One of the core reasons why businesses remain vulnerable to cyberthreats is that they underestimate their risk or overestimate the strength of their existing defences. According to a recent Kaspersky survey entitled “Cybersecurity in the workplace: Employee knowledge and behavior”, 71.3% of professionals surveyed in Pakistan, whose work requires the use of computers, asses the risk of a cybersecurity incident happening to their company as quite possible.
Read More: PTA Admits Limited Power on Online Fraud, Shifts Blame to Other Agencies
Commenting on the probable consequences of a cybersecurity incident, 73.8% of employees surveyed supposed that it might seriously affect the company. This understanding of risks comes not only from general cybersecurity awareness, but also from knowledge about cyber incidents in their organizations: 53% of respondents acknowledged such incidents happened in the past 12-months, while an additional 19% said they have heard about these incidents from colleagues.
Organizations nowadays face a variety of cyberthreats ranging from phishing and business email compromise to ransomware and advanced persistent threats. In a lot of these attacks, the entry point into the organization’s network is via a human mistake, and it is for that reason attackers actively employ social engineering techniques and AI tools to make their efforts more effective.
The survey shows that the majority of respondents understand that cybersecurity is an issue that should be considered by the IT department, while 23% also mentioned top level executives and 12.8% cited legal and financial employees as core groups within the business who should keep cybersecurity issues in mind. Only 37.8% of employees surveyed viewed cybersecurity as an issue that should be considered by all employees across the entire business.
“In today’s digital landscape, cybersecurity is a collective responsibility that extends beyond the IT department. Every employee should remain vigilant against evolving threats. Regular cybersecurity training, use of relevant IT solutions, well-defined policies and an incident response plan are essential pillars of organizational cyber resilience. When every team member is informed and prepared, the organization stands stronger against cyber threats,” says Toufic Derbass, Managing Director for the META region at Kaspersky.
To help organizations strengthen their defenses, Kaspersky believes that employee education and cybersecurity training is necessary as human error is a common cause for cybersecurity breaches. Solutions such as Kaspersky Automated Security Awareness Platform can help with practical cybersecurity skills such as recognizing phishing emails and suspicious links.
Upskill cybersecurity teams with Kaspersky online trainings, and with Kaspersky Threat Intelligence. In addition, Kaspersky’s Digital Footprint Intelligence can help with monitoring external threats for companies’ assets, strengthening defense against credential leaks.
Implement robust monitoring and cybersecurity solutions, for example from the Kaspersky Next product line. Encourage employees to report suspicious activity without fear of blame, reward proactive security behaviors to reinforce good habits, for example during phishing simulations.
*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.
