Business Recorder
ISLAMABAD: A survey conducted by a leading cybersecurity company Friday revealed gaps in corporate cybersecurity policies in Pakistan and lack of cybersecurity rules implementation in companies, making them vulnerable to data breaches. The latest Kaspersky survey entitled “Cybersecurity in the workplace: Employee knowledge and behaviour”, disclosed that 8 percent professionals noted that their organizations do not have cybersecurity rules or that they are not aware of them. These results show a disconnect between corporate cybersecurity policies and employee commitment to these rules, underscoring the risks associated with shadow IT and unmanaged device usage in the workplace. Around 39 percent of professionals working in companies in Pakistan, considered cybersecurity rules in their companies to be excessive or not fully appropriate, it said. The survey explained that the term Shadow IT is defined as the use of unauthorized software, devices, or services without IT oversight, and it has evolved into a critical business risk. While often driven by employee productivity needs, it creates blind spots for IT departments. 38 percent of survey respondents in Pakistan said there are no policies regarding the use of non-corporate devices in their company. 17 percent of employees admitted that they can use their own devices to access business information, provided they have some type of cybersecurity protection, even consumer-grade software. On the positive side, 16 percent said they can use their own device, but these must first pass more stringent corporate IT security checks; while 29 percent of respondents indicated that only devices provided by the IT function can be used for work purposes. The situation is significantly better with permissions for employees to install software on corporate devices without IT department’s approval. 56.5 percent reported that only IT specialists in their company are allowed to install software, while in 19.5 percent percent of organizations only top management or designated users can do so. 17 percent of employees can install software that is approved by the IT team. However, 7 percent of respondents said that all users can install any software they need without IT agreement in their organization. At the same time 26 percent of professionals surveyed in Pakistan acknowledged that within the past year they installed software on their work devices without IT supervision. That highlights a persistent shadow IT challenge that continues to expose organizations to security vulnerabilities, compliance risks, and data breaches. To help organizations strengthen their defenses, Kaspersky recommended organizations in Pakistan to conduct a Shadow IT audit to identify all unauthorized software, cloud services, and personal devices accessing corporate data, the survey added. Copyright Business Recorder, 2026
Go to News Site