Only one in ten cloud apps for business are secure enough for enterprises to safely use them, according to the cloud firm Netskope.
A report from the company showed that organisations are using an average of more than 600 apps for business, even though most of the software put the firm at risk of leaking data.
It also found that 15% of logins for enterprise cloud apps had been compromised by hackers.
Sanjay Beri, chief executive of Netskope, said: "2014 left an indelible mark on security – between ongoing high-profile breaches and the onslaught of vulnerabilities like Shellshock and Heartbleed, CSOs and CISOs had more on their plate than ever."
"These events underscore the sobering reality that many in the workforce have been impacted by data breaches and will subsequently use compromised accounts in their work lives, putting sensitive information at risk."
Sorting apps into separate categories, the report also showed that marketing, finance and human resource software had the highest proportion of insecure apps.
Cloud storage, social and IT/app management programs had the lowest proportion, with only around a quarter of such apps being judged as fit for purpose by Netskope.
"Employees today have shifted from thinking of apps as a nice-to-have to a must-have, and CISOs must continue to adapt to that trend to secure their sensitive corporate and customer data across all cloud apps, including those unsanctioned by IT," Beri added.
Apps investigated by the firm included many used by consumers, including Google Drive, Facebook, YouTube, Twitter and Gmail.