Here are five predictions offered by a global cybersecurity and data protection firm.
First, AI implementation and testing phases are slowly reaching fruition. Across the Asia Pacific region (APAC), AI-related investments are projected to grow around 1.7 times faster than overall digital technology spending, generating an estimated US$1.6tn in economic impact by 2027.
Next year, the most visible shift will be in AI assistants powering customer engagement, operations, and even cyber response. However, these systems will only be as trustworthy as the data they are trained on. Therefore, AI integrity will become a central pillar of resilience — with a major focus on organizations’ ability to trace, verify, and restore the truth in machine learning models.
We predict the emergence of the use of conversational interfaces to run resilience itself: Instead of navigating dashboards and scripts, teams will ask — in natural language – to protect a workload, check a policy, or validate recovery readiness across SaaS, multi-cloud, and hybrid environments. Resilience will begin to feel like an always-on, conversational control layer over critical services.
Cloud sovereignty, the new strategic frontier
Second, from India’s Data Protection Act to Singapore’s Digital Sovereignty Framework, cloud sovereignty will become the new strategic frontier next year and beyond. Analysts estimate roughly half of APAC enterprises will make sovereignty-based controls such as in-region infrastructure and data residency, a top criterion for cloud and AI platforms.
Sovereignty is about control and choice. In a multi-cloud, multi-region world, enterprises need the freedom to decide where data resides — while still maintaining visibility into under whose laws it sits, and how it can be recovered without crossing borders.
Architectures are becoming sovereignty-aware by default, with encryption, access policies, and compliance rules moving with the data, across borders and clouds.
When sovereignty is built into design, compliance becomes a competitive advantage, allowing organizations to innovate confidently within trusted boundaries.
Identity moves to the center of recovery
Third, as digital ecosystems become borderless, identity is replacing infrastructure as the perimeter of security. It is predicted that cyber resilient organizations will merge identity, data, and recovery policies into one continuous security fabric. Continuity is incomplete if identities remain corrupted. The ability to restore verified user integrity — not just restore systems — will become a cornerstone of operational assurance.
As AI starts talking to AI, this will matter even more: a trusted identity becomes the first checkpoint of safety, and recovery plans must prove that compromised identities have been reset, re-verified, and re-linked to clean data.
The rise of resilience-aware data rooms
Fourth, enterprises will recognize that AI initiatives stall not from lack of data, but from the inability to safely access and prepare the data they already have. Across APAC, studies suggest that data quality, security, and governance — not enthusiasm for AI — are the primary bottlenecks to scaling projects beyond pilots, with many organizations citing fragmented data estates and compliance concerns as the main reasons initiatives slow or stall.
Historical data will be reframed from “backup insurance” to a strategic intelligence asset, if activated responsibly. This will accelerate the rise of sovereign, resilience-aware data rooms: secure environments that connect governed backup data directly to AI platforms and data lakes without risky, ad hoc workflows.
By providing controlled, self-service access with built-in classification, lineage, and compliance, data rooms will be useful for turning protected data into clean, compliant, AI-ready fuel that can power analytics and AI without breaching local data protection rules.
Quantum readiness and new metrics for clean recovery
Fifth, while AI dominates today’s headlines, quantum computing defines tomorrow’s cryptographic risk. Post-quantum cryptography (PQC) readiness is now a resilience imperative.
Within a decade, data protected under today’s algorithms may be vulnerable to post-quantum decryption by malicious actors. Forward-looking enterprises are beginning crypto-inventory audits, deploying quantum-safe algorithms, and redesigning backup and recovery systems with cryptographic agility. For example, they will be trialing QKD and PQC over quantum-safe national networks, or working with telcos that offer quantum-safe national networks.
For heavily regulated sectors and high-IP manufacturers, that means treating crypto-agility as part of core resilience architecture today.
Ready for the year ahead?
The predictions above point to a year where governance, sovereignty, and resilience will be converging into a single mandate: proof of trust.
Boards will no longer accept assurances: they will expect evidence. Recovery metrics, audit trails, and cleanroom validations are becoming the language of accountability across highly regulated sectors worldwide.
As that shift continues, traditional measures such as Recovery Time Objective and Recovery Point Objective, will not be enough on their own, because they say little about whether restored data is truly trustworthy. New metrics beyond RTO and RPO, focused on data trustworthiness, may increasingly shape how APAC leaders judge whether their cyber resilience investments are working.
Objective, will not be enough on their own, because they say little about whether restored data is truly trustworthy. New metrics beyond RTO and RPO, focused on data trustworthiness, may increasingly shape how APAC leaders judge whether their cyber resilience investments are working.
By 2030, half of the region’s digital value will come from organisations that scale AI responsibly. That responsibility will rest on three pillars:
- Resilience: ensuring integrity across AI and data pipelines
- Sovereignty: retaining lawful control wherever data flows
- Quantum readiness: safeguarding today’s information against tomorrow’s threats
