Bitdefender data suggests firms are suffering millions of malware attacks every month.
One in five SMBs were still using Windows XP more than a month after support expired, according to a study, exposing themselves to serious security risks.
Hackers are targeting those thousands of small companies still running the aged operating system with millions of malware attacks a day, said security firm Bitdefender, after it surveyed 5,000 firms from March to May.
Microsoft killed support for XP on April 8 as it tried to shift businesses onto a more recent OSs Windows 7, 8 or 8.1, meaning it no longer issues patches to solve security risks on the 13-year-old operating system.
But Bitdefender found one web marketing business that had to tackle nearly 800 million malware attacks over the course of the three months.
Chief security strategist Catalin Cosoi added: "Swift migration from XP is a must for all users. A few weeks after the end of support announcement, a new Internet Explorer zero-day vulnerability turned into a permanent threat for XP users.
"That was until Microsoft issued a patch that was made available for Windows XP users as well. However, this was an exception that shouldn’t make enterprises believe it will happen again, so the swift migration from XP is a must for all users."
The Bitdefender research also found that 37% of SMB staff work remotely or from home, playing into BYOD security worries, while 17% of their employers allow workers’ personal devices full access to their virtual private networks.
The news comes after a security expert claimed hackers would "save up the ammo" to attack XP users once support expired.