A recent survey by cybersecurity firm Kaspersky has revealed significant gaps in workplace cybersecurity practices in Pakistan, with 39% of professionals considering their organisation’s policies excessive or ineffective, and 8% reporting a lack of awareness or absence of such rules. The findings highlight growing risks linked to “shadow IT,” where employees use unauthorised software or personal devices for work purposes.

According to the report, 38% of respondents said there are no clear policies governing non-corporate device use, while 26% admitted installing software without IT supervision in the past year. These practices expose organisations to data breaches, compliance risks, and security vulnerabilities.

Experts emphasise the need for more user-centric cybersecurity strategies that combine technical safeguards with employee awareness. Recommendations include conducting shadow IT audits, implementing stricter device management systems, and providing regular training on cybersecurity risks. The report underscores the urgent need for stronger digital security frameworks in Pakistan’s evolving workplace environment.