Most data losses in the past six months could have been avoided, according to the mid-year security threat report from Sophos.
Despite the fact that data has become the ultimate business asset, the report said, some organisations are still failing to implement adequate data management procedures.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The most important step is to encrypt sensitive information so that even if data is lost, the confidentiality of that data will not be compromised, the report said.
Organisations like banks already routinely encrypt sensitive information and use two- and three-factor authentication to protect encryption passwords.
The second step is controlling how users treat information, which includes stopping any risky behaviour.
"Protecting information in motion is just as important as encryption," said Graham Cluley, senior technology consultant at Sophos.
It is important for organisations to put technology in place to enable them to detect and block suspicious movements of data automatically, he said.
An increase in the number of attacks through social networking sites, he said, also means that organisations using those need to police them properly.
Organisations have an increased awareness of targeted attacks in the wake of the China-based attacks on Google and 20 other large companies, said Cluley.
"We are seeing more targeted malware attacks designed to steal information from companies and an increased interest by companies in how to prevent them," he said.
But the worldwide survey of more than 1,000 computer users indicated a relaxed attitude to state-sponsored cybercrime.
Some 63% of those polled said it is acceptable for their country to spy on other nations by hacking or installing malware.
Nearly two-thirds said countries should be allowed to plant malware or hack into private foreign companies to spy for economic advantage.
This relaxed attitude is surprising because anyone approving of these kinds of activities would have to expect to be on the receiving end, said Cluley.
Preventing data leakage has never been more important, he said, as we move into a new era of cybercrime.
The internet is increasingly used to gain commercial, political and military advantage as well as for fraud by organised crime, and at the same time, UK companies are facing fines of up to £500,000 for serious breaches of sensitive data.