your employer's IT department

The cyber unit within IT is more likely, those ones are besotted with ticking compliance checkboxes, the delegation of responsibility and a game of musical chairs at any cost.

It is even more likely that IT was at loggerheads with cyber, but nowadays cyber seems to be able to trump everything and everyone.

This is a management move. IT probably wasn't in the loop, since this effectively reduce the responsibilities of IT in terms of compliance.

And especially their auditors

I work in a customer-facing role for a similar product. The handful of customers that asked about kernel modules / drivers saw it as a plus not a con.

I complained specifically about that and they bounced it back to me like this was safe and cannot use the machine as I want.

A business that is party to a contract that requires the use of such software.