As a result, says the ISF report, which is based on a poll of 300 members from the not-for-profit IT security association, the cloud is rapidly becoming something of a fog.
Another IT security issue highlighted by the report is the fact that integrity has become a serious challenge for organisations, which have growing amounts of digital information and access to them available in various different locations.
The ISF says that, because of this, digital systems in many organisations are becoming a "toxic information wasteland".
The third interesting aspect of the report is that the move to greening and making a business eco-friendly is causing security problems in some organisations.
The study says that the efforts to reduce an organisation's carbon footprint have led to more home working, but an inability to develop security solutions that scale accordingly is resulting in accidental disclosure of data and non-compliance with data regulations.
Delving into the study reveals that the rapid adoption of cloud computing, the increasing use of mobile devices, the growth of cybercrime and online espionage, and the merging of home and work life, are changing the way we all approach the issues of risk management and contingency planning.
Commenting on the report, Adrian Davis, principal research analyst with the ISF, said that organisations of all shapes and sizes need to take a much broader view of security threats and evolve their thinking beyond just technology.
"Organisations right now need to be thinking people, processes and technology, not just technology, which is the mistake that many security and risk professionals take", he said.
"The report provides both members and non-members with a snapshot of the issues they face, but in a wider socio-economic and political context, and enables them to plan accordingly", he added.
Davis notes that smartphones in particular have become the device of choice and many organisations have developed bespoke applications and rolled them out to mobile workers, further blurring the line between personal and business use.
"This raises a number of added security implications as devices now share many characteristics of the mainframe, like middleware, but the security model is simply not adapting to these new demands", he said.
"With mobile payment facilities becoming more viable, these devices will become even more lucrative to cybercriminals.