Latest:
Kaspersky
Tech

Kaspersky Survey Reveals Widespread Shadow IT and Policy Disconnect in the Workplace

Majira Media

A recent survey by Kaspersky, conducted across the Middle East, Türkiye, and Africa (META) region and titled “Cybersecurity in the workplace: Employee knowledge and behaviour”, reveals growing concerns around employee attitudes toward corporate cybersecurity policies. The study found that 39% of professionals in the META region believe their organisation’s cybersecurity rules are either excessive or not fully appropriate. This perception is lower in Kenya at 25% and in South Africa at 23%.

The research also highlights notable gaps in awareness and enforcement. Around 7% of respondents across the META region, 4% in Kenya, and 10% in South Africa reported that their organisations either lack cybersecurity policies entirely or that they are unaware of them. These findings point to a clear disconnect between organisational cybersecurity frameworks and employee compliance, raising concerns about shadow IT and the increasing use of unmanaged devices in the workplace.

Shadow IT—defined as the use of unauthorised software, devices, or services without IT department approval—has become a significant enterprise risk. Although often driven by productivity needs, it creates visibility gaps for IT teams. The expansion of hybrid work, cloud-based applications, and AI tools has further intensified this challenge. Without strong oversight, organisations face increased exposure to ransomware attacks, data breaches, and regulatory non-compliance.

The survey further shows that 19% of respondents operate in organisations with no policies governing non-corporate device usage. Meanwhile, 35% said employees are allowed to use personal devices for work if they have basic protection, including consumer-grade security tools. On the other hand, 21% reported stricter controls requiring personal devices to pass IT security checks, while 25% indicated that only company-issued devices are permitted for work activities.

Regarding software installation on corporate devices, 50% of respondents said only IT teams have installation privileges, while 31% reported that only top management or designated users can install software. A further 11% indicated that employees can install only IT-approved applications. However, 8% noted that all users have unrestricted software installation rights.

Alarmingly, 21% of professionals in the META region admitted installing software on work devices without IT approval in the past year. This includes 29% in Kenya and 17% in South Africa, underscoring the continued prevalence of shadow IT practices that expose organisations to security vulnerabilities, compliance risks, and potential data loss.

“Shadow IT is now a mainstream operational risk. When one in five employees installs software without IT oversight, it signals a policy gap. Many organisations already have security policies in place, but employee perception must also be considered. Organisations should move beyond restrictive controls and instead implement intelligent, user-centric cybersecurity strategies that integrate technology with employee awareness and responsible use,” said Toufic Derbass, Managing Director for the META region at Kaspersky.

To address these risks, Kaspersky recommends that organisations:

  • Conduct a Shadow IT audit to identify unauthorised software, cloud services, and personal devices accessing corporate systems.
  • Deploy robust monitoring and cybersecurity solutions such as the Kaspersky Next product line with EDR and XDR capabilities to detect unsanctioned activity.
  • Establish clear security requirements for personal devices and enforce them using mobile device management (MDM) or endpoint management tools.
  • Strengthen employee awareness through practical cybersecurity training, including solutions like the Kaspersky Automated Security Awareness Platform.

For employees, Kaspersky experts advise:

  • Familiarise yourself with your organisation’s cybersecurity policies and seek clarification where needed.
  • Use only approved applications and request access through proper IT channels.
  • Ensure that only authorised devices are used for work, and comply with required security standards if personal devices are permitted.
  • Store and share work files exclusively through approved platforms.

The survey was conducted by Toluna research agency at the request of Kaspersky in 2025, involving 2,800 online interviews with employees and business owners using computers for work across Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.

Get your own website today with the leading web hosting company in Kenya: HostPinnacle. No Skills Required.

 

Majira Media

Keeping you in the loop. I write to share information that matter. From technology to business tips, I share information to inspire and educate

You May Also Like

facebook

Facebook Rolls Out Two Monetization Tools For Kenyans

Majira Media
whatsapp

WhatsApp Launces a Digital Payment Feature

Majira Media
best smatphones to buy

Looking For A Smartphone? Here Are The Best Options On the Market

Majira Media