One in five people in the UK has been, or knows someone who has been, the victim of online data theft or identity fraud, new research claims.

A survey on personal security online by cyber security firm Miracl also found that many felt more nervous providing personal or financial information online in the wake of data breaches such as the hack on TalkTalk.

The findings come as an estimated 10 million people in the UK file tax returns online during January.

Some 40% of those surveyed said they had already received scam emails claiming to be from HMRC, asking for personal details - a hacking technique known as "phishing" where cyber criminals try to lure victims into handing over data.

Brian Spector, chief executive at Miracl, said that current security systems were out of date and called on internet companies to introduce more layered security measures to increase consumer confidence.

"Data theft and identity fraud is a multibillion-dollar business on the dark web, and so consumers must be vigilant. But we don't have to be part of the weekly announcements about mass data breaches," he said.

"The underlying issue is that the username and password system is old technology that simply cannot secure the deep information and private services that we all store and access online today."

According to the survey, web users are keen on the idea of increased security, with 77% of those asked saying they would feel better about providing personal information if the website in question had stronger security settings, such as two-factor authentication - a feature that requires two levels of log-in to be cleared before access is granted. Large firms including Google and Twitter already provide two-factor authentication as an optional feature.

"Database hacks, password reuse, browser attacks and social engineering can all be a thing of the past in the authentication space," said Mr Spector.

"Customers are rightly demanding to be protected when they submit their valuable personal information on the web, and online services need to respond appropriately by contributing to the restoration of trust on the internet and removing the password from their systems altogether."