a shortcut around fixing broken operations.

Sources used for this answer

Sources reviewed include DSIT's AI Adoption Research 2025, the UK Cyber Security Breaches Survey 2025/2026, the ICO's guidance on automated decision-making and profiling, the ICO's data protection fining guidance, and reporting on the DPD AI chatbot incident.

Is This Right For You?

This applies if you run a UK SME or mid-market business and you are considering AI for customer service, admin, sales, operations, HR, finance, marketing, reporting, or internal knowledge work. It is especially relevant if staff are already using ChatGPT, Copilot, Claude, Gemini, or other tools informally and you do not yet have clear rules.

It does not apply if you are only using AI for low-risk personal drafting, such as rewriting an internal email or summarising public information, and no personal data, customer commitment, legal judgement, pricing decision, or employment decision is involved. The risk still exists, but it is much lower.

If you want to explore whether AI would genuinely improve your business, book a free call. No pitch, no pressure, just a practical conversation about the use case, the risks, and whether AI is even the right answer.

Frequently Asked Questions

What is the biggest way AI can make a business worse?

The biggest risk is automating a broken process. If the workflow is unclear, the data is poor, or nobody owns the outcome, AI can make mistakes faster and make them harder to spot. Fix the process before adding AI.

Can AI create legal problems for a UK business?

Yes. AI can create UK GDPR, employment, equality, confidentiality, consumer protection, and sector regulation issues if it processes sensitive data or affects important decisions. Higher-risk use cases need approved tools, human review, data protection checks, and documented controls.

Is it safe for staff to paste customer data into ChatGPT or similar tools?

Not unless the business has approved the tool, checked the contract, understood data retention and training settings, and set clear rules. Public or unmanaged AI tools should not be treated as private business systems.

Can AI make customer service worse?

Yes. AI can frustrate customers if it blocks access to a person, gives generic answers, invents policies, mishandles complaints, or fails on edge cases. Customer-facing AI needs strong source control, escalation paths, testing, and regular monitoring.

How much should a small business spend before knowing whether AI is worth it?

For a first serious assessment, £3,000-£8,000 is a sensible discovery budget. A narrow pilot might cost £5,000-£25,000. Spending more than that before proving the use case, data, and workflow is risky for most SMEs.

Should we ban AI at work to avoid these risks?

Usually no. A ban often pushes usage underground. A better approach is to approve specific tools, define permitted and prohibited data, train staff, require human checking, and monitor higher-risk workflows.

What should we do if employees are already using AI informally?

Start with a non-punitive audit. Find out which tools they use, what data they enter, what tasks they apply AI to, and where it helps. Then set rules quickly. The priority is visibility, not blame.

When is AI likely to improve the business instead of making it worse?

AI is more likely to help when the process is repeatable, the data is reliable, the benefit is measurable, staff are trained, outputs are checked, and a named owner monitors performance after launch.