More than half of enterprises are considering a ban on personal devices for work use in 2025. Kinly’s Trusted Connections 2025 research reveals that ‘Shadow AV’, the unchecked use of personal devices for work, is creating serious security blind spots for modern organisations.
Our research shows that nearly half of enterprises are grappling with this issue. Personal devices are slipping into organisations unnoticed, making it harder for IT and security teams to protect systems, data and users.
Based on a survey of 425 enterprise AV professionals across the UK, Germany, Nordics and the Netherlands, Trusted Connections shows how hybrid working has only added to the problem. Three in five businesses say it’s harder than ever to secure devices used outside the office, while 46% believe personal devices are actively undermining their remote work strategies.
In more than a quarter of cases, employee-owned devices are holding organisations back from achieving their goals. In some instances, businesses are becoming exposed to serious cyber risks, including ransomware attacks, GDPR violations and compliance breaches under regulations like NIS2.
Even basic security practices are harder to enforce at home. While over three quarters of enterprises say their in-office AV equipment is protected with strong encryption, that drops to just two thirds for remote or personal setups. Securing personal devices and home-based AV is now a top priority for 30% of organisations in 2025.
Despite the growing risk, many organisations are still failing to treat AV as part of their core security posture. While 79% of professionals believe AV tech plays a vital role in protecting the digital workplace, less than half say their business actually recognises its role.
Don Gibson, Chief Information Security Officer, Kinly, said:
“Unsecured personal devices are the digital equivalent of leaving your front door wide open and hoping no one walks in. They’re unmanaged, unmonitored and opening up serious threats, from ransomware attacks to regulatory fines. If you’re not treating all devices as part of your security perimeter, you’ve already lost control.”
“If businesses must allow personal devices on the network, the priorities should be visibility and control. That means enforcing role-based access, mandating encrypted collaboration tools and providing regular employee training. IT teams should be able to securely onboard personal devices by enforcing compliance requirements and clear user accountability before granting access to internal systems. Striking the right balance means evaluating risk against reward, because what works for one company, team or region, won’t necessarily suit another.”
Discover how organisations are rethinking device security in an increasingly hybrid world. Download your copy of Kinly Trusted Connections 2025.