Only just over a third (38 per cent) of large organisations ensure that data held by external providers is encrypted.
The research by PwC and Infosecurity Europe also found that 56 per cent of small businesses do not check their external provider's security.
In the poll of security professionals from 447 organisations for the 2012 Information Security Breaches Survey, nearly three-quarters (73 per cent) said they were using at least one online outsourced service.
Chris Potter, PwC information security partner, said: “The internet continues to facilitate more sophisticated business relationships. Businesses are putting their faith in third parties to take care of their data but many are taking a laissez faire attitude to the security element.
“Small businesses may think that because their data is being hosted by a large cloud provider that good security controls will be in place, but this isn't necessarily the case. Companies should always check what security controls their providers are operating.”
The research also found that around a quarter of large organisations, and one-fifth of small businesses, have highly confidential data hosted on the internet. Half of organisations of national importance, such as those in the financial services, telecommunications and utilities sectors, critically depend on online services.