A new cybersecurity survey has exposed serious weaknesses in workplace security practices across Pakistan. The report highlights a growing gap between company policies and employee behavior. This disconnect is increasing risks for organizations dealing with sensitive data.
The survey, titled โCybersecurity in the workplace: Employee knowledge and behavior,โ reveals that many professionals find existing rules ineffective. Around 39 percent believe cybersecurity policies are too complex or not practical. Another 8 percent say their organizations either lack clear rules or they are unaware of them.
These findings point to a major issue. Employees are not fully aligned with company security measures. This lack of alignment is creating vulnerabilities across multiple sectors.
Shadow IT Emerges as a Major Threat
One of the most critical concerns identified in the report is the rise of shadow IT. This refers to the use of unauthorized software, devices, or digital services without approval from IT departments.
According to Kaspersky, shadow IT has become a widespread risk. Employees often use unofficial tools to improve productivity. However, this behavior creates serious blind spots for security teams.
The growth of hybrid work models has made the problem worse. Many employees now work remotely and rely on cloud-based platforms. The rapid adoption of artificial intelligence tools has also contributed to this trend.
Without proper oversight, companies struggle to track data usage. This increases the chances of cyberattacks, data leaks, and system breaches.
Weak Policies on Personal Devices Raise Concerns
The survey also revealed significant gaps in policies related to personal device usage. Around 38 percent of respondents said their companies do not have clear rules for using personal devices at work.
Another 17 percent stated they can access company data using personal devices with basic security protection. Only 16 percent reported strict IT approval before using such devices. Meanwhile, 29 percent said their organizations allow only company-issued devices.
These findings show inconsistent policy enforcement. This inconsistency creates confusion among employees. It also increases the risk of unauthorized access to sensitive information.
Organizations with weak device policies are more exposed to cyber threats. Personal devices often lack advanced security features required for enterprise environments.
Software Control Improves but Risks Remain
The report shows some progress in controlling software installations. About 56.5 percent of respondents said only IT professionals can install software on company systems. Another 19.5 percent reported that this authority is limited to management.
However, risks still exist. Around 17 percent said employees can install approved software. More concerning is that 7 percent reported no restrictions at all.
Despite existing controls, 26 percent of professionals admitted installing software without IT approval in the past year. This highlights the ongoing challenge of enforcing cybersecurity policies.
Experts warn that policy gaps alone are not the issue. Employee awareness and behavior also play a crucial role.
Kaspersky recommends several steps to improve security. These include conducting shadow IT audits, strengthening monitoring systems, and enforcing strict device policies. The company also emphasizes the importance of employee training.
Workers are advised to follow approved guidelines. They should use authorized applications and secure platforms for data sharing.
The survey clearly shows that cybersecurity is not just a technical issue. It is also a human challenge. Organizations must address both policy and behavior to reduce risks effectively.
