Nearly three-quarters (73 percent) of companies have been affected by internal information security incidents. And the single largest source of these incidents? Employees, according to a new survey by Kaspersky Lab and B2B International.

The IT Security Risks Survey found that as a company's IT infrastructure expands, new components add new vulnerabilities. This is aggravated by the fact that not all employees keep pace with a rapidly changing IT environment. And for 21 percent of companies affected by internal threats, the loss of valuable data affected their business.

The survey reported cases of accidental (28 percent) and intentional (14 percent) leaks of valuable company data, including the loss or theft of a mobile device containing corporate data — reported by 19 percent of survey participants.

Additionally, 15 percent of organizations encountered situations where company resources, including finances, were used by employees for their own purposes. Small and medium businesses lose up to $40,000 on average from fraudulent activity by employees, while the figure for enterprises exceeds $1.3 million.

A security solution alone is not enough to protect a company's data, said Kaspersky Lab Head of Endpoint Product Management Konstantin Voronkov.

"What's required is an integrated multilevel approach powered by security intelligence and other supplementary measures," he said. "These measures may include the use of specialized solutions and the introduction of security policies, such as restricting access rights."