
Shadow IT—when employees use unauthorized devices and SaaS apps—creates significant risk for organizations. The problem is even bigger as employee adoption of generative AI tools skyrockets. These tools are especially risky because they connect to a lot more systems and apps within an enterprise and can process massive amounts of sensitive information.
Another piece of the puzzle is IT team burnout. Security risks and workloads too often outpace team size and budgets, leading to overwhelmed IT teams and security vulnerabilities.
To understand the impact of shadow IT and a burnt-out IT department, among other topics, we surveyed 1,000 U.S.-based employed adults and 500 U.S.-based IT leaders. Let’s dive into some of their insights about these two factors putting business security at risk.
Shadow IT: The hidden—and necessary—risk to your organization’s security
The risks of shadow IT aren’t going away. Some unauthorized apps empower employees to be more productive and help the business achieve its goals, but putting these apps behind SSO isn’t a magical and budget-friendly solution.
Our data shows that the threat of shadow IT is real: 39% of employees use apps not managed by their company on work devices, and IT leaders also estimate that, on average, 37% of their corporate apps are not behind single sign-on (SSO).

Shadow IT creates numerous problems, including an increased attack surface and potential compliance violations. Without visibility into the devices, apps, and services that access corporate resources, IT teams can’t secure company data and ensure that only authorized users are accessing sensitive information and systems. This fragmented visibility makes it difficult to detect external and insider threats.
Consequently, shadow IT ultimately leaves organizations vulnerable to cyberattacks and data loss or compromise. However, the potential damage goes far beyond financial losses, including reputational damage that may take a lot of time and resources to repair.
The burden of credential security falls on overwhelmed IT teams
Needing to stay on top of shadow IT risks is just one of the many reasons burnout has become an epidemic among IT teams. Research shows that 58% of IT practitioners report being overwhelmed by their daily job responsibilities and tasks.
Additionally, the average IT worker reports having the capacity to support only 85% of the tickets received each day.
Our data shows that manual credential management adds greatly to this burden. Virtually every IT leader (96%) says they have to deal with credential-related issues, with password resets and weak passwords being the most common problems.
The time drain due to these issues can be substantial, contributing to burnout. More than three-quarters (78%) of IT leaders say their teams deal with employee password issues at least weekly. For 28%, password problems come up daily or even multiple times a day.

Additionally, IT teams face other burdens related to their work: Running trainings, adapting processes to organizational changes, meeting executive expectations, addressing the threat of breaches, and more.
Add to that the mounting credential risks and the fallout from employees’ aversion to security training, and it’s easy to see why IT teams are overwhelmed.
So where do we go from here? Major challenges require major solutions, like passwordless authentication and proactive credential security. Get started today to stay ahead of credential threats.
Sign up to receive news and updates about Dashlane