A recent survey by Kaspersky titled “Cybersecurity in the workplace: Employee knowledge and behavior” has identified major weaknesses in how organizations in Pakistan handle cybersecurity policies and employee compliance. The findings show that 39% of professionals believe their company’s cybersecurity rules are excessive or not fully suitable, while 8% said their organizations either lack such rules or they are unaware of them.

The findings show that 39% of professionals believe their company’s cybersecurity rules are excessive or not fully suitable, while 8% said their organizations either lack such rules or they are unaware of them.

The results highlight a growing disconnect between workplace cybersecurity policies and employee engagement, increasing the risks associated with shadow IT and unmanaged devices.

Kaspersky defined shadow IT as the use of unauthorized software, devices, or services without IT oversight, calling it a major business risk. While employees often adopt such tools to improve productivity, the company noted that this creates serious blind spots for IT departments. The rise of hybrid work, increased reliance on cloud-based tools, and the rapid adoption of AI applications have further accelerated this trend.

The survey also revealed gaps in policies related to personal device usage. Around 38% of respondents said their companies have no clear rules for using non-corporate devices. Another 17% said they are allowed to access business data on personal devices if those devices have some form of cybersecurity protection, even if it is basic consumer-grade software. Meanwhile, 16% reported that personal devices are only allowed after strict IT checks, while 29% said only company-issued devices can be used for work.

Control over software installation appears relatively stronger, but risks remain. According to the findings, 56.5% of respondents said only IT specialists can install software on company devices, while 19.5% said this authority is limited to top management or designated personnel. Another 17% said employees can install software approved by the IT team. However, 7% reported that all users can install any software without IT approval.

Despite these controls, 26% of professionals in Pakistan admitted they had installed software on work devices without IT supervision in the past year, highlighting the continued presence of shadow IT.

Commenting on the findings, Toufic Derbass, Managing Director for the META region at Kaspersky, said shadow IT has become a mainstream operational risk and stressed the need to address both policy gaps and employee perceptions.

Kaspersky recommended that organizations in Pakistan carry out shadow IT audits, improve monitoring through cybersecurity solutions, enforce clear security standards for personal devices using mobile device management or endpoint tools, and provide practical training for employees. The company also advised employees to understand their organization’s cybersecurity rules, use only approved applications, request proper access when needed, and share or store work files only through authorized platforms.

📢 For the latest Tech & Telecom news, videos and analysis join ProPakistani's WhatsApp Group now!

Follow ProPakistani on Google News & scroll through your favourite content faster!