Comunicado de imprensa
Jul
14

Employees Drive Rising Cybersecurity Risk As Shadow AI and Unsafe Work Habits Surge, WatchGuard Global Survey Finds

New Research Highlights Growing Visibility Gap Between Employee Behavior and Organizational Security Controls.

SEATTLE – July 14, 2026 – New research from WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), reveals that employee behavior is creating significant and often unseen cybersecurity risk for small and mid-sized businesses (SMBs). 

According to the “2026 Cybersecurity Hygiene Report ,” 64% of employees admit to using unauthorized AI tools for work, contributing to a rapidly expanding shadow AI problem that most organizations lack visibility to manage.  

At the same time, common workplace habits continue to amplify risk. 76% of employees reuse passwords, 70% use public Wi-Fi for work, and 50% access corporate resources without VPN protection, exposing organizations to credential theft, data interception, and unauthorized access.  

"Organizations are investing in security tools, but many still lack visibility into how employees actually work,” said Marc Laliberte, Director of Security Operations at WatchGuard. “Everyday behaviors, from AI usage to password practices, create risk that traditional controls aren’t designed to address.” 

Visibility Gaps Expand as AI Adoption Accelerates 

Consumer AI tools have ushered in a fast-growing category of security risk that most organizations have yet to address with a formal governance posture. As outlined in the report, less than 30% of respondents believe their organization maintains an accurate inventory of software in use, and nearly 40% said their company is operating without full visibility into the applications its employees use.  

This lack of governance, including organizational guidance on approved tooling and what information can be transmitted externally, creates a dangerous blind spot for IT and cybersecurity teams.  

Widespread Unsafe Work Habits Remain Unchecked 

Beyond shadow AI, widespread employee behaviors continue to undermine organizational security protocols and create opportunities for hackers, including:  

  • 76% of employees admit to reusing passwords across multiple accounts, meaning a single compromised credential leaves an organization susceptible to account takeover, lateral movement, and substantial data exfiltration across multiple systems, platforms, and applications. Moreover, 30% of respondents said they share their passwords with others. 

     

  • 70% use public Wi-Fi for work, while 50% access corporate resources without VPN protection. This significantly expands an organization’s attack surface and increases exposure to data interception, credential theft, and unauthorized network access through man-in-the-middle attacks and other threats targeting unsecured connections.  

     

  • 55% use work devices for personal activities, introducing increased risk for malware infections, phishing attacks, and exposure to applications or websites that could bypass organizational security controls. The widespread adoption of hybrid and remote work has blurred personal and professional boundaries, creating new opportunities for attackers to compromise corporate data, making it more difficult for security teams to mitigate risk effectively. 

MSPs Positioned to Address Growing Employee Risk 

Increasing productivity pressures, evolving work environments, and rapid technology adoption are driving risky behaviors across the workforce. 

This creates a clear opportunity for managed service providers (MSPs) to help SMBs address cybersecurity hygiene gaps before they lead to serious incidents. 

“These findings highlight a broader shift in cybersecurity risk. As organizations adopt new technologies and support distributed work, managing human behavior is becoming a core requirement,” said Laliberte. “For MSPs, this is an opportunity to expand beyond technology into user risk visibility, policy governance, and continuous security awareness.” 

To reduce exposure, WatchGuard recommends SMBs and MSP partners focus on six practical steps, including enforcing password managers and MFA, identifying unauthorized  shadow technology use, establishing clear AI acceptable-use policies, extending protection beyond the office with VPN and zero trust approaches, and implementing continuous security training while tracking human-risk metrics alongside technical indicators. 

Access the complete findings of the “2026 Cybersecurity Hygiene Report.” 

Methodology 

The findings are based on an independent online survey of 684 employees working at SMB and midmarket organizations (50-500 employees) across the U.S., U.K., Germany, France, Spain, Australia, Mexico, and Brazil.  The survey was conducted in April 2026. All percentages reflect self-reported employee behavior.  

Sobre a WatchGuard Technologies, Inc.

A WatchGuard Technologies é líder global em cibersegurança unificada, desenvolvida especificamente para provedores de serviços gerenciados (MSPs). Há mais de 30 anos, a WatchGuard define como os MSPs oferecem segurança em escala, inovando continuamente para ficar à frente de todas as grandes mudanças no cenário de ameaças. 

A Plataforma de Segurança Unificada® alimentada por IA da WatchGuard oferece proteção de rede, endpoint e identidade alinhada à abordagem zero trust em uma plataforma única e integrada, permitindo que os MSPs reduzam a complexidade operacional, melhorem os resultados de segurança e expandam seus negócios com mais eficiência. 

Com a confiança de mais de 25 mil MSPs que protegem mais de 1,5 milhão de clientes em todo o mundo, a WatchGuard permite que os parceiros ofereçam resultados de segurança consistentes e mensuráveis para clientes em todo o mundo. 

Saiba mais em  WatchGuard.com/br, siga nosso perfil no LinkedIn ou acesse o WatchGuard Cybersecurity Hub para obter informações sobre ameaças em tempo real.  

WatchGuard é uma marca registrada da WatchGuard Technologies, Inc. Todas as outras marcas pertencem aos respectivos proprietários.