Nearly half of all small and midsize businesses (SMBs) have fallen victim to cybercrime, yet some still are operating with no security defenses in place, according to a report released this week by anti-virus firm Panda Security.

The second annual survey of SMBs – organizations with up to 1,000 computers – found that malware has infected 46 percent of U.S.-based respondents' places of employment over the past year. The survey of nearly 10,000 SMBs worldwide, including 1,500 in the United States, also found that loss of time and productivity were the main consequences of infections worldwide.

Fewer respondents said data loss was the main consequence, but because most malware today is designed to quietly pilfer information, theft may go undetected by users, the survey concluded.

The survey also found that email and the internet were the most likely entryways for malware. In addition, there was a “marked increase” this year in the number of infections through USB drives, and a drop in infections caused by internet downloads, peer-to-peer networks and chat programs, possibly due to reduced use of these applications.

Thirty-one percent of respondents are operating with no anti-spam solution, 23 percent with no anti-spyware and 15 percent with no firewall. Thirteen percent of SMBs in the United States have no security systems in place at all, the survey found.

“Many SMBs simply don't have the resources in terms of budget, time and human capital to devote to protecting their computers and sensitive data,” Sean-Paul Correll, threat researcher at PandaLabs, said in a statement.

Security budgets have, for the most part, remained stable since last year, with 20 percent of global respondents reporting their spending plan has slightly increased, the survey found.

Despite the concerning numbers, the majority of SMBs in all regions understand the importance of IT security, the survey found. And 63 percent of American SMBs have someone dedicated to IT security management.