According to the security firm, nearly a third of the companies surveyed had been attacked four or more times in the past three years. A quarter of those attacks took the company more than a week to recover.
However, the companies surveyed still refused to believe that they are prime targets for attack.
Some 52 percent said that their company was too small to be noticed by criminals, and 46 percent did not believe that their company could make a cybercriminal money. In addition, the study found that 43 percent run with the default settings on all IT equipment, ignoring customization for security.
"Just because a business is small does not mean that it is immune to security threats," said Darrell Rodenbaugh, senior vice president of the mid-market segment at McAfee.
"For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation," he said.
Time is also a major factor contributing to lax security, according to McAfee. The study found that 42 percent of SMBs have an hour or fewer to spend on security management.
"Time constraints are definitely a contributory factor to SMB security," said Rodenbaugh. "In focus groups, SMBs have told us that they do not have enough time and they would rather not do anything rather than give it to someone else to do."