New research finds that widespread lapses in corporate security and privacy practices still persist.

DataMotion, a cloud-based provider of data delivery services, conducted the poll of more than 200 IT and business decision-makers across the United States and Canada to gain insight into corporate e-mail and file transfer habits. The survey focused particularly on those industries that routinely deal with sensitive data and compliance regulations, such as financial services, healthcare and government.

According to the survey, 80 percent of respondents said their company has security and compliance policies for transferring files electronically. Only 45 percent, however, feel these policies are fully understood.

As a result, many companies are taking lax approaches to compliance, with 31 percent admitting they take risks because they don't have the resources to be totally compliant. “Data breaches are more prevalent than ever and regulatory agencies are handing out millions of dollars in fines for privacy and security violations. Yet, this survey shows companies are still cutting corners,” said DataMotion's Chief Technology Officer Bob Janacek.

Another common risk faced by many companies is the use of consumer-type applications for sharing files—such as Dropbox, iCloud, YouSendIt—for work purposes. Even though these applications often have weak security and IT administrative controls, leading to potential data leaks of sensitive information, 34 percent of respondents have used—or recommended that others use—such applications.

What's more, 43 percent of respondents said their company does not ban the use of these file-transfer services, and 52 percent said their company does not block the URLs to such services.

Many companies also still lack basic tools for secure data delivery. Thirty-four percent of respondents do not have the ability to encrypt e-mail, and 29 percent said their company does not monitor the content of outbound e-mail and file attachments for compliance purposes. Additionally, 42 percent said they're only “somewhat” confident in the technology their company uses for filtering outbound email and file attachments for compliance purposes.

Respondents to the survey also did not express much concern about the potential to be audited. Thirty-eight percent of respondents feel it is not likely their company will be selected for a compliance audit in the next 12 months, with 37 percent saying it is only “somewhat” likely. No surprise, then, that only 37 percent of respondents expressed confidence in their company's ability to pass a compliance audit if selected, leaving companies vulnerable to costly fines and damaged reputations.