Over a third of small and medium sized enterprises (SMEs) in the UK could be uninsured for the biggest dangers they face, despite some risks costing millions for one in ten companies.

UK businesses have recently been warned about the potential costs of cyber-attacks, which currently stands at an average of £330,000, but for one in ten companies, this could rise to £1 million if they aren’t careful.

However, a new study has found that many firms have insufficient insurance cover for such risks. The study by TLF Research found that 34% of SMEs believe cyber-attacks are the biggest risk to their business, followed by public liability (28%) and crime, such as break-ins (19%).

When it comes to cyber-crime, 30% of respondents state they would be most vulnerable to computer viruses, while 22% claim data theft is the sole digital threat. According to 15% of respondents, a lack of security awareness amongst its employees may be leaving their business vulnerable online.

Jonathan Webber, commercial director for SME Insurance said: “This survey highlights an apparent lack of insurance protection among SMEs for threats that could be potentially catastrophic to their businesses, which unfortunately puts them in a vulnerable position.

“Identifying and securing the insurance protection they need should be their top business priority.”

Security risks were not the only risks concerning small business owners. Following widespread flooding across the UK last winter, 44% of SMEs questioned believe the UK government and the Environment Agency could do more to protect small businesses from flooding, with 22% stating that national flood defences could be improved.

Stephen Love, security practise lead, EMEA, said: “The industry is consistently warning against the risks of leaving a business unprepared and unprotected, yet research shows that a large portion of the UK’s corporate landscape aren’t adhering.

“There is no excuse for this. There are numerous tools and services that can help any business of any size to not only bolster their cyber-security, but can help reduce the fallout – both reputational and financial – if they were to be attacked. And with the EU General Data Protection Regulation only two years from implementation, planning ahead is a vital course of action for any business.”