Comunicado de prensa
Jul
14

Employees Drive Rising Cybersecurity Risk As Shadow AI and Unsafe Work Habits Surge, WatchGuard Global Survey Finds

New Research Highlights Growing Visibility Gap Between Employee Behavior and Organizational Security Controls.

SEATTLE – July 14, 2026 – New research from WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), reveals that employee behavior is creating significant and often unseen cybersecurity risk for small and mid-sized businesses (SMBs). 

According to the “2026 Cybersecurity Hygiene Report ,” 64% of employees admit to using unauthorized AI tools for work, contributing to a rapidly expanding shadow AI problem that most organizations lack visibility to manage.  

At the same time, common workplace habits continue to amplify risk. 76% of employees reuse passwords, 70% use public Wi-Fi for work, and 50% access corporate resources without VPN protection, exposing organizations to credential theft, data interception, and unauthorized access.  

"Organizations are investing in security tools, but many still lack visibility into how employees actually work,” said Marc Laliberte, Director of Security Operations at WatchGuard. “Everyday behaviors, from AI usage to password practices, create risk that traditional controls aren’t designed to address.” 

Visibility Gaps Expand as AI Adoption Accelerates 

Consumer AI tools have ushered in a fast-growing category of security risk that most organizations have yet to address with a formal governance posture. As outlined in the report, less than 30% of respondents believe their organization maintains an accurate inventory of software in use, and nearly 40% said their company is operating without full visibility into the applications its employees use.  

This lack of governance, including organizational guidance on approved tooling and what information can be transmitted externally, creates a dangerous blind spot for IT and cybersecurity teams.  

Widespread Unsafe Work Habits Remain Unchecked 

Beyond shadow AI, widespread employee behaviors continue to undermine organizational security protocols and create opportunities for hackers, including:  

  • 76% of employees admit to reusing passwords across multiple accounts, meaning a single compromised credential leaves an organization susceptible to account takeover, lateral movement, and substantial data exfiltration across multiple systems, platforms, and applications. Moreover, 30% of respondents said they share their passwords with others. 

     

  • 70% use public Wi-Fi for work, while 50% access corporate resources without VPN protection. This significantly expands an organization’s attack surface and increases exposure to data interception, credential theft, and unauthorized network access through man-in-the-middle attacks and other threats targeting unsecured connections.  

     

  • 55% use work devices for personal activities, introducing increased risk for malware infections, phishing attacks, and exposure to applications or websites that could bypass organizational security controls. The widespread adoption of hybrid and remote work has blurred personal and professional boundaries, creating new opportunities for attackers to compromise corporate data, making it more difficult for security teams to mitigate risk effectively. 

MSPs Positioned to Address Growing Employee Risk 

Increasing productivity pressures, evolving work environments, and rapid technology adoption are driving risky behaviors across the workforce. 

This creates a clear opportunity for managed service providers (MSPs) to help SMBs address cybersecurity hygiene gaps before they lead to serious incidents. 

“These findings highlight a broader shift in cybersecurity risk. As organizations adopt new technologies and support distributed work, managing human behavior is becoming a core requirement,” said Laliberte. “For MSPs, this is an opportunity to expand beyond technology into user risk visibility, policy governance, and continuous security awareness.” 

To reduce exposure, WatchGuard recommends SMBs and MSP partners focus on six practical steps, including enforcing password managers and MFA, identifying unauthorized  shadow technology use, establishing clear AI acceptable-use policies, extending protection beyond the office with VPN and zero trust approaches, and implementing continuous security training while tracking human-risk metrics alongside technical indicators. 

Access the complete findings of the “2026 Cybersecurity Hygiene Report.” 

Methodology 

The findings are based on an independent online survey of 684 employees working at SMB and midmarket organizations (50-500 employees) across the U.S., U.K., Germany, France, Spain, Australia, Mexico, and Brazil.  The survey was conducted in April 2026. All percentages reflect self-reported employee behavior.  

Acerca de WatchGuard Technologies

WatchGuard Technologies es líder mundial en ciberseguridad unificada y diseñada para proveedores de servicios administrados (MSP). Desde hace más de 30 años, WatchGuard define la manera en que los MSP ofrecen seguridad a escala e innova continuamente para mantenerse a la vanguardia de cada cambio importante en el panorama de las amenazas. 

La Unified Security Platform® de WatchGuard, impulsada por IA, ofrece protección de identidades, endpoints y redes alineada con Zero Trust en una plataforma única e integrada, lo que permite a los MSP reducir la complejidad operativa, mejorar los resultados de seguridad y hacer crecer sus negocios de manera más eficiente. 

Gracias a la confianza de más de 25.000 MSP que protegen a más de 1,5 millones de clientes en todo el mundo, WatchGuard permite a los partners ofrecer resultados de seguridad sólidos y medibles para clientes de todo el mundo. 

Obtenga más información en WatchGuard.com, siga a WatchGuard en LinkedIn, o visite el Centro de ciberseguridad de WatchGuard para conocer insights sobre las amenazas en tiempo real.  

WatchGuard es una marca registrada de WatchGuard Technologies, Inc. Todas las demás marcas son propiedad de sus respectivos dueños.