Startups take note: Cybercriminals are onto you.

Cyberattackers can sniff out new businesses to target as quickly as two months after they come into existence, according to a new report from cybersecurity firm Symantec (SYMC). By the time a startup is five months old, it has already been targeted by hundreds of spam messages and malware.

Once a new business sets up a website and its first emails and instant messages are exchanged, cyberattacks are triggered almost immediately, the report said.

The frequency of cyberattacks rapidly increases after a startup's launch. As employees inadvertently click on malicious content in emails, malware will start spreading to other accounts throughout the company. Within 10 months, most startups will have been infected with malware.

Related Story: Cybercrime's easiest prey are small businesses

"Startups are incredibly vulnerable to cyberattacks in their first 18 months," said Brian Burch, vice president with Symantec. "If a business thinks that it's too small to matter to cybercriminals, then it's fooling itself with a false sense of security."

The report showed that malware attacks typically peak in either the fifth or 10th month for a new business, while spam messages typically spike in either the fourth or 14th month.

Special report: State of Small Business

Cybercriminals are intently focused on preying on new small businesses for several reasons. Early stage businesses are easier to infiltrate than established companies that have spent the time and the money to fortify themselves against cyberattacks. And as the economy improves, there's been a jump in new business creation.

Every small business, regardless of size, has some information that cybercriminals want, whether it's bank details, client information or intellectual property. And there's money to be made on the black market from selling that information to unethical buyers.

"Wherever money collects, it attracts the bad guys," said Burch. "Small business have to realize that they are not invisible."