The Federation of Small Businesses (FSB) study discovered that smaller businesses are collectively the target of 7m attacks a year, with two-thirds of small businesses reporting being a victim of cyber crime in the last two years and the average victim being subject to four cybercrimes during that timeframe.
The constant bombardment of attacks is costing businesses dear, wiping £5.3bn from their bottom line every year.
The FSB is warning that, if small businesses cannot use the internet safely, it could seriously stifle their chances of growth, as virtually all (99 per cent) of those surveyed said the internet was crucially important to their business.
"The digital economy is vital to small businesses – presenting a huge opportunity to reach new markets and customers – but these benefits are matched by the risk of opportunities for criminals to attack businesses," said Mike Cherry, FSB national chairman.
Small businesses are more than well aware of the need to protect themselves from cyber threats, with nearly all (93 per cent) of those surveyed saying they had taken steps to protect themselves. Four our of five (80 per cent) small firms use computer security software, while more than half (53 per cent) carry out regular updates on their IT systems.
"Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so," said Cherry. "Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks.
"We're calling on government, larger businesses, individuals and providers to take part in a joint effort to tackle cyber crime and improve business resilience."
A report from the Department for Culture, Media and Sport (DCMS) published in May found that two-thirds of large businesses had been hit by a cyber breach or attack in the past year.
However, the government report called on big business to do more to protect itself. For instance, the report found the majority of attacks involved viruses, spyware or malware, which may well have been prevented if those involved had been part of government’s Cyber Essentials scheme.
Read more: UK sleepwalks into cyber crisis
The FSB report also highlighted some areas where small businesses could improve. For example, just a quarter (24 per cent) have a strict password policy in place and less than one in 20 (four per cent) have a written plan of action to help them cope in the event of an attack.
A DCMS spokesperson said: "The FSB report is right to highlight the significant cyber security risk to businesses.
"We are already addressing many of its recommendations and investing £1.9bn to improve the UK's cyber security, including creating a new National Cyber Security Centre to provide a single point of contact where industry can seek advice.
"But we can't do this alone – businesses need to take action to protect themselves by taking up government’s free guidance and adopting our Cyber Essentials scheme."