Businesses are slow to adapt to the changing security environment, according to a major report.

Six in 10 firms lost sensitive data in the last 12 months as a result of the actions of negligent employees, the Ponemon Insitute found. It surveyed 3,000 IT operations and security professionals in the UK, Germany, US and Australia.

Three in ten firms have had data stolen by employees, according to the Worldwide State of the Endpoint Survey.

In spite of these issues, three quarters of firms said their employees could email data outside the company without any trace, and 70 percent said staff could download their data onto a USB memory stick without detection.

Half of businesses cited the lack of skilled security personnel for their failings. And four in ten struggled with the integration of different security systems.

Standard problems also remained prevalent. Eighty-four percent of firms were hit with viruses and malware intrusions, and 55 percent had lost laptops, desktops and other devices. But businesses were better protected against these threats, with over three quarters having anti-malware and anti-virus systems in place.

Alan Bentley, international senior VP at security software supplier Lumension, which commissioned the survey, said: “Businesses need to manage multiple security technologies to prevent sensitive data from walking out the door and malware from coming in.

“This dual threat is proving difficult for most organisations, which are struggling with a lack of skills, budgetary constraints and the growing complexity of endpoint technologies that they need to run in order to reduce their risk at the endpoint.”

He recommended businesses bring their different security systems onto endpoint platforms, in order to have “a clear view on where their data lives and is accessed and what threats they are being subjected to”. This needed to be backed up with the right people, process, and policies, he said.

Larry Ponemon, chairman and founder of the Ponemon Institute, added that companies are “racing to adopt” new technology “faster than they can understand” the impact on data security. Three quarters of firms allow their staff to access social networking sites, 61 percent have moved their data into the cloud and 57 percent are utilising virtualisation.