The study, conducted by cybersecurity company Webroot, also showed that 48% of those surveyed have had to deprioritise activity that would aid business growth to address cybersecurity issues.
Second only to Brexit, cybersecurity is the biggest source of uncertainty among those surveyed. And SMEs are spending almost an entire working day on cybersecurity related tasks.
Forty-eight per cent reported having suffered a cyber attack or data breach of some kind, and one in seven saying it had happened more than once. The study found that 70% of the businesses to have suffered a cyber attack were utilised to gain access to a larger business they work with. That, in turn, resulted in soured relationships with their clients for 48% and another 22% who said they lost contracts.
Paul Barnes, senior director of product strategy at Webroot, said:
"[SMEs] can no longer consider themselves too small to be targets. They need to use their nimnle size to their advantage by quickly identifying risks and educating everyone in the business of how to mitigate those risks, because people will always be the first line of defence. Working with the right cybersecurity partner or managed services provider to develop the right strategy for their size will allow smaller businesses to prioritise the activities that matter most and help them grow."
Commenting on the findings, serial entrepreneur Theo Paphitis, said: "This research from Webroot shows that [SMEs] can no longer afford to believe they're too small to be targeted. But it's clear there needs to be a balance. It's concerning that smaller businesses have had to deprioritise activities that would help them grow in order to address security issues. Educating small businesses on cybersecurity and helping them get the right support to address challenges is crucial. Small businesses are in the unique position to act quickly and be more flexible than their larger counterparts."