Experts now consider cyber terrorism a real threat, and small businesses might be more vulnerable than big corporations.

A cyber attack on a major corporation could spell headaches and cost millions of dollars, but a cyber attack on small businesses in certain industries could have a devastating impact on the nation, according to a recent report commissioned by Symantec (NASDAQ:SYMC).

After surveying 1,580 private businesses ranging from 10 employees to more than 10,000 in industries deemed critical infrastructure providers, Symantec found that only one-third of respondents felt “extremely prepared” against cyber attacks launched for political gain.

“Energy, banking, finance, communications, information technology, health care and emergency services are really important to the country,” said Justin Somaini, chief information officer for Mountain View-Calif.-based Symantec.

Attacks were also reported to be more effective in small businesses than in large enterprises that tend to have safeguards for their infrastructures.

“If one of these segments went down because of a cyber attack it can create a national or regional problem.”   He also explained that 80% to 85% of critical infrastructure is in the private sector and a good portion of it is small businesses.

According to Symantec, companies big and small are being targeted more frequently by specific political attacks and are costing businesses a lot of money. 

About half of the survey respondents said they suspected or were “pretty sure” they had been the subject of an attack with a specific political goal in mind. Of the cyber-attack victims, businesses reported being hit 10 times in the past five years

The survey showed the banking and finance sectors reported the most attacks, while IT was the least likely to be attacked.

And businesses aren’t hopeful; 48% of respondents think they will be attacked in the future and 80% think the frequency of attacks will remain the same or increase.

Cyber terrorists attack with different methods; it could mean crashing a company’s Web site, hacking an employee’s information or slowing down a site. If an ambulance company’s system to handle distressed calls is taken down because of a cyber attack, the repercussions could be devastating.

So what can small businesses do to protect themselves from these nefarious attacks? According to Symantec, the first step is to develop and enforce IT polices. The policies need to be clearly defined and implemented across all locations of a business. That way, threats can be indentified and taken care of regardless of what office it happens in.

“Slapping in some software won’t necessarily solve the problem if it’s not consistent and there isn’t a thought process behind it,” said Somaini.

Small businesses can also stay on top of who has access to data and information and how it leaves the office. If the CFO of a company takes his/her laptop home every night and it has key data on it, make sure the home network is as secure as if in the office.

One step that Symantec says can go a long way in protecting computer systems is to make sure the software patches are updated as often as needed. Symantec found in an earlier survey that 60% to 80% of security issues could be resolved by a patch released six months or more ago.