The biggest security threat to your business likely isn’t a cybercriminal or hacktivist, but someone already in your organization, according to a Wednesday report from BetterCloud. The vast majority (91%) of the 500 IT and security professionals surveyed said they feel vulnerable to insider threats, whether their acts are malicious or accidental.

Some 62% of professionals said they believe the largest insider security threat comes from well-meaning but negligent end users, the report found, as opposed to those who intentionally cause harm (21%) or those who are exploited by outsiders through compromised credentials (17%).

SEE: IT leader’s guide to reducing insider security threats (Tech Pro Research)

More than half (53%) of respondents said they felt the employees who were most likely to be a threat were those who have left or were planning to leave the company, or contractors whose contract had ended, according to the report.

Three-fourths (75%) of respondents said they believe the biggests insider security risks lie in cloud applications, including popular file storage and email solutions like Google Drive and Dropbox.

“The rise of SaaS in the digital workplace has made companies more vulnerable than ever to insider threats,” David Politis, founder and CEO of BetterCloud, said in a press release. This is due to taking control over data with SaaS applications from IT teams to end users, as well as the increasing complexity of the SaaS application infrastructure, Politis added.

Indeed, 46% of IT leaders surveyed said they believe the rise of SaaS applications has made them more vulnerable, the report found. And 40% said they believe they are most vulnerable to exposure of confidential business information, including financial data and customer lists.

Of the C-level executives surveyed, just 26% said they have invested enough to mitigate the risk of insider threats, versus 44% of IT managers, the report found.

For more information on combating insider security threats, check out this free TechRepublic PDF.