Small- and medium-sized businesses are in denial about the threat posed by cyberattacks, security software firm McAfee concluded in a study published this week.

While most small- and medium-sized companies believe that they operate under cybercriminals' radar, the study found that one-in-five firms have been attacked. The survey -- which polled 500 companies with 1,000 employees or less -- found that for every eight firms, only ten employees were dedicated to managing the businesses' information-technology systems. A vast majority of the firms, more than 90 percent, stated that online access is very important to running their business.

"What came out of this (report) was, not only are they are target, but that a lot of the cybercriminals would prefer to go after the small- and medium-sized businesses," said Darrell Rodenbaugh, senior vice president for McAfee's mid-market sector. He added: "And one-in-three have said that if they had a serious attack, it would put them out of business."

While large companies have dedicated staff and invest in security technology, their networks continue to be successfully attacked. In 2007, the number of publicly reported data leaks reached a record high while the amount of malicious code detected by software giant Microsoft jumped 40 percent. In December, a survey of privacy and security professionals found that 85 percent believed that a reportable breach had occurred in their company in the past year.

The most recent study adds more fodder to corporate IT concerns. The average company had a single person spending one hour per week on information-security issues, the study found. McAfee's Rodenbaugh sees that as a challenge for security companies that want to target the small- and medium-sized business market.

"The last thing they should have to worry about is security, and this tells us that, in fact, that is the last thing they are worrying about," he said. "That means that we need to provide these companies with security technology that allows them to only spend an hour a week and still be secure."

If you have tips or insights on this topic, please contact SecurityFocus.