A recent survey conducted by a cybersecurity company has identified significant gaps in corporate cybersecurity frameworks in Pakistan, highlighting weak enforcement of security rules and inconsistent employee compliance across organisations. The findings show that many companies lack effective implementation of cybersecurity policies, leaving them exposed to risks such as data breaches, unauthorized access and unmanaged digital environments. The survey, titled “Cybersecurity in the workplace: Employee knowledge and behaviour”, indicates a disconnect between formal corporate policies and actual employee practices, which continues to create vulnerabilities within organisational systems.
The survey found that a portion of professionals, around 8 percent, reported that their organisations either do not have cybersecurity rules in place or that employees are not aware of such policies. This lack of awareness contributes to inconsistent behaviour across workplaces, particularly in relation to digital security practices. Additionally, 39 percent of respondents stated that cybersecurity rules in their companies are either excessive or not fully suitable for operational needs, suggesting that poorly aligned policies may also contribute to reduced compliance. The report also highlighted the growing issue of shadow IT, where employees use unauthorized software, devices or cloud services without IT department oversight, creating blind spots in enterprise security monitoring.
Shadow IT was identified as a major operational risk, as it is often driven by employee demands for productivity but leads to reduced visibility for IT teams. The survey revealed that 38 percent of respondents in Pakistan reported the absence of clear policies governing the use of non corporate devices. Among employees, 17 percent stated they are allowed to use personal devices to access company data provided they have some level of cybersecurity protection, including consumer grade software, while 16 percent said such devices are permitted only after passing stricter IT security checks. At the same time, 29 percent of respondents confirmed that only company issued devices are permitted for work purposes, showing variation in enforcement across organisations.
The findings also highlighted differences in software installation permissions, with 56.5 percent of respondents stating that only IT specialists are authorised to install software on corporate systems. In 19.5 percent of organisations, installation rights are limited to top management or designated users, while 17 percent allow employees to install only IT approved software. However, 7 percent reported that employees can install any software without IT approval, increasing exposure to security threats. In addition, 26 percent of professionals admitted to installing software on their work devices without IT supervision within the past year, reinforcing concerns around shadow IT practices and unmanaged system access.
The survey concluded that these gaps contribute to ongoing cybersecurity vulnerabilities, compliance challenges and increased exposure to data breaches. It recommended that organisations in Pakistan conduct shadow IT audits to identify unauthorized software, cloud services and personal devices accessing corporate systems. The findings suggest that without stronger enforcement mechanisms and improved awareness, corporate environments will continue to face risks linked to inconsistent cybersecurity practices and uncontrolled digital usage across workplace networks.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
