More than 77 percent of small business owners surveyed said their company was safe from hackers, viruses, malware or other threats, but 83 percent of the businesses have no formal cybersecurity plan.
"Small businesses are being targeted because cybercriminals know that they more than likely have less of a defense and are an easier target, " said Michael Kaiser, executive director of the National Cyber Security Alliance.
Small business owners often assume they have nothing of value to a cybercriminal, so they don't take precautions to protect information, like customers' personal data, Kaiser said.
According to the survey, Kaiser is right. About 60 percent of businesses had no plan for a data breach and 66 percent of small business owners were not even concerned about cyberattacks.
"They need to understand that any business is part of the ecosystem, so whether you have customer data, or lists of customers, or any sort of customer information, whatever it might be, that data is what cybercriminals are often trying to harness, " Kaiser said.
The survey, which was conducted in September and based on data from 1, 015 U.S. small businesses, was released this week as part of National Cyber Security Awareness Month, a national effort aimed at promoting cybersecurity in both the private and public sectors during October.
A recent string of cyberattacks on U.S. banks has heightened international concern. However, much of the dicussion has focused on threats to national security and large corporations, not small businesses.
"The kinds of threats small businesses face look like the threats larger enterprises face as well, " said Kaiser.
Kaiser said one of the most common threats to small businesses is phishing, when a hacker steals information by posing as a trustworthy source.
Small businesses can help decrease their risk of attacks by making sure all company computers are clean, which means making sure machines are malware free and all software is up to date, and by implementing an online policy for employees, which defines what employees are allowed to do online.
"There's the human factor that you need to train your employees, " Kaiser said. "Small businesses need to understand what their employees are doing, and their employees need to understand what they are allowed to do or what they should really not do."