The US government is making it easier for small businesses to beef up defences against cyber criminals through a free online tool, the top US communications regulator has said. The Small Biz Cyber Planner will allow business owners to create customised cyber-security plans by answering basic questions about their company and its online presence. \"Forty per cent of all targeted attacks today are directed at companies with less than 500 employees,\" said Cheri McGuire, vice-president of global government affairs and cyber security policy at Symantec Corp. The Obama administration has pushed initiatives to protect businesses and consumers from data breaches as lawmakers remain at odds over comprehensive cyber-security legislation. The administration\'s latest effort — a collaboration of government experts and private information technology and security companies, including the Federal Communications Commission, the Department of Homeland Security, the US Chamber of Commerce, Symantec, Visa Inc, Automatic Data Processing Inc, Bank of America Corp and others — will be available in November. \"Small businesses that don\'t take protective measures are particularly vulnerable targets for cyber criminals,\" FCC chairman Julius Genachowski said. A new survey by Symantec and the National Cyber Security Alliance released on Monday found that only 52 per cent of small businesses had a basic cyber-security strategy or plan. The survey revealed a false sense of security among small business owners. Eighty-five per cent of owners said their companies were safe from cyber threats; yet 77 per cent had no formal written internet security policy, and of those, 49 per cent did not even have an informal policy. \"With larger companies increasing their protections, small businesses are now the low-hanging fruit for cyber criminals,\" Genachowski said. The average annual cost of cyber attacks last year was $188,242 (Dh691,412) for small and medium-sized businesses, with down-time costing some small firms $12,500 a day. Senate aides say it is unclear whether a comprehensive cybersecurity bill will come to a floor vote before the end of the legislative session. The bill, being drafted by Senate Democratic leader Harry Reid\'s office, would require companies to notify consumers when breaches put personal data at risk, and it would authorise the Department of Homeland Security to ensure minimum standards are met in monitoring for possible attacks.