Newsline Media & Training Agency - Attachment Opportunities
Technology

Kaspersky Survey Reveals Growing Shadow IT Risks in Workplace Cybersecurity Across META Region

Without robust cybersecurity management and oversight, organisations face heightened exposure to ransomware attacks, data leaks, and regulatory penalties
bramEditor
April 23, 2026 | 2:19 PM3 min read
Kaspersky Survey Reveals Growing Shadow IT Risks in Workplace Cybersecurity Across META Region

JOHANNESBURG, South Africa, April 23, 2026/ — A recent Kaspersky survey conducted across the Middle East, Türkiye and Africa (META) region titled “Cybersecurity in the workplace: Employee knowledge and behaviour” has revealed significant gaps in workplace cybersecurity awareness and compliance among employees.

The study found that 39% of professionals in the META region believe cybersecurity rules in their organisations are either excessive or not fully appropriate. Country-specific results showed 25% in Kenya and 23% in South Africa shared the same view.

Additionally, the survey indicated that 7% of respondents across the META region, 4% in Kenya, and 10% in South Africa said their organisations either lack cybersecurity policies or that they are unaware of them. According to the report, this highlights a growing disconnect between corporate cybersecurity frameworks and employee behaviour, increasing risks linked to shadow IT and unmanaged devices in workplaces.

Rise of Shadow IT Raises Security Concerns

Shadow IT—defined as the use of unauthorised software, devices, or services without IT department approval—has become a growing business risk. While often driven by productivity needs, it creates significant blind spots for IT teams.

Kaspersky noted that the rise of hybrid work models, increased use of cloud-based applications, and growing adoption of AI tools have accelerated the trend. Without proper oversight, organisations face increased exposure to ransomware attacks, data leaks, and regulatory penalties.

Workplace Device and Software Usage Trends

The survey also revealed notable trends in how employees use personal and corporate devices:

  • 19% of respondents said there are no policies governing the use of non-corporate devices
  • 35% reported they can use personal devices for work if they have basic cybersecurity protection, including consumer-grade software
  • 21% said personal devices are allowed but must pass strict IT security checks
  • 25% indicated that only IT-issued devices are permitted for work use

On software installation, the findings showed stronger control in some organisations:

  • 50% said only IT specialists are allowed to install software
  • 31% reported that only top management or designated users have installation rights
  • 11% said employees can install only IT-approved software
  • 8% noted that all users can install any software without IT approval

However, risks remain significant. The survey found that within the past year, 21% of professionals in the META region, 29% in Kenya, and 17% in South Africa admitted installing software on work devices without IT supervision.

Expert Warning on Shadow IT Risks

“Shadow IT is now a mainstream operational risk. When one in five employees installs software without IT oversight, it signals a policy gap. Many organisations already have security policies in place, but employee perception must also be considered. Organisations should move beyond restrictive controls and instead implement intelligent, user-centric cybersecurity strategies that combine strategies that integrate technology with employee awareness and responsible use,” said Toufic Derbass, Managing Director for the META region at Kaspersky.

Kaspersky Recommendations for Organisations

To help strengthen cybersecurity defences, Kaspersky recommends that organisations:

  • Conduct a Shadow IT audit to identify unauthorised software, cloud services, and personal devices accessing corporate systems
  • Implement robust monitoring tools such as Kaspersky Next with EDR and XDR capabilities to detect unsanctioned activity
  • Define minimum security standards for personal devices and enforce them using mobile device management (MDM) or endpoint tools
  • Strengthen cybersecurity awareness through training programmes such as the Kaspersky Automated Security Awareness Platform

Advice for Employees

Kaspersky also advised employees to:

  • Understand and comply with company cybersecurity policies and seek clarification where necessary
  • Use only IT-approved applications and request access through official channels
  • Use authorised devices for work and ensure personal devices meet security requirements if permitted
  • Store and share work files only through approved corporate platforms
Tags:Kaspersky Survey Reveals Growing Shadow IT Risks in Workplace Cybersecurity Across META Region