Nearly half of US businesses believe that they’re fighting a losing battle against security threats.

According to a survey, sponsored by Oracle and carried out by the Ponemon Institute, 42 percent of IT managers think their own organisations are doing an inadequate job in diminishing the loss or theft of confidential information.

Furthermore, the managers said that in the event of a data breach, they would be unable to notify users and customers affected.

Amit Jasjua, vice president of ID Management Products for Oracle, said that although security products are evolving, threats against businesses were evolving equally quickly.

“It’s a hard thing to admit, but in certain cases, the bad guys are ahead. We certainly come across companies that are not doing an adequate job against threats.

Jasjua said that there were three main areas where companies would need to change: compliance, as regulatory demands would continue to place a strain on businesses, better planning as companies’ security strategy is too often “bolted-on” after the other components have been chosen. Better software development; too often the business logic is separate from the security logic, there should be better integration between the two sides of the business.

But, as Jasjua pointed out, this mirrored the situation in many organisations where there’s a conflict between the security professionals trying to make their systems more secure and finance professionals trying to keep costs down. “In many cases,” said Jasjua, “we’re brought in as mediators trying to help the techies sell to the business guys.”