More than half (52%) of enterprises are considering banning personal devices from the workplace according to research from integrator Kinly.
The response is to address ‘Shadow AV’, described as the unchecked use of personal tech, from webcams to tablets for work, that is creating serious security blind spots.
According to Kinly’s Trusted Connections 2025 report, nearly half (49%) of enterprises are already grappling with this issue with personal devices making it harder for IT and security teams to protect systems, data, and users.
Based on a survey of 425 enterprise AV professionals across the UK, Germany, Nordics, and the Netherlands, the research shows how hybrid working has made the problem worse. Three in five businesses (57%) say it’s harder than ever to secure devices used outside the office, while 46% believe personal tech is actively undermining their remote work strategies.
In more than a quarter (27%) of cases, employee-owned devices are holding organisations back from achieving business goals and in some cases, exposing them to serious cyber risks, including ransomware attacks, GDPR violations, and compliance breaches under regulations like NIS2.
Even basic security practices are harder to enforce at home. While 77% of enterprises say their in-office AV equipment is protected with strong encryption, that drops to just 66% for remote or personal setups. Securing personal devices and home-based AV is now a top priority for 30% of organisations in 2025.
Despite the growing risk, many organisations are still failing to treat AV as part of their core security posture. While 79% of professionals believe AV tech plays a vital role in protecting the digital workplace, less than half (46%) say their business actually recognises its role.
Don Gibson, chief information security officer at Kinly, said: “Unsecured personal devices are the digital equivalent of leaving your front door wide open and hoping no one walks in. They’re unmanaged, unmonitored, and opening up serious threats - from ransomware attacks to regulatory fines. If you’re not treating all devices, as part of your security perimeter, you’ve already lost control.
“If businesses must allow personal devices on the network, the priorities should be visibility and control. That means enforcing role-based access, mandating encrypted collaboration tools, and providing regular employee training. IT teams should be able to securely onboard personal devices by enforcing compliance requirements and enforcing clear user accountability before granting access to internal systems. Striking the right balance means evaluating risk against reward, because what works for one company, team or region won’t necessarily suit another.”
Top image credit: Undrey/Shutterstock.com