Employees Drive Rising Cybersecurity Risk As Shadow AI and Unsafe Work Habits Surge, WatchGuard Global Survey Finds

New Research Highlights Growing Visibility Gap Between Employee Behavior and Organizational Security Controls

SEATTLE, July 14, 2026 (GLOBE NEWSWIRE) -- New research from WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), reveals that employee behavior is creating significant and often unseen cybersecurity risk for small and mid-sized businesses (SMBs). 

According to the “2026 Cybersecurity Hygiene Report,” 64% of employees admit to using unauthorized AI tools for work, contributing to a rapidly expanding shadow AI problem that most organizations lack visibility to manage.  

At the same time, common workplace habits continue to amplify risk. 76% of employees reuse passwords, 70% use public Wi-Fi for work, and 50% access corporate resources without VPN protection, exposing organizations to credential theft, data interception, and unauthorized access.  

"Organizations are investing in security tools, but many still lack visibility into how employees actually work,” said Marc Laliberte, Director of Security Operations at WatchGuard. “Everyday behaviors, from AI usage to password practices, create risk that traditional controls aren’t designed to address.” 

Visibility Gaps Expand as AI Adoption Accelerates 

Consumer AI tools have ushered in a fast-growing category of security risk that most organizations have yet to address with a formal governance posture. As outlined in the report, less than 30% of respondents believe their organization maintains an accurate inventory of software in use, and nearly 40% said their company is operating without full visibility into the applications its employees use.  

This lack of governance, including organizational guidance on approved tooling and what information can be transmitted externally, creates a dangerous blind spot for IT and cybersecurity teams.  

Widespread Unsafe Work Habits Remain Unchecked 

Beyond shadow AI, widespread employee behaviors continue to undermine organizational security protocols and create opportunities for hackers, including:  

  • 76% of employees admit to reusing passwords across multiple accounts, meaning a single compromised credential leaves an organization susceptible to account takeover, lateral movement, and substantial data exfiltration across multiple systems, platforms, and applications. Moreover, 30% of respondents said they share their passwords with others.  

  • 70% use public Wi-Fi for work, while 50% access corporate resources without VPN protection. This significantly expands an organization’s attack surface and increases exposure to data interception, credential theft, and unauthorized network access through man-in-the-middle attacks and other threats targeting unsecured connections.  

  • 55% use work devices for personal activities, introducing increased risk for malware infections, phishing attacks, and exposure to applications or websites that could bypass organizational security controls. The widespread adoption of hybrid and remote work has blurred personal and professional boundaries, creating new opportunities for attackers to compromise corporate data, making it more difficult for security teams to mitigate risk effectively.  

MSPs Positioned to Address Growing Employee Risk 

Increasing productivity pressures, evolving work environments, and rapid technology adoption are driving risky behaviors across the workforce. 

This creates a clear opportunity for managed service providers (MSPs) to help SMBs address cybersecurity hygiene gaps before they lead to serious incidents. 

“These findings highlight a broader shift in cybersecurity risk. As organizations adopt new technologies and support distributed work, managing human behavior is becoming a core requirement,” said Laliberte. “For MSPs, this is an opportunity to expand beyond technology into user risk visibility, policy governance, and continuous security awareness.” 

To reduce exposure, WatchGuard recommends SMBs and MSP partners focus on six practical steps, including enforcing password managers and MFA, identifying unauthorized  shadow technology use, establishing clear AI acceptable-use policies, extending protection beyond the office with VPN and zero trust approaches, and implementing continuous security training while tracking human-risk metrics alongside technical indicators.  

Access the complete findings of the “2026 Cybersecurity Hygiene Report.” 

Methodology 

The findings are based on an independent online survey of 684 employees working at SMB and midmarket organizations (50-500 employees) across the U.S., U.K., Germany, France, Spain, Australia, Mexico, and Brazil.  The survey was conducted in April 2026. All percentages reflect self-reported employee behavior.  

About WatchGuard Technologies, Inc. 

WatchGuard Technologies is a global leader in unified cybersecurity, purpose-built for managed security providers (MSPs). For more than 30 years, WatchGuard has defined how MSPs deliver security at scale, continuously innovating to stay ahead of every major shift in the threat landscape. 

WatchGuard's AI-powered Unified Security Platform delivers Zero Trust-aligned network, endpoint, identity, and cloud security in a single, integrated platform, enabling MSPs to reduce operational complexity, improve security outcomes, and grow their businesses more efficiently. Through capabilities such as Cloud Detection and Response (CloudDR), WatchGuard helps organizations identify and investigate Shadow IT and unauthorized AI application usage, providing greater visibility into emerging risks across cloud environments. 

Trusted by more than 25,000 MSPs protecting over 1.5 million customers worldwide, WatchGuard enables partners to deliver strong, measurable security outcomes for customers across the globe.   

Learn more at WatchGuard.com, follow WatchGuard on LinkedIn, or visit the WatchGuard CyberSecurity Hub for real-time threat insights. 

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.


Marketbridge PR for WatchGuard
watchguard@marketbridge.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Advanced Search Options

Search for:

Search scope:

Type:

Search in:

Date range:

The last

Sort by:

Sign up for:

German Career Portal

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.