Employees Drive Rising Cybersecurity Risk As Shadow AI and Unsafe Work Habits Surge, WatchGuard Global Survey Finds

New research from WatchGuard® Technologies, a global leader in unified cybersecurity for managed service providers (MSPs), reveals that employee behaviour is creating significant and often unseen cybersecurity risk for small and mid-sized businesses (SMBs).

According to the "2026 Cybersecurity Hygiene Report Cybersecurity_Hygiene_Report_2026 Final For Design.docx

64% of employees admit to using unauthorised AI tools for work, contributing to a rapidly expanding shadow AI problem that most organisations lack visibility to manage.

At the same time, common workplace habits continue to amplify risk. 76% of employees reuse passwords, 70% use public Wi-Fi for work, and 50% access corporate resources without VPN protection, exposing organisations to credential theft, data interception, and unauthorised access.

"Organisations are investing in security tools, but many still lack visibility into how employees actually work," said Marc Laliberte, Director of Security Operations at WatchGuard. "Everyday behaviours, from AI usage to password practices, create risk that traditional controls aren't designed to address."

Visibility Gaps Expand as AI Adoption Accelerates

Consumer AI tools have ushered in a fast-growing category of security risk that most organisations have yet to address with a formal governance posture. As outlined in the report, less than 30% of respondents believe their organisation maintains an accurate inventory of software in use, and nearly 40% said their company is operating without full visibility into the applications its employees use.

This lack of governance, including organisational guidance on approved tooling and what information can be transmitted externally, creates a dangerous blind spot for IT and cybersecurity teams.

Widespread Unsafe Work Habits Remain Unchecked

Beyond shadow AI, widespread employee behaviours continue to undermine organisational security protocols and create opportunities for hackers, including:

  • 76% of employees admit to reusing passwords across multiple accounts, meaning a single compromised credential leaves an organisation susceptible to account takeover, lateral movement, and substantial data exfiltration across multiple systems, platforms, and applications. Moreover, 30% of respondents said they share their passwords with others.
  • 70% use public Wi-Fi for work, while 50% access corporate resources without VPN protection. This significantly expands an organisation's attack surface and increases exposure to data interception, credential theft, and unauthorised network access through man-in-the-middle attacks and other threats targeting unsecured connections.
  • 55% use work devices for personal activities, introducing increased risk for malware infections, phishing attacks, and exposure to applications or websites that could bypass organisational security controls. The widespread adoption of hybrid and remote work has blurred personal and professional boundaries, creating new opportunities for attackers to compromise corporate data, making it more difficult for security teams to mitigate risk effectively.

MSPs Positioned to Address Growing Employee Risk

Increasing productivity pressures, evolving work environments, and rapid technology adoption are driving risky behaviours across the workforce.

This creates a clear opportunity for managed service providers (MSPs) to help SMBs address cybersecurity hygiene gaps before they lead to serious incidents.

"These findings highlight a broader shift in cybersecurity risk. As organisations adopt new technologies and support distributed work, managing human behaviour is becoming a core requirement," said Laliberte. "For MSPs, this is an opportunity to expand beyond technology into user risk visibility, policy governance, and continuous security awareness."

To reduce exposure, WatchGuard recommends SMBs and MSP partners focus on six practical steps, including enforcing password managers and MFA, identifying unauthorised or shadow technology use, establishing clear AI acceptable-use policies, extending protection beyond the office with VPN and zero trust approaches, and implementing continuous security training while tracking human-risk metrics alongside technical indicators.

Access the complete findings of the "2026 Cybersecurity Hygiene Report."

Methodology

The findings are based on an independent online survey of 684 employees working at SMB and midmarket organisations (50-500 employees) across the U.S., U.K., Germany, France, Spain, Australia, Mexico, and Brazil. The survey was conducted in April 2026. All percentages reflect self-reported employee behaviour.

About WatchGuard Technologies, Inc.

WatchGuard Technologies is a global leader in unified cybersecurity, purpose-built for managed security providers (MSPs). For more than 30 years, WatchGuard has defined how MSPs deliver security at scale, continuously innovating to stay ahead of every major shift in the threat landscape.

WatchGuard's AIpowered Unified Security Platform delivers Zero Trust aligned network, endpoint, and identity protection in a single, integrated platform, enabling MSPs to reduce operational complexity, improve security outcomes, and grow their businesses more efficiently.

Trusted by more than 25,000 MSPs protecting over 1.5 million customers worldwide, WatchGuard enables partners to deliver strong, measurable security outcomes for customers across the globe.

Learn more at WatchGuard.com, follow WatchGuard on LinkedIn, or visit the WatchGuard CyberSecurity Hub for real-time threat insights.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.