State of Workforce Security: Most Work Happens in Browsers and Nearly All Organisations Face Browser-based Attacks

Palo Alto Networks in collaboration with Omdia recently released research on The State of Workforce Security: Key Insights for IT and Security Leaders. The findings revealed that 85% of work is conducted through web browsers, and 95% of organisations have experienced browser-based attacks—underscoring the critical importance of securing web activity in today’s digital workplace. This comprehensive study sheds light on the shifting dynamics of workforce security, explores persistent challenges, and presents actionable strategies to defend against modern threats.

As Malaysian businesses continue their digital transformation, the evolving work environment presents new security challenges. The MEF Survey on Flexible Work Arrangements: Assessing Practices and Perspectives of Private Sector Employers reveals that more than 70% of organisations in Malaysia increased adoption of flexible work arrangements—a clear sign of shifting workplace dynamics, signaling a major shift in workplace dynamics. This transition, coupled with the rapid adoption of cloud-based applications, has undoubtedly enhanced productivity but also introduced new cybersecurity risks, including data leaks, phishing attacks, and reduced oversight over sensitive information.

With employees increasingly relying on personal devices and remote access, the attack surface for cyber threats continues to expand. To safeguard sensitive data while maintaining a seamless work experience, organisations must adopt security solutions that balance protection with usability—ensuring employees can remain productive without unnecessary restrictions while staying resilient against cyber threats.

The report highlights critical trends shaping workforce security, many of which are highly relevant to Malaysia’s evolving work landscape.

Key findings from the research include:

• Remote and hybrid work continue to shape workforce dynamics: Hybrid work will remain prevalent, with 42% of employees expected to work remotely in some capacity, emphasising the need for organisations to adapt to a permanently hybrid workforce using a combination of laptops and mobile devices.
• SaaS adoption surges, increasing security risks: Many organisations report using thousands of SaaS applications, highlighting the challenge of securing cloud environments effectively.
• The browser is the primary workspace, making it a security priority: With over 85% of daily work conducted through web browsers, securing browser-based activities has become critical. Majority of organisations worldwide are facing a rise in cyber threats, with 95% of businesses reporting browser-based attacks. Even among those with significant security measures in place, 86% still experienced security incidents, emphasising the need for secure browser solutions.
• BYOD and unmanaged devices pose growing risks: The widespread use of personal devices for work, particularly in SME and startup sectors, has led to an increase in policy violations. The majority (98%) of organisations reported security breaches linked to BYOD usage, and more than half feel unprepared to handle threats from unmanaged devices.
• Security investments remain insufficient: Despite increased cybersecurity spending, no organisation—whether in APAC or globally—achieved full security coverage across all devices. Even those with 100% security coverage in certain areas still faced cyber incidents, highlighting persistent gaps and the need for ongoing innovation in cybersecurity.
• Stronger security measures required: With work-from-anywhere becoming the norm, businesses need to implement security strategies that accommodate distributed teams. This includes adopting Secure Access Service Edge (SASE) frameworks and browser security solutions to ensure secure access regardless of location.

Sarene Lee, Country Manager, Malaysia at Palo Alto Networks, said “As Malaysian organisations continue to embrace hybrid work and cloud-based applications, security must evolve to support both protection and productivity. Organisations must strike a balance—ensuring robust protection while allowing seamless access to the tools and devices that drive efficiency and innovation. By integrating strong protection seamlessly into workflows and fostering a security-first culture, organisations enable employees to work confidently and productively without compromise.”

As Malaysia accelerates its digital transformation, organisations must prioritise secure browser technology, enhanced SaaS security, and SASE-based network protection. Given the increasing adoption of hybrid work models and cloud solutions, companies need robust cybersecurity frameworks to safeguard their workforce and business operations.

The findings underscore the urgency for organisations to rethink their security strategies, ensuring that technology adoption does not outpace their ability to mitigate cyber risks.