5 in 6 APAC workers access work apps with unsecured devices

Privileged access combined with worrisome worker actions compound security risks for organisations in the Asia-Pacific region, highlighting the need to shift to a model where workforce access is not just managed but secured, according to CyberArk.

The identity security firm tapped Censuswide, a member of the British Polling Council, to conduct a research among a sample of 14,003 employees who use a computer for work in the United Kingdom, the United States, France, Germany, Australia and Singapore. The data was collected between October 17 and 25, 2024.

Findings show that the majority of respondents have access to sensitive information, with 83% of those based in APAC saying that they access workplace applications — which often contain business-critical data — from personal devices that frequently lack adequate security controls.

The survey confirms that privileged access is no longer confined to IT admins as 40% of APAC respondents indicated they habitually download customer data; 40% are able to alter critical or sensitive data; and 25% can approve large financial transactions.

Also, password reuse is common, with 49% of APAC employees surveyed using the same login credentials for multiple work-related applications, while 40% use the same credentials for both personal and work applications. 

More than half (53%) have shared workplace-specific confidential information with outside parties. These practices significantly heighten the risk of security leaks and breaches.

Further, the majority bypass cybersecurity policies, with 62% of APAC employees often bypassing cybersecurity policies to make their lives easier. 

Common workarounds include using one password across multiple accounts; using personal devices as WiFi hotspots; and forwarding corporate emails to personal accounts.

In addition, AI adoption creates more security challenges, with over 70% of APAC employees using AI tools, which can introduce new vulnerabilities when, for instance, sensitive data is input into them. 

A third (33%) of Asia Pacific employees either “only sometimes” or “never” adhere to guidelines on handling sensitive information in their use of AI tools.

Lim Teck Wee, CyberArk area VP for ASEAN, said that employees play a pivotal role in ensuring an organisation is secure against cyber attacks. Human errors, such as weak passwords, accidental sharing of sensitive data, or bypassing cybersecurity policies, remain a leading cause of security incidents today. 

“Building a culture of security awareness and providing continuous training to educate employees on the consequences of their dangerous behaviour is key,” said Lim. “It is also critical for businesses across the region to embed identity security at every layer to protect sensitive data, preserve trust, and ensure resilience against ever-growing cyber threats.”