Three out of five firms experienced at least one cyber attack over the last 12 months, compared with less than half in the previous year, a survey of 5,400 organisations has found.
The findings also show that average cyber attack losses have increased by 61% to $369,000 (£319,000) over the last year, and have soared from $162,000 to $700,000 for large firms.
And the research found that larger businesses with 50 to 249 employees are most likely to suffer an attack, with the proportion targeted jumping from 36% to 63%.
But while larger firms are still most likely to suffer an attack, the proportion of small companies with less than 50 staff that reported an incident increased from 33% to 47%.
"For the first time, a significant majority of firms report one or more cyber attacks in the past 12 months," said Gareth Wharton, CEO at Hiscox Cyber, which commissioned the research.
"Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The threat has become the unavoidable cost of doing business today."
The survey was conducted across the US, UK, Belgium, France, Germany, Spain and the Netherlands.
It was also found that 41% of firms now claim to have taken out cyber insurance cover in the last year, up from 33% over the previous 12 months, with a further 30% planning in the next year.
Moreover, the average spend on cyber security is now $1.45m, up 24% on 2018, with 67% of respondents set to increase their budgets by 5% or more in the year ahead.
However, after using a quantitative model to assess firms for their cyber readiness, just 10% achieved 'expert' status this year, slightly down from 11% in 2018.
Nearly three-quarters ranked as unprepared 'novices', while there was a sharp drop in the number of larger US and German firms achieving expert scores.
"The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy," Wharton added.