Shadow AI presents cyber security challenge

Employee behaviour is creating significant and often hidden cyber security risks, with widespread use of unauthorised AI tools and unsafe workplace practices exposing organisations to growing threats, according to research from WatchGuard Technologies.

The company's 2026 Cybersecurity Hygiene Report found that 64% of SME employees admitted using unauthorised AI tools for work, contributing to a growing shadow AI problem that many organisations lack the visibility to manage.

The research also found that 76% of respondents reuse passwords across multiple accounts, 70% use public wifi for work and 50% access corporate resources without VPN protection, increasing the risk of credential theft, data interception and unauthorised access.

The report found fewer than 30% of respondents believed their organisation maintained an accurate inventory of software in use while almost 40% said their employer lacked full visibility into the applications employees were using.

It also found that 30% of employees share passwords with others while 55% use work devices for personal activities, increasing exposure to malware, phishing attacks and other cyber threats.

The findings are based on an independent online survey of 684 employees at organisations with between 50 and 500 staff across the UK, US, Germany, France, Spain, Australia, Mexico and Brazil. The research was conducted in April 2026.



Share Story:

YOU MIGHT ALSO LIKE


Resilience Rooted in Reality
In this podcast, CIR speaks to CLDigital’s Tejas Katwala about why organisations must move beyond checklist compliance to build living, data driven resilience. He explains how rethinking governance, risk and compliance, breaking down silos and focusing on value streams can create sustainable, real time resilience that is rooted in the way businesses actually operate today.

Building cyber resilience in a complex threat landscape
Cyber threats are evolving faster than ever. This episode explores how organisations can strengthen defences, embed resilience, and navigate regulatory and human challenges in an increasingly complex digital environment.