IT security firm Check Point found that under half have deployed data encryption, and fewer than 40 per cent have any endpoint security deployed on PCs, laptops and mobile devices.
The email survey showed that the majority of respondents believe their company to be secure against data leaks, and just 11 per cent believe that a highly publicised loss of personal data would influence their IT spending priorities.
The research also showed that business PCs, laptops and mobile devices are vulnerable to threats from malware as the majority have no endpoint security to protect against unauthorised access or malware.
Interestingly, 73 per cent of respondents said that their organisation's IT security policy includes data protection guidelines such as the use of USB drives for transporting data.
"It is worrying that a majority of companies feel safe against data loss, yet over half do not have basic security measures in place to stop the type of employee behaviour that caused the leak at HMRC," said Nick Lowe, regional director for Check Point in northern Europe.
"Securing any kind of sensitive data must be automated so that employees cannot alter or stop the security processes.
"Organisations have to protect their data, themselves and their employees against the risk of data leaks, and automation is the only way to do that."
According to the report, 85 per cent of companies strongly agree with mandatory notification of affected parties in the event of a data breach, as is the law in most US states.
Mobile payment app makes users' details public by default
2,400 signatures gathered against the development and production of lethal robots
New Aston Martin flying car could take the wealthy from London to Birmingham in half an hour
With £6.7m in initial funding, Mosa Meat could be the first company to offer lab-grown meat to the public