Just one-fifth of organisations around the world believe they are well prepared for cyber attacks, despite the number of highly damaging data breaches reaching an all-time high.
That is according to a survey of almost 4,000 chief information officers by KPMG, which finds that three-quarters are more concerned about the threat of organised cyber crime than anything else.
Almost a quarter more respondents are prioritising improvements in cyber security than in 2017, making this the fastest growing IT concern for company boards globally.
"The seemingly inevitability of a cyber attack crosses all borders, and has now crossed firmly over the threshold for board-level discussions," KPMG International global cyber security services co-leader, Akhilesh Tuteja, said.
"Protecting the business from a cyber attack has jumped further up the boardroom agenda than any other item and IT leaders are being encouraged to make their defences the best they can be."
The combined annual cyber security spend of the organisations that responded to the KPMG survey is $46bn (£34.5bn), with the research finding that utilising consumer data while maintaining privacy is now a key challenge facing firms.
'Customer centric' organisations that manage this balance most effectively were found to be 38% more likely to report greater profitability than their competitors.
The difficulty businesses are having managing data was reflected in 38% of firms saying they did not expect to be compliant with General Data Protection Regulation when asked back in April.
This drive towards protecting data has caused a huge spike in demand for security and resilience expertise, with skill shortages in this area jumping 25% year-on-year.
Two-thirds of the survey respondents said skill shortages are preventing them from keeping up with the pace of change, citing big data and analytics as those that are hardest to find for the fourth year in a row.
"CIOs have a really difficult tight rope to walk," said Albert Ellis, CEO of the Harvey Nash Group which produced the survey with KPMG. "On one hand the board is asking them to drive innovation, on the other it is demanding data integrity and resilience.
"The organisations that can get this balance right, between innovation and governance, are in the strongest position to compete in an increasingly complex technology environment."