AGP Picks
View all

Mauritius Business Review
Provided by AGP

NordLayer research reveals 82% of IT professionals report their organization experienced a web-based security incident

NEW YORK, May 28, 2026 (GLOBE NEWSWIRE) -- NordLayer, a toggle-ready network security platform for business, released the Why Browser Security Can’t Wait: Web-based Threats Report 2026. The findings show that as work applications increasingly shift to the browser, attackers are shifting with them — 82% of surveyed IT professionals report their organization experienced a web-based security incident in the past year, with half describing the impact as moderate or severe.

Organizations that experienced significant-impact incidents follow distinct patterns: They more often allow bring-your-own-device (BYOD) policies (85% vs. 60% overall), have employees who primarily use their own devices (51% vs. 31%), rely more extensively on SaaS tools (56% vs. 31%), and have established fully or primarily remote work policies (35% vs. 17%).

Andrius Buinovskis, cybersecurity expert at NordLayer, says that while businesses implement these trends for efficiency and scalability, the lack of proper guardrails can create a recipe for disaster.

“BYOD, remote work, and extensive SaaS use expand the company’s attack surface and increase shadow IT,” says Buinovskis. “Without proper security guardrails, these environments can become a breeding ground for malware infections, accidental data leaks, insider threats, and sophisticated phishing attacks.”

Expectations vs. reality

Despite frequent incidents, 73% of IT professionals say their organization is well prepared — yet their own responses tell a different story. Coverage is modest and uneven: Data loss prevention (DLP) tools lead at just 53%, with other browser security controls trailing below that mark. Nearly all IT professionals report that their organizations are concerned about web-based threats (98%), and most expect escalation — 81% foresee greater sophistication and 73% anticipate more incidents over the next few years.

“There’s a clear gap between recognizing the threat and knowing how to address it,” says Buinovskis. “Concern is high, but awareness of which controls actually solve browser-specific risks is low. Much of the initial confidence most likely comes from having general security controls in place, yet they rarely adequately cover risks in the browser.”

NordLayer’s analysis of 504 unique, highest rated and most reviewed applications listed on 51 unique software categories on Gartner® Peer Insights™, a community-driven software review platform, found that 100% of the applications were browser accessible and 78.8% were browser only (Full methodology located here). Meanwhile, data analyzed by NordLayer and NordStellar, a threat exposure management platform, shows that infostealer malware harvested around 1.8 million credentials and nearly 68.8 billion cookies in 2025, peaking in November.

“Hackers don’t hack anymore, they just log in,” says Buinovskis. “Stolen cookies and credentials grant immediate access without raising alarm bells — a login looks legitimate. It’s low risk, high reward, and as reliance on web-based SaaS grows, so does the value of stolen data. Attackers will keep exploiting this until organizations secure the browser as a critical boundary.”

Practical steps to protect the browser

Buinovskis highlights three priorities for organizations looking to strengthen browser security.

1. Establish observability. Security administrators need visibility into what SaaS tools employees are using, what browser extensions are installed, and whether employees are visiting malicious or unauthorized websites. This minimizes shadow IT and reduces the risk of accidental malware downloads or data exposure.

2. Proactively block threats. Use domain name system (DNS) filtering to block access to malicious content or specific website categories like AI tools or gambling, and deploy data loss prevention (DLP) tools to restrict file uploads, downloads, and copy/paste functions — especially where employees handle personal or financial data.

3. Adopt a zero-trust approach. “Trust can’t be considered inherent — every user needs to be verified,” says Buinovskis. “Applying zero trust allows security administrators to implement network segmentation at the browser level, ensuring employees only access necessary resources and infiltrators are denied entry.”

To read the full Why Browser Security Can’t Wait: Web-based Threats Report 2026, please visit: https://nordlayer.com/browser-research-report/.

Methodology

The Why Browser Security Can’t Wait: Web-based Threats Report 2026 combines three components: an analysis of 504 highest rated and most reviewed work applications (applications discovered on Gartner® Peer Insights™ and analyzed by NordLayer using vendors’ public information in February 2026); an analysis of infostealer-stolen data from Telegram channels (January 2024–February 2026); and a survey of 405 US cybersecurity IT professionals conducted by Cint (February 8–18, 2026). The full methodology is available on page 22 of the report, located here: https://nordlayer.com/browser-research-report/.

Disclaimer:
Gartner and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

ABOUT NORDLAYER

NordLayer offers reliable connection, protection, threat detection, and response for businesses needing strong network security. Part of the cybersecurity powerhouse Nord Security, home to renowned products like the world-leading VPN service NordVPN, NordLayer is a trusted cybersecurity platform that integrates easily with any network and technology stack, all with unmatched support. In March 2026, NordLayer officially launched the enterprise browser NordLayer Browser. For more information: https://nordlayer.com/.

Contact
Inga Vaitkeviciute
inga@nordsec.com


Primary Logo

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Sign up for:

Mauritius Business Review

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.