Use of information technology systems, devices, software, applications and services without the explicit organizational approval
Use of personal device for work, Installation of unapproved software, Use of cloud services not approved by organization
Mainly occurs because the organizations security posture is being set too high for business operations to occur without negative impact