Nine out of 10 consumers are concerned that companies are too lax about data security and think that the problem needs to be addressed at a political level, according to a new survey.

The Ipsos MORI poll, commissioned by security firm Secerno, found that over half of the 1,243 people who responded to the survey did not think banks and online retailers did enough to protect their information.

Eleven per cent of the respondents said they had fallen victim to data theft in some way, either online or because of some other breach. Eight in 10 people were most concerned about the security of their financial data. A large number of respondents (46 per cent) were also concerned about protecting their medical records.

Six out of 10 people surveyed wanted the issue to be addressed by companies and financial institutions and to see greater government involvement.

With an increasing number of British companies choosing to outsource their database storage facilities and call centres overseas, and incidents such as the recent data theft from US/UK retailer TJX/TKMaxx data, eight out of 10 people now expect to be notified immediately if a company suffers a data breach.

Paul Davie, chief executive and founder of Secerno, said in the UK this didn't happen often because, unlike in the US, companies within the EU are not obliged to inform their customers of any incidents.

“This means that companies have an immediate disincentive to do the right thing in such cases.” he said.

However, although companies remain wary about rocking consumer confidence by disclosing breaches, Davie pointed out not disclosing breaches immediately can rebound on a company.

The survey found that five in 10 people would not use a company's services if they discovered there had been a security breach they had not been notifed about.

"If companies admit to the problem and say they are dealing with it, then customers are more likely to forgive them. Brushing it under the carpet means the backlash is more extreme and, as a result, the company will probably lose custom," said Davie.

He said there was an obvious need for government action to rebuild public confidence and build a new legal framework in Europe to force disclosure of breaches. This may in fact happen, as proposals are being discussed as part of the EU data protection directive to force companies to own up to data breaches.

But Philip Virgo of Eurim warned routinely admitting data loss could be counterproductive and panic people unnecessarily as not all data breaches involve theft of personal data.

However, Lord Erroll, secretary of the All Party Parliamentary Internet Group and a keynote speaker on identity theft at next week's Infosec IT security conference and exhibition, commented: "It is a huge problem, people should demand that organisations prove that they are taking reasonable steps to protect their data.

"Perhaps organisations have spent too much time looking at business efficiency and now need to put more effort into the human frailty aspects of data management.

"Once they lose our trust, government loses its right to govern and business loses the ability to do business with us; so now is the time for all organisations to show that they are taking the protection of our personal data very seriously before it is too late, as once data is stolen it cannot be won back.”