Only 41% of professionals in Pakistan have received formal training on digital threats, according to findings from a recent Kaspersky survey titled “Cybersecurity in the workplace: Employee knowledge and behaviour.” The study emphasizes the critical role of human factors in cybersecurity and urges organisations to implement practical, structured training programs that reach employees at all levels. Experts note that while technological defences are important, human error continues to be a major vulnerability that cybercriminals increasingly exploit.
The survey highlights that 68.5% of professionals reported encountering scams disguised as messages from colleagues, suppliers, or their own organisation in the past year. Among these, 40% admitted facing negative consequences as a result of such interactions, illustrating how human behaviour remains a key target for attackers. Other cybersecurity issues closely tied to employee actions include compromised passwords, unpatched IT systems and applications, leakage of sensitive data, and the use of unlocked or unencrypted devices. These findings indicate that without proper awareness, employees may inadvertently expose organisations to significant digital risks.
Education and awareness emerge as essential tools to prevent human-related cyberattacks. Kaspersky’s survey found that 51.5% of respondents had made IT-related errors due to a lack of cybersecurity knowledge. When asked which approaches were most effective in raising awareness among non-IT employees, 32% chose structured training over alternatives such as threat stories or references to legal responsibilities. The survey also revealed employees’ preferences for training topics, with 36% prioritizing mobile device security, 34.8% selecting account and password protection, and 31.3% focusing on safeguarding confidential work data and e-mail security. Other areas of interest included website and internet security, safe use of social networks and messaging platforms, secure remote work, and responsible use of AI-powered tools like chatbots. Nearly one-fifth of respondents expressed interest in receiving comprehensive training across all these areas, reflecting broad demand for thorough cybersecurity education.
Rashed Al Momani, General Manager for Middle East and Pakistan at Kaspersky, highlighted that cybersecurity cannot remain confined to IT departments alone. He stated that “everyone, from executives to new hires, needs a clear grasp of digital risks. A resilient organisation is built by equipping every employee with the skills to recognise scams, prevent costly mistakes, and protect company data.” Organisations are encouraged to complement employee education with advanced monitoring and cybersecurity solutions such as the Kaspersky Next product line. Solutions like Kaspersky Automated Security Awareness Platform help IT and HR teams deliver practical, engaging training, while also encouraging employees to report suspicious activity. Reinforcing positive cybersecurity habits through rewards and recognition ensures that awareness translates into actionable protection, strengthening an organisation’s overall digital security posture.
By investing in structured cybersecurity education and practical training programs, companies in Pakistan can reduce human-factor vulnerabilities, improve compliance, and create a security-conscious culture capable of responding effectively to evolving cyber threats. As digital operations expand across industries, equipping employees with both knowledge and practical skills becomes an essential component of organisational resilience and long-term digital security.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
