More than 53 percent of respondents believed that their companies would be unable to determine what sensitive or confidential information resided on a USB memory stick if it was lost or stolen. And approximately 49 percent of respondents said that their companies would be unable to determine what lost data resided on a handheld or comparable mobile device, according to the survey.

"Corporations are clearly struggling with the challenges of identifying and protecting sensitive data, as well as developing successful strategies for securing confidential information stored among the myriad devices that make up today's data networks," said Ponemon. "Our findings point to the shockingly high risk to both business and consumers of undiscovered confidential data, but we believe that the data also serve as a compass to help point organizations toward effective solutions to this vexing problem."

According to Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa., organizations can take the following steps to protect sensitive data.

1. Identify your most significant data elements. That's often personal information, but it could also be intellectual property, financial data or something else.

2. Determine where this data exists on your network, and where it is most likely to leak. Laptops are the typical answer here, but e-mail is another possibility. And some people are concerned about backup tapes or laptop outputs such as USB drives and CDs.