Cyber security and data protection are only ranked third as priorities in UK boardrooms, acccording to consulting firm KPMG.
The KPMG "Business Instincts Survey" is a poll of 500 C-level executives from businesses across the UK. It found that "under-investment" has left many businesses acknowledging the need to increase spend on secure technology.
Yet despite acceptance that cyber security is critical to long-term business operations, 36 percent of those polled said that investing in people skills had become their number one concern, with 19 percent also more focused on plant or machinery purchases.
Martin Tyley, a partner in KPMG's cyber security practice, said: "Every day we hear of new cyber attacks and incidents, but the knock-on effect is that boardrooms become wary of scaremongering.
"I see a real risk of boardrooms doubting the severity of the issue and the extent of their vulnerability. Instead, by better understanding the cyber threat landscape and ensuring cyber security is weaved into everything else that is done, it's much easier to positively manage the risk rather than reacting when things go wrong."
According to the findings, when it comes to technology the board is concerned about how social media is used to liaise with customers. Executives are also "worried" about data analytics and whether cloud computing can make a difference to their business.
In addition, they remain unsure how to maximise the opportunities secure technology can offer, collectively ranking "the need to get the best from IT investment" as the most important technology-driven priority.
Tyley said: "There is an increasing optimism among UK businesses who have indicated a gradual rather than explosive approach to their investment plans this year. Many businesses are feeling that under investment in technology during the downturn has led to the problem of playing 'catch up' with competitors, but the solution is not as simple as splashing the cash."
He said: "The right approach is to remain aware of the changing cyber and technological threats facing business, and training staff - as they are on the front-line when it comes to security - and making sure that responsibility is understood to be a firm-wide issue."