One in five British firms was hit by a cyber attack last year, research suggests.
Larger firms - defined as those with over 100 staff - were more likely to be attacked than smaller counterparts, said the British Chambers of Commerce (BCC), which surveyed 1,200 companies.
Its report found 42% of larger firms had been the victim of a cyber attack, compared with 18% of smaller ones.
The business group has urged companies to do more to protect themselves.
Just a quarter of the firms the BCC surveyed said they had put in place security measures to protect themselves against hacking.
"Cyber attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity.
"Firms need to be proactive about protecting themselves from cyber attacks," said BCC director-general Adam Marshall.
Household names including Yahoo, eBay and TalkTalk have all fallen victim to major cyber attacks.
Last year, Tesco Bank reported losing £2.5m in an unprecedented breach at a British bank.
The law requires organisations to have appropriate measures in place to keep people's personal data secure.
Next year data protection regulation will be extended, increasing businesses' responsibilities to protect personal data.
"Firms that don't adopt the appropriate protections leave themselves open to tough penalties," warned Mr Marshall.