More employees are being targeted online by hackers trying to gain access to sensitive company information.
Communications Minister Amy Adams, who opened this year's Connect Smart Week, warned that, globally, cyber crime was a sophisticated industry that was bigger than the drugs trade and growing rapidly.
New research by Colmar-Brunton had shown that, although more New Zealanders were aware of cyber security, fewer people were taking steps to protect themselves online.
The study found 20 percent of respondents had personally experienced cyber crime such as malware damage, social media or bank account hacking, phishing, ransomware or online scams or fraud in the past 12 months.
However, the number of people updating or installing security software, changing passwords and checking social media privacy settings had all fallen from the same time last year.
The research found 76 percent of New Zealanders had taken some steps to manage online security, but the rate had fallen from 84 percent when the research began in 2014.
Ms Adams said only 17 percent of employees said they had received training or advice about staying safe while online.
"Boards can't delegate this down to the IT department. This has to be critical risk analysis for every business in New Zealand.
"And when you think about cyber security as a business, it is unavoidable that one of the biggest risks to your business is the people in your business," she said.
Technology company Dimension Data said there had been an increase in the number of online attacks against businesses.
Its chief executive, Jo Healey, said hackers were increasingly trying to get information by specifically targeting employees.
"Cyber criminals continue to look for the low-hanging fruit and the weakest link in the chain, and today this is unfortunately our employees," Ms Healey said.
"[Employees] want remote access to sensitive data from just about anywhere in the world, from any network, and any device.
"Companies must communicate clearly with staff what their online policies are and ensure they have ongoing up-to-date training."
The research surveyed 1000 New Zealanders who used the internet, and the results were weighted by age, gender and region.
It also found that the rate of people saying they did not know how to protect themselves from cyber attacks had risen from 32 percent in 2014 to 41 percent, and despite this very few people had asked for or received advice or training from their employer.
Results had a margin of error of +/- 3.1 percent.