Small and midsize businesses are waking up to the threat of online attacks and information loss, which they now rank as their top business risks. Perhaps it's because 73% of SMBs report that they've been the victims of cyber-attacks in the past year, and 42% have lost confidential or proprietary information. As a result, all affected businesses suffered direct losses, either in revenue or clean-up costs.

Those findings come from the new 2010 Global SMB Information Protection Survey released today by Symantec. For the report, Applied Research surveyed 2,152 executives and decision-makers at small and midsize businesses -- defined as having 10 to 499 employees -- in 28 countries, in May 2010.

Based on the results, "we see SMBs getting very serious about information protection -- they're seeing information loss being a real threat to their company and cyber-attacks continue to be a menace," said Bernard Laroche, senior director of product marketing at Symantec.

The level of SMBs' security awareness is new. "In the past, cyber-attacks were perceived by SMBs to be something just for enterprises," he said.

The survey also found that 74% of SMBs are concerned about losing proprietary or confidential data. But their understanding of actual risks may be incomplete, given that 47% said their company never backed up data, with 39% of them saying that it "never occurred to us to do so."

But there's been progress. According to a study conducted by Symantec in late 2009, one-third of SMBs didn't use antivirus and half didn't systematically back up critical business data.

Today, however, 92% of SMBs use antimalware software, and roughly two-thirds of IT time at SMBs is devoted to protecting information, with a company spending, on average, $51,000 per year to handle information security, backup and recovery, archiving and disaster preparedness.

For the 42% of SMBs that lost information in the past, when characterizing the causes and frequency, respondents cited outsiders (24%) or insiders (19%) stealing information, insiders accidentally losing information (21%), partners illegally stealing (12%) or accidentally losing (13%) the data, or a broken business process that accidentally exposed sensitive information (12%).