About 70% of small companies are ill-equipped to deal with IT security breaches, according to a National Computing Centre survey.
Many small and medium-sized enterprises risk going out of business if they are hit by a serious breach, the NCC warned.
The survey involved more than 500 small firms on behalf of the government's Business Link agency.
Business Link has been working with the NCC to develop security tools and produce guides that are relevant for anyone starting or growing a small business.
The IT risk tools are designed to enable small companies to reduce the time and costs associated with managing an efficient and secure IT system.
Mark Holden, Business Link IT security expert, said, "Once a business has carried out an IT risk assessment with the risk tools we have available, they will be given a detailed breakdown of their risks and detailed advice on how to reduce them."
The survey found the most common risks are from viruses, often resulting from employees opening unsolicited e-mails.
The NCC found that 20% of small businesses had experienced online security problems, and 50% said it was possible they could be affected again this year.
About 70% said IT was critical to their business, but they were not equipped to deal with IT threats such as viruses, fraud and system failure.
According to security software company Sophos, 15,000 new viruses were discovered last year alone, but despite this, the NCC said half of the businesses questioned did not have concrete plans in place to deal with such threats.
This year's annual Department of Trade and Industry/PriceWaterhouseCoopers security survey shows that 95% of companies of all sizes use anti-virus software, but 35% are still reporting virus infections.