Small enterprises represented 61% of companies affected by credit card hacking in 2013, according to British global payments company WorldPay.
Payment data breaches have cost WorldPay’s customers £870,000 ($1.47m) in the past three years and hit electrical, general and clothing retailers especially hard.
Dave Hobday, managing director at WorldPay, said that small firms still did not know how to protect themselves from a breach.
Companies that did not take the necessary steps to protect their customers’ data – known as the Payment Card Industry Data Security Standards – could face serious costs, warned WorldPay.
"The cost of a card data breach can be hefty. Our small business customers could pay up to £4,100 just to investigate what happened," added Hobday.
According to WorldPay, simple verifications could be enough to protect small companies, such as changing passwords, keeping a clear list of suppliers and service providers, regularly testing the firewall and securely destroying all unneeded card data files.
This warning follows a research by London-based accountancy firm PricewaterhouseCoopers (PwC) for the UK government’s Department of Business, which found that a cyber attack on a small company – with less that 50 staff – cost it between £65,000 and £115,000.
An attack on larger firms – with 250 or more employees – cost between £600,000 and £1.15m.