"This group came out much, much more negative than I ever expected," said Larry Ponemon, the founder and chairman of the Ponemon Institute LLC, an Elk Rapids, Mich.-based firm that looks at information and privacy management practices in business and government. "They said they're bad at detecting [breaches], but even worse at preventing [breaches]."

The 11-page study (http://www.portauthoritytech.com/resources/downloads/wp_Ponemon_Institute_Study.pdf), "National Survey on the Detection and Prevention of Data Breaches," which was released Monday, is based on responses from 853 IT professionals, including senior executives, information security managers and others. The study was sponsored by PortAuthority Technologies Inc., a Palo Alto, Calif.-based vendor of information leak prevention software.

The study also found that 41 percent of respondents said their companies are not effective in enforcing data security policies because of a lack of corporate resources.

"A general frustration came out that they don't have the tools or the resources to do the job, and that these responsibilities have been pushed into their laps" but they haven't been given extra help, equipment, software or other tools, said Ponemon, who is a Computerworld.com columnist. "Somehow they're being held responsible for knowing when a breach occurs."

About 66 percent of the respondents said their companies use hardware or software to help detect or prevent data breaches, but the remaining respondents said their companies don't use such tools because of their high costs.