They can strike anyone, anytime, anywhere. Whether they use a phish, a virus or even a Trojan horse malware, cybercriminals are targeting Fortune 500 companies on Wall Street — but increasingly even smaller stores on Main Street.

In fact, the U.S. Small Business Administration claims that small employers are becoming an attractive target for cybercriminals because they have valuable customer data, provide access to larger networks such as supply chains, and often lack the resources or personnel to focus on cybersecurity.

Cyberattack response plan a good idea

Despite this trend, new research from Nationwide released during National Cyber Security Awareness Month reveals that most small-business owners (78 percent) still don't have a cyberattack response plan — even though the majority (68 percent) are at least somewhat concerned about a potential cyberattack affecting their business.

Our survey also found that more than half (54 percent) of small-business owners were victim to at least one type of attack. The top three attacks were a computer virus (37 percent), phishing (20 percent) and a Trojan horse malware (15 percent). Other attacks included hacking (11 percent), unauthorized access to customer information (7 percent) or company information (7 percent), issues due to unpatched software (6 percent), data breach (6 percent) and ransomware (4 percent).