Two in five small businesses do not believe they are at risk of a cyber crime but anyone could become a target, according to a survey carried out by Aviva.
Based on a poll of 1,500 companies, almost a quarter (23%) admitted to not knowing what to do to protect themselves in the event of an attack, and 8% had not thought about the risk at all.
When asked which types of cyber crime respondents were aware of, 77% cited phishing, 69% were familiar with identity theft and 66% had heard of hacking.
Other responses included ransom demands as cited by 43% of companies, followed by pharming (46%) where internet users are directed to a bogus website mocked up to look like a genuine one.
Angus Eaton, managing director of commercial lines at Aviva, said it was a "mistake" to think criminals would only target big businesses.
"These criminals operate in ever more sophisticated ways using malicious codes to search out vulnerabilities online so anyone could become a target," he said.
More than a third of business owners said they had been the victim of cyber crimes such as hacking, phishing and pharming, with 75% of those estimating the cost of recovery to be up to £1,000.
For 6% of victims it cost up to £5,000 to remedy the damage and a further 4% estimated the cost of recovery to be up to £10,000.
The survey also reported these costs related to loss of money, fixing the issue, reputational damage, loss of assets or intellectual property and payment of ransom demands.