Communiqué de presse
Juil
14

Employees Drive Rising Cybersecurity Risk As Shadow AI and Unsafe Work Habits Surge, WatchGuard Global Survey Finds

New Research Highlights Growing Visibility Gap Between Employee Behavior and Organizational Security Controls.

SEATTLE – July 14, 2026 – New research from WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), reveals that employee behavior is creating significant and often unseen cybersecurity risk for small and mid-sized businesses (SMBs). 

According to the “2026 Cybersecurity Hygiene Report ,” 64% of employees admit to using unauthorized AI tools for work, contributing to a rapidly expanding shadow AI problem that most organizations lack visibility to manage.  

At the same time, common workplace habits continue to amplify risk. 76% of employees reuse passwords, 70% use public Wi-Fi for work, and 50% access corporate resources without VPN protection, exposing organizations to credential theft, data interception, and unauthorized access.  

"Organizations are investing in security tools, but many still lack visibility into how employees actually work,” said Marc Laliberte, Director of Security Operations at WatchGuard. “Everyday behaviors, from AI usage to password practices, create risk that traditional controls aren’t designed to address.” 

Visibility Gaps Expand as AI Adoption Accelerates 

Consumer AI tools have ushered in a fast-growing category of security risk that most organizations have yet to address with a formal governance posture. As outlined in the report, less than 30% of respondents believe their organization maintains an accurate inventory of software in use, and nearly 40% said their company is operating without full visibility into the applications its employees use.  

This lack of governance, including organizational guidance on approved tooling and what information can be transmitted externally, creates a dangerous blind spot for IT and cybersecurity teams.  

Widespread Unsafe Work Habits Remain Unchecked 

Beyond shadow AI, widespread employee behaviors continue to undermine organizational security protocols and create opportunities for hackers, including:  

  • 76% of employees admit to reusing passwords across multiple accounts, meaning a single compromised credential leaves an organization susceptible to account takeover, lateral movement, and substantial data exfiltration across multiple systems, platforms, and applications. Moreover, 30% of respondents said they share their passwords with others. 

     

  • 70% use public Wi-Fi for work, while 50% access corporate resources without VPN protection. This significantly expands an organization’s attack surface and increases exposure to data interception, credential theft, and unauthorized network access through man-in-the-middle attacks and other threats targeting unsecured connections.  

     

  • 55% use work devices for personal activities, introducing increased risk for malware infections, phishing attacks, and exposure to applications or websites that could bypass organizational security controls. The widespread adoption of hybrid and remote work has blurred personal and professional boundaries, creating new opportunities for attackers to compromise corporate data, making it more difficult for security teams to mitigate risk effectively. 

MSPs Positioned to Address Growing Employee Risk 

Increasing productivity pressures, evolving work environments, and rapid technology adoption are driving risky behaviors across the workforce. 

This creates a clear opportunity for managed service providers (MSPs) to help SMBs address cybersecurity hygiene gaps before they lead to serious incidents. 

“These findings highlight a broader shift in cybersecurity risk. As organizations adopt new technologies and support distributed work, managing human behavior is becoming a core requirement,” said Laliberte. “For MSPs, this is an opportunity to expand beyond technology into user risk visibility, policy governance, and continuous security awareness.” 

To reduce exposure, WatchGuard recommends SMBs and MSP partners focus on six practical steps, including enforcing password managers and MFA, identifying unauthorized  shadow technology use, establishing clear AI acceptable-use policies, extending protection beyond the office with VPN and zero trust approaches, and implementing continuous security training while tracking human-risk metrics alongside technical indicators. 

Access the complete findings of the “2026 Cybersecurity Hygiene Report.” 

Methodology 

The findings are based on an independent online survey of 684 employees working at SMB and midmarket organizations (50-500 employees) across the U.S., U.K., Germany, France, Spain, Australia, Mexico, and Brazil.  The survey was conducted in April 2026. All percentages reflect self-reported employee behavior.  

A propos de WatchGuard Technologies, Inc.

WatchGuard Technologies est un leader mondial de la cybersécurité unifiée, conçue spécifiquement pour accompagner les fournisseurs de services managés (MSP) avec une protection intégrée et évolutive. Depuis plus de 30 ans, WatchGuard définit la manière dont les MSP délivrent la sécurité à grande échelle, en innovant en continu pour garder une longueur d’avance face à chaque évolution majeure du paysage des menaces. 

Propulsée par l’IA, la plateforme Unified Security Platform® de WatchGuard fournit une protection réseau, endpoint et identité alignée sur les principes du Zero Trust au sein d’une plateforme unique et intégrée. Elle permet aux MSP de réduire la complexité opérationnelle, d’améliorer les résultats en matière de sécurité et d’accélérer leur croissance de manière plus efficace. 

Plébiscitée par plus de 25 000 MSP protégeant plus de 1,5 million de clients dans le monde, WatchGuard Technologies permet à ses partenaires de délivrer des résultats de sécurité solides et mesurables pour des organisations à l’échelle internationale. 

Découvrez-en plus sur WatchGuard.com, suivez WatchGuard sur LinkedIn, ou consultez le Hub de cybersécurité de WatchGuard pour obtenir des informations en temps réel sur les menaces.  

WatchGuard est une marque commerciale déposée de WatchGuard Technologies, Inc. Toutes les autres marques sont la propriété de leurs détenteurs respectifs.