Shadow IT Statistics: Key Facts to Learn in 2024

As an IT manager, you might not know about the shadow IT apps employees use. This lack of visibility can put your organization at risk, and malicious actors can access sensitive data and compromise system integrity. This blog shares vital Shadow IT statistics to help you understand the issue and create security policies to manage it.

Shadow IT is often referred to as apps that an employee or department uses without IT approval to work more efficiently. However, shadow IT affects your organization and creates significant risks that are hard to manage. As per Auvik’s IT trends report, only 1 in 4 respondents ranked shadow IT visibility as a top priority for the coming year.

Therefore, we will cover key Shadow IT statistics to help IT teams understand and combat shadow IT. This will highlight the need for the IT teams to identify the reasons that impact and enhance the overall security posture of your organization.

Statistics on Who Uses Shadow IT

Shadow IT is often perceived as a malicious practice, but the reality is quite different. Employees often use unapproved tools simply because they prefer them or believe they can get work done more efficiently. It's not about being defiant; it's about finding the best tools for the job.

Employee Usage of Unapproved Tools

• 42% of team members use email accounts not approved by IT teams
• 38% of employees use unapproved personal messenger platforms to discuss work-related matters
• 35% use unapproved video conferencing and file storage services
• 27% use unapproved collaboration tools
• 21% use unapproved file transfer/sharing services

IT Managers and Shadow IT

• According to CSA's findings, 58% of IT managers use unapproved tools for collaborating and communicating with other team members
• Only 28% of employees used these types of unsanctioned tools

Resistance to IT-Approved Tools

• 53% of departments refuse to use IT-approved tools
• 82% of IT professionals have experienced issues with teams when they suggest new tools
• IT often succeeds in getting teams to adopt sanctioned tools (around 63% of the time)
• Team members continue to use tools without approval 13% of the time

Remote Work and Shadow IT

• 65% of employees who worked remotely before the pandemic use some form of shadow IT
• Only 31% of those who started working remotely after the pandemic admit to using shadow IT

Generational Differences

• According to Beezy, millennials are most likely to use shadow IT (54%)
• Gen X (38%) and Gen Z (33%) are less likely to use unapproved technology at work
• Baby Boomers use shadow IT the least (15%)

Employee Satisfaction with Employer Tools

• 58% of employees aren't satisfied with existing tools
• 42% of employees are completely satisfied with their employer's tools
• Millennials (40%) and Gen Zers (63%) feel that these tools are unreliable, broken, and frustrating to use

Reasons for Shadow IT Apps’ Usage: Key Statistics Explained

Shadow IT is a significant challenge for organizations, but employees often adopt it for reasons that are rational and understandable from their perspective.

Here are some key shadow IT statistics that highlight the reasons behind Shadow apps’ usage:

Pressure to Prioritize Business Operations

• 91% of teams feel pressured to prioritize business operations over security, leading employees to seek tools to help them get work done more efficiently.

Slow IT Response Times

• 38% of employees are driven towards shadow IT due to slow IT response times, leading to frustration and a desire for more efficient solutions.

Remote and Hybrid Work

• 65% of remote workers use non-approved tools, and 39% of IT managers find assisting employees in resolving IT issues extremely challenging.

IT Issues

• 24% of non-IT employees struggle with solving IT issues, which can lead to adopting unapproved tools.

Employee Dissatisfaction

• 61% of employees aren’t satisfied with existing technologies, finding them to be buggy, unreliable, and unable to integrate with existing systems.

Monitoring Activity

• Despite 85% of employees believing that their business monitors their activity, they still rely on unsanctioned tools, indicating that employees are willing to take risks to get work done more efficiently.

IT Teams Perspective

• 77% of IT team members see value in embracing shadow IT, believing there are benefits to adopting tools that can improve employee productivity and efficiency.

These statistics highlight the reasons behind Shadow IT usage, including the pressure to prioritize business operations, reliance on web-based tools, slow IT response times, and dissatisfaction with provided tools. Organizations can develop more effective strategies for managing and securing corporate data by understanding these reasons.

