techend
By Malik Shahzad Aslam :
A new survey has revealed significant gaps between corporate cybersecurity policies and employee behaviour in Pakistan, raising concerns about potential risks to organisational data and systems.
The report, titled “Cybersecurity in the Workplace: Employee Knowledge and Behaviour” and conducted by Kaspersky, found that 39% of professionals believe their company’s cybersecurity rules are either excessive or not well suited to their needs. A further 8% said their organisations either lack clear policies altogether or that they are unaware of them.
The findings point to a growing disconnect between policy design and real-world implementation, with experts warning that such gaps can lead to increased reliance on so-called “shadow IT” — the use of unauthorised devices, software or services outside official oversight.
According to the survey, 38% of respondents said there were no formal policies governing the use of personal devices for work purposes. Meanwhile, 17% admitted they could access company data on personal devices as long as some form of cybersecurity protection, even basic consumer software, was in place.
By contrast, 29% reported that only company-issued devices are permitted for professional use, while 16% said personal devices must undergo strict security checks before being allowed access to corporate systems.
The study suggests that organisations have more control over software installation on work devices, though inconsistencies remain. More than half of respondents said only IT specialists are authorised to install software, while others indicated that permissions are limited to senior staff or approved users. However, 7% said employees are free to install any software without IT approval.
Despite these controls, 26% of professionals acknowledged installing software on work devices without supervision in the past year, highlighting ongoing vulnerabilities that could expose organisations to cyber threats, compliance issues and potential data breaches.
Toufic Derbass, Managing Director for the META region at Kaspersky, said the findings show that shadow IT has become a mainstream operational risk. He noted that widespread unauthorised software use points to shortcomings in policy enforcement and employee engagement.
The report recommends that organisations adopt more user-focused cybersecurity strategies, combining technical safeguards with better awareness among staff. Suggested measures include conducting audits to identify unauthorised tools and devices, implementing stronger monitoring systems and setting clear security standards for any personal devices used for work.
Experts say that as workplaces become increasingly digital and flexible, balancing security with usability will be critical. Without stronger alignment between policies and employee practices, organisations may struggle to protect sensitive data in an evolving threat landscape.
About The Author
