Most small-business owners (78 percent) still don't have a cyberattack response plan, even though more than half (54 percent) were victim to at least one type of cyberattack.

About 60 percent of those who did experience a cyberattack said it took longer than a month to recover. By contrast, of those who have not encountered a cyberattack, more than half (57 percent) think their company could recover within a month.

Those findings stem from Nationwide's second annual Small Business Indicator, a national survey conducted online by Harris Poll on behalf of Nationwide from June 10-23 among 502 U.S. small-business owners with fewer than 300 employees.

"Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets," said Mark Berven, president of Nationwide Property & Casualty, the No. 1 total small-business insurer. "That's why we wanted to raise awareness of this trend for both agents and their small-business clients during National Cyber Security Awareness Month."

According to the survey, 45 percent of small-business owners who do not have a cyberattack response plan in place said they don't feel their company will be affected by a cyberattack (compared to 40 percent last year).

At the same time, the majority (68 percent) are at least somewhat concerned about a potential cyberattack affecting their business — especially since 54 percent were victim to at least one type of the following attacks:

1. Computer virus (37 percent)

2. Phishing (20 percent)

3. Trojan horse (15 percent)

4. Hacking (11 percent)

5. Unauthorized access to customer information (7 percent)

6. Unauthorized access to company information (7 percent)

7. Issues due to unpatched software (6 percent)

8. Data breach (6 percent)

9. Ransomware (4 percent)