More than 1 in 5 SMBs in the U.S. surveyed by Intuit showed that cyberattacks are one of the biggest threats to their business. Pictured: Network cables are plugged in a server room in New York City. (Photo by Michael Bocchieri/Getty Images)

Intuit QuickBooks on Tuesday released research that found some 42% of small- to medium-sized businesses (SMBs) say they’ve already experienced a cybersecurity breach.

The survey also reports that more than 1 in 5 SMBs — 23% — describe cyberattacks as one of the biggest threats to their business. Malware (18%), phishing, (17%), and data breaches are the most common threats SMBs face, followed by website hacking (15%), DDoS attacks (12%) and ransomware (10%).

Intuit’s survey was based on responses from 8,000 employees and 2,000 small business owners in the United States.

The Intuit survey highlights a growing and under-reported area of cybersecurity, said Monica Jain, co-founder and chief customer officer at LogicHub. Jain said while we routinely hear about large enterprise breaches and huge numbers of customer records being exposed, there’s less attention paid to smaller businesses that routinely face data losses and business interruption from attacks.

"Building adequate cyber defenses is complex and requires highly trained and difficult-to-find experts,” Jain said. “As an industry, we need to find better ways to make advanced detection and response accessible to a much wider audience."

Mohit Tiwari, co-founder and CEO at Symmetry Systems, said while SMBs are at risk, there are several low-hanging fruit steps they can take to improve their security. Tiwari said SMBs can start by using hardware-keys for phishing-resistant authentication and then identify "crown jewel" assets, such as customer data. 

“Deluging the SMB audience with confusing security-speak does not immediately help," Tiwari said. “How are they supposed to respond to malware, phishing and data breaches as a set of problems? ‘Cyberattacks are a problem’ feeds the vague sense of doom. Pushing concrete steps that improve security posture would be far more valuable.”