Organizations across Asia are embracing agentic AI, but gaps in identity resilience, AI governance, and cyber recovery readiness are increasing operational risk.
New research has revealed that organisations across Asia are rapidly deploying agentic AI into enterprise operations, but many remain unprepared to secure, govern, and recover increasingly autonomous environments, creating a growing disconnect between AI ambition and operational readiness.
The State of Data Resilience Asia 2026 report, commissioned by Commvault and conducted by Omdia’s Tech Research Asia, surveyed more than 1,200 organizations across Singapore, Indonesia, Hong Kong, Korea, Malaysia, Thailand, Vietnam, and the Philippines.
The findings show that nearly all organizations in Asia plan to increase AI investment in 2026, while more than one-third are already trialling or deploying agentic AI across IT, cybersecurity, and business operations.
Indonesia, Thailand, and Hong Kong are among the regional leaders in agentic AI adoption, with organizations deploying AI across cybersecurity, data protection, and business operations. The momentum reflects broader market growth, with Asia Pacific AI spending projected to reach US$175 billion by 2028.
However, resilience capabilities are not keeping pace with AI adoption, leaving organisations increasingly exposed to evolving cyber threats.
“Asia’s AI ambition is undeniable,” said Martin Creighan, Vice President, Asia Pacific, Commvault. “But as autonomous systems become part of how organisations operate, resilience can no longer sit on the sidelines. Organizations need a new posture entirely, one where recovery isn’t a backup plan, but how the modern business runs.”
Challenge begins after deployment
As organizations deploy more AI agents, machine accounts, applications, APIs, and automated workflows, the number of non-human identities accessing critical systems continues to grow. Machine identities now outnumber human identities by as much as 82 to 1 globally, yet most resilience strategies remain heavily human-centric, according to the research.
While 73% of organizations have incorporated human identities into cyber-resilience planning, only 34% have extended those strategies to non-human identities. The gap is particularly pronounced in Korea (22%), Hong Kong (23%), and Malaysia (28%), with 78% of organisations admitting agentic AI is increasing the complexity of identity management and resilience operations, creating new security and recovery challenges.
The research also found governance gaps, with only 42% of organizations conducting comprehensive security, governance, and compliance reviews before AI deployment, leaving fewer than half confident in detecting compromised or non-compliant AI systems.
For the third consecutive year, the research found that recovery expectations remain misaligned with operational reality across Asia. While business leaders expect operations to resume within five days of a cyber incident, the average recovery time remains at 28 days.
At the same time, only 23% of organizations said they were able to maintain operations without disruption during an incident, while most were forced to operate in a degraded or limited state.
“AI is collapsing the gap between exposure and impact,” commented Gareth Russell, Field CTO, Security, Asia Pacific, Commvault. “When attack surfaces can be mapped overnight and vulnerabilities emerge faster than organisations can respond, the question isn’t whether organisations get hit. It’s whether they can continue operating when they do.”
