A new workplace cybersecurity study by Kaspersky has revealed significant policy gaps and employee compliance challenges across organizations in Pakistan, highlighting growing risks linked to unauthorized digital tools and unmanaged devices.
The survey, titled “Cybersecurity in the workplace: Employee knowledge and behavior”, points to a widening disconnect between corporate security frameworks and employee practices, particularly in hybrid and cloud-driven work environments.
Employees question cybersecurity rules
According to the findings, 39% of professionals believe their company’s cybersecurity policies are either overly strict or not fully suitable for modern workflows. Meanwhile, 8% of respondents said their organizations either lack clear cybersecurity rules or employees are unaware of them entirely.
The report suggests that this gap in awareness and relevance is contributing to rising exposure to digital risks across workplaces.
Shadow IT emerges as a major concern
Kaspersky highlighted the growing use of shadow IT—a term referring to unauthorized software, devices, or cloud services used without IT approval—as a serious operational risk for businesses.
While employees often adopt such tools to improve productivity, the report warns that they create blind spots for IT departments, especially in hybrid work settings where cloud platforms and AI tools are widely used.
The company noted that this trend is accelerating due to increased reliance on remote collaboration tools and faster adoption of artificial intelligence applications.
Weak control over personal device usage
The survey also revealed inconsistencies in policies governing the use of personal devices for work.
- 38% said their organizations have no clear rules for non-company devices
- 17% reported limited access is allowed with basic security tools installed
- 16% said strict IT approval is required before use
- 29% stated only company-issued devices are permitted
These findings suggest that many organizations still lack standardized enforcement mechanisms for mobile and hybrid work security.
Software control exists, but gaps remain
On software installation policies, the study found relatively stronger controls:
- 56.5% said only IT teams can install software
- 19.5% reported restrictions for top management or designated staff
- 17% said employees can install IT-approved applications
- 7% stated users can install any software without approval
Despite these controls, 26% of professionals admitted installing software without IT supervision in the past year, indicating ongoing shadow IT activity.
Expert warning on rising risks
Commenting on the findings, Toufic Derbass, Managing Director for META at Kaspersky, said shadow IT has become a mainstream cybersecurity challenge and requires both stronger governance and better employee awareness.
He emphasized that organizations must close policy gaps while also addressing employee behavior to reduce long-term exposure to cyber threats.
Recommendations for organizations
Kaspersky urged companies in Pakistan to take several steps, including:
- Conducting regular shadow IT audits
- Strengthening monitoring using endpoint and mobile device management tools
- Enforcing clear standards for personal device usage
- Providing practical cybersecurity training for employees
- Ensuring employees use only approved platforms for work data
The company also advised workers to follow internal cybersecurity rules, avoid unauthorized applications, and store or share sensitive data only through approved systems.
Also read: NADRA is using special software to identify fake CNICs