Statistics on the Impact of Shadow IT in Your Organization

Here are key shadow IT statistics highlighting the impact of Shadow IT on your organization:

• Approximately 85% of businesses worldwide have encountered cyber incidents in the past two years, with 11% due to unauthorized shadow IT usage.
• 60% of organizations fail to include Shadow IT in their threat assessments, leaving them vulnerable to potential security breaches.
• 58% of companies feel their SaaS security solutions inadequately cover their SaaS environment, indicating a lack of comprehensive security measures.
• About 65% of SaaS apps are unsanctioned and used without IT approval, highlighting the prevalence of unauthorized technology usage.
• Gartner estimates that 30-40% of large companies' IT expenditure is shadow IT, emphasizing the significant financial impact of unauthorized technology usage.
• Only 12% of IT departments can keep up with new technology requests, leading to backlog issues, which can further exacerbate security risks.
• Nearly 1 in 2 cyberattacks stem from shadow IT, and the costs to fix them average more than $4.2 million, underscoring the devastating financial impact of Shadow IT on organizations.
• 57% of SMBs are experiencing high-impact shadow IT, and 85% have a team using it in the business right now.

These statistics underscore the critical need for organizations to address Shadow IT and implement robust governance and security measures to mitigate risks associated with unauthorized technology usage.

Security Concerns with Shadow IT Statistics

Here are some key statistics that underscore the security concerns with shadow IT:

• 83% of organizations have experienced more than one data breach, 45% of which occurred in the cloud. Cloud-based data breaches are more costly than those in hybrid models.
• According to Gartner, one-third of successful cyber attacks will target data stored in shadow IT infrastructure, making it crucial for organizations to address this issue.
• 79% of IT leaders believe that using shadow IT risks company data, as these platforms have not been vetted for security.
• As per a 2023 report, 59% of IT professionals struggle to manage SaaS applications, with 65% of all SaaS apps not approved by IT. This lack of control leads to SaaS sprawl, which is a growing concern.
• 77% of IT professionals believe that shadow IT will become a major issue if management doesn’t take action. Furthermore, 37% of organizations do not have consequences for team members who violate IT policies and use unapproved apps.
• Due to a growing ticket backlog, only 12% of IT departments follow up with requests for new technologies from staff.
• 91% of IT teams feel pressured to compromise security if it improves business operations, with 50% feeling significant pressure.
• 83% of IT teams feel that enforcing cyber security policies is impossible, especially with the blurring of personal and professional lives due to remote work.
• According to Business Wire, 69% of IT executives consider shadow IT a major SaaS and cloud adoption concern.
• Over 5 billion malicious requests targeted unmanaged corporate APIs in 2022, highlighting the need for robust security measures.
• 15.8% of files in cloud-based services contain sensitive data, emphasizing the importance of data protection.
• The SEC fined Wall Street firms $1.1 billion for using shadow IT communication tools, demonstrating the severe consequences of non-compliance.
• 76% of SMBs say shadow IT threatens security, with business technologists being 1.8 times more likely to be a security threat.
• 55% of companies have experienced a SaaS security incident, with only 26% believing their company formally cancels unused software.

These statistics underscore the pressing need for organizations to address shadow IT and implement robust security measures to protect critical business data.

Shadow IT Cost Statistics

Shadow IT poses significant financial risks to businesses, leading to excessive spending, duplicate licenses, and potential security breaches. Here are key statistics highlighting the costs associated with Shadow IT:

IT Spending

• According to Gartner, Shadow IT accounts for 30%—40% of IT spending in large enterprises. Everest Group predicts it can reach 50%.

SaaS Waste

• The average company wastes $135,000 annually on unnecessary SaaS tools, indicating the prevalence of SaaS waste among businesses.

Data Breach Costs

• The average data breach cost is $4.35 million, as reported in the Cost of a Data Breach Report 2023. Additionally, 60% of data breaches lead to increased prices that are passed on to consumers.

These statistics underscore the significant financial impact of Shadow IT, emphasizing the importance of implementing effective strategies to manage and mitigate the risks associated with unauthorized technology usage within organizations.

