There has been some very positive data regarding small businesses in recent weeks and months. Confidence is way up – even to historical highs in some surveys – and most small-business owners believe that 2015 will be a banner year. However, one survey came out recently that should be a bit of a wake-up call to overly-optimistic business leaders today. Two words: Data security.

The National Small Business Association’s (NSBA) most recent survey reported that more than 90% of small-business owners believe that cybersecurity is a concern for their companies right now. Further, half of owners said their companies have been victims of a cyberattack, and 61% of those data breaches have come within the past 12 months. So, in the same survey in which 72% of small-business leaders said they’re either somewhat confident or very confident about their firm’s financial future, these company executives are also admitting to being highly worried about whether their information, data, and technology systems are protected enough from hackers.

It’s a concern that all companies should have – and that all good leaders are doing something about. The reason? It’s a financial decision right now. Think of it like insurance. The NSBA survey also reported that data breaches come at an onerous cost to companies – on average, each attack costs small businesses $20,752, or about 140% more than the per-attack average from the prior year.

The costs come in recovering data, communicating with clients, suppliers, and employees, and implementing new systems. The way to avoid all of that is to invest in the insurance of data security now. Make sure your web host is secure and hasn’t suffered a data breach recently, establish firewalls, limit collection of credit card information from clients, and immediately erase the financial information of any client as soon as possible after a transaction is complete.

Plus, make sure you’re educating employees. This is something all people at a company can help to combat. They should create strong passwords (upper case, lower case, numbers, and symbols in every one), change those passwords frequently, and log in to the company’s network only through secure online systems. It’s a new day out there and the breeding ground for online thieves is very fertile. Take steps now to ensure your company is safe.