Data leaks cost small and medium-sized businesses (SMBs) an average of £200,000 each during the past year, research shows.
More than two thirds of over 2,000 SMBs surveyed in Europe, the Middle East and Africa ranked data loss to be their top business risk, according to Symantec's SMB Information Protection Survey.
This represents a significant improvement over the 2009 survey, which showed a high percentage of firms were failing to put in even basic information protection, but gaps still remain, the research found.
The latest survey also found that only 28% of SMBs protect smartphones with passwords and only 18% rate their disaster preparation as "good" or "excellent".
That is despite that fact that each year SMBs lose an average of £202,000 to cyber attacks, the survey found.
Some 77% of respondents said they had been affected in the past year, with 26% admitting they had been "somewhat" or "extremely" affected.
Forty-seven per cent of SMBs said they had lost confidential data in the past, mainly (52%) though deliberate theft.
"It is encouraging to see that the growing cost of data loss and cyber attacks seems to have persuaded more SMBs to take the issue seriously," said Ross Walker, director of SMB for UK and Ireland at Symantec.
But, he said, more work has to be done to protect information on mobile devices.
The 70% of SMBs still not password protecting smartphones and the 30% failing to password protect laptops, are running the very real risk of harming their businesses and business reputations through losing confidential data, said Walker.
SMBs now need to move from an increased awareness to putting in policies and procedures to protect all end-point devices and ensure application and security software is up to date, he said.