Statistics of Shadow IT on SaaS & Cloud Services

Here are key statistics highlighting the prevalence and impact of Shadow IT on SaaS and cloud services:

• 65% of all SaaS apps are unsanctioned, indicating that a significant portion of SaaS applications are used without IT approval.
• Enterprises have an average of 975 unknown and 108 known cloud services, showcasing the complexity and scale of cloud service usage within organizations.
• Enterprises use 270 to 364 SaaS applications on average, with 52% of these applications being unsanctioned.
• 67% of employees at Fortune 1000 companies utilize unapproved SaaS applications, highlighting employees' widespread adoption of unauthorized tools.
• As per Beezy, 97% of cloud apps in use in the average enterprise are cloud shadow IT, underscoring the prevalence of unauthorized cloud services within organizations.
• 30% of cloud apps adopted after the pandemic are collaboration and consumer apps, reflecting the shift towards remote collaboration tools.
• 9% more users adopted Microsoft Teams, the fastest-growing collaboration app, indicating its increasing popularity.
• 27% more organizations adopted Discord, the fastest-spreading collaboration app, showcasing the diversification of collaboration tools in the post-pandemic landscape.
• 31% of employees still have access to previous employers' SaaS tools, and large companies have an average of 5.5 million assets stored in SaaS applications.

These statistics highlight the challenges Shadow IT poses in the realm of SaaS and cloud services, emphasizing the need for organizations to implement robust governance and security measures to mitigate risks associated with unauthorized technology usage.

Future Trends & Predictions on Shadow IT Statistics

Shadow IT continues to pose significant risks to businesses worldwide. Here are key statistics highlighting the future predictions of Shadow IT:

• Gartner predicts that by 2025, 70% of Shadow IT will be managed using PaaS capabilities, indicating a shift towards more robust governance and security measures.
• By 2027, 75% of employees will use technology outside of IT oversight, emphasizing the growing trend of employees adopting technology without IT approval.
• According to RTInsights, 69% of tech executives view Shadow IT as a top security concern and 59% struggle with SaaS sprawl. This highlights the need for effective management and security measures.

Eliminate Shadow IT to Enhance Security Posture & Cut IT Costs

By understanding shadow IT statistics, you gain valuable insights into the extent and nature of unauthorized app usage within your organization. This knowledge allows you to address the root causes and provide better, approved solutions that meet employees' needs.

Taking proactive steps to monitor and manage shadow IT can help you create a safer, more efficient IT environment. This effort's key strategies are regular audits, employee education, and close collaboration with different departments. By prioritizing these actions, you can reduce the risks associated with shadow IT and ensure your organization remains secure and compliant.

Therefore, you need to leverage a suitable platform like Zluri to eliminate shadow IT efficiently. Zluri offers a SaaS management platform that helps you gain complete visibility into your SaaS landscape. Zluri uses 9 discovery methods to identify all the apps used in your organization, including the shadow apps. This will eliminate the shadow IT and monitor risks, empowering you to improve your security posture.

Frequently Asked Questions (FAQs)

What are the examples of shadow IT?

Some common examples of Shadow IT include:

• Productivity tools: Tools like Slack, Trello, or ClickUp are often used for collaboration and project management but may not be officially licensed or sanctioned by the IT department.
• VOIP tools: Tools like Skype, which are used for voice and video communication, but may not be officially approved or managed by the IT department.

What are the security risks of shadow IT?

Shadow IT threatens your cloud environment by compromising data security and integrity. Without IT Security's knowledge or approval, they can't assess risks or respond quickly to cyber incidents. This lack of visibility and control can lead to serious consequences, including data breaches, unauthorized access, and system compromise.

What is a security vulnerability?

A security vulnerability is a weakness in your system's security measures, including hardware, software, design, implementation, internal controls, technical controls, physical controls, or other controls. This weakness can be accidentally triggered or intentionally exploited, violating your system's security policy. Identifying and addressing these vulnerabilities is crucial to maintain the integrity and confidentiality of your data and systems.