WatchGuard Technologies, a unified cybersecurity organization for managed service providers (MSPs), recently unveiled new research which found that employee behavior has led to significant and sometimes unseen cybersecurity risks for small- and medium-sized businesses (SMBs).
Unauthorized AI use creates visibility gaps
The 2026 Cybersecurity Hygiene Report found that 64 percent of employees surveyed admit to using unauthorized AI tools for work. This has led to an accelerated expansion of shadow AI – which most organizations lack visibility to manage.
Consumer AI frequently serves as the unauthorized AI tool employees use for work-related tasks, and most organizations haven’t implemented a formal governance posture.
Fewer than 30 percent of respondents believe their organization maintains an accurate inventory of software in use, and nearly 40 percent say their company operates without full visibility into the applications its employees use.
Password reuse leaves SMB accounts exposed
Common workplace habits have also contributed to increased risk.
A significant percentage (76 percent) of employees admit to reusing passwords across multiple accounts, meaning a single compromised credential could leave an organization susceptible to account takeover, lateral movement, and substantial data exfiltration across multiple systems, platforms, and applications, according to WatchGuard.
Further, 30 percent of respondents also said they share passwords with others.
Remote-work habits expand the attack surface
Employees are also using public Wi-Fi to work a substantial amount (70 percent), and 50 percent said they’ve accessed corporate resources without VPN protection.
This expands an organization’s attack surface and increases exposure to data interception, credential theft, and unauthorized network access through man-in-the-middle attacks and other threats targeting unsecured connections.
Additionally, 55 percent of employees surveyed reported using work devices for personal activities. This introduces increased risk for malware infections, phishing attacks, and exposure to applications or websites that could bypass organizational security controls.
As hybrid and remote work adoption increases – blurring personal and professional boundaries – new opportunities for attackers to compromise corporate data emerge, making it harder for security teams to mitigate risk.
“Organizations are investing in security tools, but many still lack visibility into how employees actually work,” said Marc Laliberte, director of security operations at WatchGuard.
“Everyday behaviors, from AI usage to password practices, create risk that traditional controls aren’t designed to address.”
MSPs can turn human-risk gaps into services
MSPs are in a unique position to help SMBs in securing cybersecurity hygiene gaps before they evolve into serious incidents.
“These findings highlight a broader shift in cybersecurity risk. As organizations adopt new technologies and support distributed work, managing human behavior is becoming a core requirement,” said Laliberte. “For MSPs, this is an opportunity to expand beyond technology into user risk visibility, policy governance, and continuous security awareness.”
To accompany the research, WatchGuard provided recommendations to SMBs and MSPs, suggesting that these partners focus on six practical steps:
- Enforcing password managers and MFA
- Identifying unauthorized or shadow technology use
- Establish clear AI acceptable-use policies
- Extend protection beyond the office with VPN and zero-trust approaches
- Implementing continuous security training
- Track human-risk metrics alongside technical indicators





