The fifth edition of the State of Data Readiness in ANZ report, a Tech Research Asia Insights Report commissioned by Commvault, offers a critical look into the current landscape of data management, cybersecurity, and regulatory pressures faced by organisations in Australia and New Zealand (ANZ).
Based on research from 408 companies across the region, the report uncovers key trends and stark realities about how businesses are coping with an increasingly complex digital environment. Given we often look at research findings on a global scale, it is particularly valuable to have a local perspective on data readiness.
While data growth rates have seen a slight easing, the challenges surrounding data management, security, and recovery have intensified. Here are some of the standout insights from the report.
The Data and Regulatory Environment: A Tangled Web
Organisations are grappling with sprawling data estates and a tightening web of regulations.
- Slowing growth, persistent sprawl: The annual data growth rate in ANZ has marginally slowed from 28% last year to 27% this year. A majority, 62%, continue to operate in blended (multi- or hybrid cloud) data environments, and this is projected to increase to 71% by 2026.
- Confidence gap: A concerning number of organisations lack confidence in their ability to restore business operations after a breach, with 54% of Australian and 63% of New Zealand businesses feeling unprepared.
- Regulatory complexity: The regulatory landscape is becoming more difficult to navigate. Fifty-five percent of Australian and 53% of New Zealand companies are now required to maintain data copies in separate cloud environments for resiliency. Furthermore, more than a third of organisations face conflicting data regulations across different geographies.
- The rise of AI regulation: AI-specific compliance is a growing concern, with 28% of companies already subject to such regulations and another 40% expecting to be within the next year.
The AI Paradox: High Adoption Despite High Risk
Enthusiasm for AI is strong, yet it’s coupled with significant security concerns.
- Risk vs. reward: While 73% of ANZ organisations are using business-focused AI solutions, 68% of them believe this adoption increases the likelihood of a cybersecurity breach.
- Lack of due diligence: A significant 63% of organisations admitted to not conducting thorough and extensive security audits of their AI tools before deployment.
- Policy deficit: Only 29% of companies have comprehensive policies in place to protect the data and content generated by AI solutions.
Recovery: A Disconnect Between Expectation and Reality
The gap between business leaders’ recovery expectations and the on-the-ground reality for IT teams remains a major issue.
- The expectation-reality gap: Eighty percent of business leaders expect to recover from a cybersecurity incident within five days. However, the stark reality is that it takes an average of four weeks to restore a minimal level of business operation.
- Ransomware’s reach: Seventy percent of ANZ organisations have received a ransomware demand, and of those, 20% admitted to paying it. Interestingly, of the companies with a stated “no payment” policy, 15% still ended up paying the ransom when faced with an actual attack.
- The power of experience: The report reveals a fascinating insight: Experience is a harsh but effective teacher. Companies that have been breached are 1.5 times more likely to conduct thorough reviews of AI tools and twice as likely to test all mission-critical workloads as part of their incident response plans. Conversely, companies that have not been attacked are 1.5 times more likely to believe they can recover within a single day.
The 2025 State of Data Readiness report underscores a challenging environment for ANZ organisations. From regulatory hurdles to the double-edged sword of AI and the persistent disconnect in recovery expectations, the path to true cyber resilience is complex.
To gain a deeper understanding of these findings, download the full report.
