Cybersecurity Policy Gaps Threaten African Businesses

A recent Kaspersky survey across the Middle East, Turkiye, and Africa (META) region has revealed a concerning disconnect between cybersecurity policies and employee behavior. The study, “Cybersecurity in the workplace: Employee knowledge and behaviour,” found that 39% of professionals believe their company’s cybersecurity rules are excessive or inappropriate.

This issue is particularly prevalent in Kenya (25%) and South Africa (23%). Worryingly, 7% of respondents across the META region—4% in Kenya and 10% in South Africa—reported that their organizations lack cybersecurity policies altogether.

The survey highlights a growing challenge with shadow IT—the use of unauthorized devices and software. While often driven by employee productivity needs, shadow IT creates blind spots for IT departments and increases exposure to ransomware attacks, data leaks, and regulatory penalties. The rise of hybrid work environments and cloud-based tools has only accelerated this trend.

Key Findings from the Kaspersky Study

39% of professionals find cybersecurity rules excessive or inappropriate
7% of organizations have no cybersecurity policies in place
19% lack policies regarding personal device usage
21% installed software on work devices without IT approval in the past year
Only 8% can install any software they need without IT agreement

“Shadow IT is now a mainstream operational risk,” said Toufic Derbass, Managing Director for META at Kaspersky. “When one in five employees installs software without oversight, it signals a policy gap. Organizations should move beyond restrictive controls and implement user-friendly cybersecurity strategies that combine technology with employee awareness.”

Recommendations for Strengthening Cybersecurity

Kaspersky recommends organizations:

Conduct shadow IT audits to identify unauthorized applications
Implement robust monitoring solutions like EDR/XDR tiers
Define clear security requirements for personal devices
Provide regular cybersecurity training for employees

For employees, Kaspersky advises understanding company policies, seeking clarification when needed, and using only approved applications and devices.

Written with the assistance of AI. Reviewed and edited by the AfricanCIO editorial team.

Cybersecurity Policy Gaps Threaten African Businesses

Key Findings from the Kaspersky Study

Recommendations for Strengthening Cybersecurity

Related articles

Empowering African Innovation: University Students Tackle Real-World Challenges

Esca Finance Partners With MANSA for Same-Day Payment Settlements Across Africa

South Africa's AI Skills Gap Accelerates Amid Rapid Adoption