Recent Kaspersky (www.Kaspersky.co.za) research entitled “Cybersecurity in the workplace: Employee knowledge and behaviour” has found that 81,7% of professionals surveyed in the Middle East, Turkiye and Africa (META) region say that they utilise Artificial Intelligence (AI) tools for work tasks. However, only 38% have received training on the cybersecurity aspects of using neural networks, which is one of the critical elements of protection against AI-related risks ranging from data leaks to prompt injections. The research included participants from South Africa, Kenya and Egypt, where the trends were similar to that of the META region.

The vast majority of survey respondents in the META region (94,5%) said that they understand what the term “generative artificial intelligence” means, and for many employees this knowledge is no longer just theoretical: AI tools have become part of their every workday. Overall, 81,7% of respondents use AI tools for work: most often - to write or edit texts (63,2%) and work e-mails (51,5%), to create images or videos with the help of neural networks (45,2%), and for data analytics (50,1%).

The survey uncovered a serious gap in employee preparedness for AI risks. A third (33%) of professionals reported receiving no AI-related training. Among those who had courses, 48% said the focus was on how to effectively use AI tools and create prompts; while only 38% received guidance on the cybersecurity aspect of AI use.

While AI tools, which help automate everyday tasks, are becoming ubiquitous in many organisations, they often remain part of ‘shadow IT’, when employees use them without corporate guidance. 72,4% of respondents said generative artificial intelligence tools are permitted at their work, 21,3% acknowledged these tools are not allowed, while 6,3% were unsure.

To make employee use of AI more clear and secure, organisations should implement a company-wide policy regarding this aspect. This policy can prohibit AI use in specific functions and for certain types of data, regulate which AI tools are provided to employees, and allow only tools from the approved list. The policy should be formally documented, and employees should receive proper training. After setting a list of hygiene measures and restrictions, companies should monitor AI usage, identify popular services, and use this information to plan future actions and refine their security measures.

“For successful AI implementation, companies should avoid the extremes of a total ban as well as a free-for-all. Instead, the most effective strategy is a tiered access model, where the level of AI use is calibrated to the data sensitivity of each department. Backed by comprehensive training on cybersecurity aspects of AI, this balanced approach fosters innovation and efficiency while rigorously upholding security standards,” says Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.

To secure corporate AI use Kaspersky recommends organisations to:

• Train employees on responsible AI usage. Courses on AI security from Kaspersky Automated Security Awareness Platform (http://apo-opa.co/4hsPKwI) can help with adding specialised training to companies’ educational programmes.
• Provide IT specialists with relevant knowledge on exploitation techniques and practical defence strategies. The 'Large Language Models Security' training (http://apo-opa.co/4hj7gDn), part of the Kaspersky Cybersecurity Training portfolio, can enhance both the professional development and the overall cybersecurity of an organisation.
• Ensure all employees have a cybersecurity solution installed on all their work and personal devices used to access business data. Kaspersky Next products protect against a range of threats including phishing or installing a fake AI tool, particularly given the growing trend of scammers embedding infostealers in deceptive AI applications.
• Conduct regular surveys to monitor how frequently AI is being used and for which tasks. Using this information, assess both the benefits and risks of AI use to adjust company policy.
• Use a specialised AI proxy that cleans queries on-the-fly by removing specific types of sensitive data (such as names or customer IDs), and uses role-based access control to block inappropriate use cases.
• Create a full-fledged policy that addresses the spectrum of relevant risks. Kaspersky’s guidelines for securely implementing AI systems (http://apo-opa.co/4qBNUhh) can be of help.

*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.