A recent Kaspersky survey undertaken in the Middle East, Turkiye and Africa (META) region entitled ‘Cybersecurity in the workplace: Employee knowledge and behaviour’, showed that 39% of professionals consider cybersecurity rules in their company to be excessive or not fully appropriate.
In Kenya, this figure was 25% and in South Africa, 23%. Furthermore, the survey highlighted that 7% of respondents in the META region, 4% in Kenya and 10% in South Africa noted that their organisations do not have cybersecurity rules or that they are not aware of them. These results show a disconnect between corporate cybersecurity policies and employee commitment to these rules, underscoring the risks associated with shadow IT and unmanaged device usage in the workplace.
Shadow IT is defined as the use of unauthorised software, devices, or services without IT oversight, and it has evolved into a critical business risk. While often driven by employee productivity needs, it creates blind spots for IT departments. The rise of hybrid work environments, increased reliance on cloud-based tools and the spread of AI tools have accelerated this trend. Without robust cybersecurity management and oversight, organisations face heightened exposure to ransomware attacks, data leaks, and regulatory penalties.
19% of all survey respondents said there are no policies regarding the use of non-corporate devices in their company. 35% admitted that they can use their own devices to access business information, provided they have some type of cybersecurity protection, even consumer-grade software. On the positive side, 21% of all respondents said they can use their own device, but these must first pass more stringent corporate IT security checks; while 25% indicated that only devices provided by the IT function can be used for work purposes.
The situation is significantly better with permissions for employees to install software on corporate devices without IT department’s approval. 50% of all survey participants reported that only IT specialists in their company are allowed to install software, while in 31% of organisations only top management or designated users can do so. 11% of employees can install software that is approved by the IT team. However, 8% of respondents said that all users can install any software they need without IT agreement in their organisation.
*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.
