A fifth of British firms suffered a cyber attack last year while larger firms are more likely to be targeted, according to new research.

The British Chambers of Commerce surveyed 1,200 companies and found that 42 per cent of firms with more than 100 staff had to fend off an attack in 2016 compared with 18 per cent of smaller companies.

The BCC also found that just a quarter of the companies it spoke with had security measures in place to defend against an attack.

"Cyber attacks risk companies' finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity,” said BCC director-general Adam Marshall.

"Firms need to be proactive about protecting themselves from cyber attacks.”

The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and introduces mandatory data breach notification, with the protection of personal data at its heart.

"Firms that don't adopt the appropriate protections leave themselves open to tough penalties," added Marshall.

A recent report published by the Institute of Directors and Barclays revealed that many businesses do not have a formal cyber security strategy.

And when we spoke with PwC security expert Asam Malik, we heard that security must be taken more seriously at executive level as companies are more likely to suffer a cyber attack than a fire or flood.