Skip to content

Research: Asian Enterprises are Advancing AI without Necessary Resilience Strategies in Place

Multi-country study reveals organisations across Asia are embracing agentic AI, but gaps in identity resilience, AI governance, and cyber recovery readiness are increasing operational risk

Media Contact: Investor Relations Contact:
Kevin Komiega
Commvault
978-834-6898
kkomiega@commvault.com
Michael J. Melnyk, CFA
Commvault
646-522-6160
mmelnyk@commvault.com

SINGAPORE, July 1, 2026 – Commvault (NASDAQ: CVLT), a leader in unified resilience at enterprise scale, today released new research revealing that organisations across Asia are rapidly deploying agentic AI into enterprise operations, but many remain unprepared to secure, govern, and recover increasingly autonomous environments, creating a growing disconnect between AI ambition and operational readiness.

The State of Data Resilience Asia 2026 report, commissioned by Commvault and conducted by Omdia, surveyed more than 1,200 organisations across Singapore, Indonesia, Hong Kong, Korea, Malaysia, Thailand, Vietnam, and the Philippines. The findings show that nearly all organisations in Asia plan to increase AI investment in 2026, while more than one third are already trialling or deploying agentic AI across IT, cybersecurity, and business operations.

Indonesia, Thailand, and Hong Kong are among the regional leaders in agentic AI adoption, with organisations deploying AI across cybersecurity, data protection, and business operations. The momentum reflects broader market growth, with Asia Pacific AI spending projected to reach US$175 billion by 2028.1

However, resilience capabilities are not keeping pace with AI adoption, leaving organisations increasingly exposed to evolving cyber threats.

“Asia’s AI ambition is undeniable,” said Martin Creighan, Vice President, Asia Pacific, Commvault. “But as autonomous systems become part of how organisations operate, resilience can no longer sit on the sidelines. Organisations need a new posture entirely, one where recovery isn’t a backup plan, but how the modern business runs.”

The challenge begins after deployment

As organisations deploy more AI agents, machine accounts, applications, APIs, and automated workflows, the number of non-human identities accessing critical systems continues to grow. Machine identities now outnumber human identities by as much as 82 to 1 globally,2 yet most resilience strategies remain heavily human centric as the research shows.

While 73% of organisations have incorporated human identities into cyber resilience planning, only 34% have extended those strategies to non-human identities. The gap is particularly pronounced in Korea (22%), Hong Kong (23%), and Malaysia (28%), with 78% of organisations admitting agentic AI is increasing the complexity of identity management and resilience operations, creating new security and recovery challenges.

The research also found governance gaps, with only 42% of organisations conducting comprehensive security, governance, and compliance reviews before AI deployment, leaving fewer than half confident in detecting compromised or non-compliant AI systems.

For the third consecutive year, the research found that recovery expectations remain misaligned with operational reality across Asia. While business leaders expect operations to resume within five days of a cyber incident, the average recovery time remains 28 days. At the same time, only 23% of organisations said they were able to maintain operations without disruption during an incident, while most were forced to operate in a degraded or limited state.

“AI is collapsing the gap between exposure and impact,” commented Gareth Russell, Field CTO, Security, Asia Pacific, Commvault. “When attack surfaces can be mapped overnight and vulnerabilities emerge faster than organisations can respond, the question isn’t whether organisations get hit. It’s whether they can continue operating when they do.”

About research methodology

TRA (now part of Omdia) conducted an independent quantitative market survey of 1,234 organisations across Singapore, Indonesia, Hong Kong, Korea, Malaysia, Thailand, Vietnam, and the Philippines, with respondents from CIO/CISO, IT leader, IT decision maker and direct reports.


1. IDC. (2025). IDC Worldwide AI and Generative AI Spending Guide. https://my.idc.com/getdoc.jsp?containerId=prAP53348125

2. CyberArk. (2025). 2025 Identity Security Landscape. https://www.cyberark.com/threat-landscape/


About Commvault
Commvault (NASDAQ: CVLT) is a leader in unified resilience at enterprise scale. In a constantly evolving threat landscape, Commvault keeps customers ready by unifying data security, identity resilience, and cyber recovery, on one cloud-native, AI-enabled platform. Customers trust Commvault to conduct the fastest, most complete recoveries – not just their data, but their entire business. Purpose-built for the agentic enterprise, Commvault also enables organizations to safely embrace AI while protecting against AI-driven threats.

More related posts


gartner-MQ-2026-888×500

Commvault Named a Leader for the 15th Consecutive Time in the Gartner® Magic Quadrant™ for Backup and Data Protection Platforms

Read more about Commvault Named a Leader for the 15th Consecutive Time in the Gartner® Magic Quadrant™ for Backup and Data Protection Platforms
handshake-crocus-888×500

Commvault Signs Multi-Year Strategic Partnership with Microsoft

Read more about Commvault Signs Multi-Year Strategic Partnership with Microsoft
Las-Vegas-Nevada-NV

Commvault Brings AI-Enabled Cyber Resilience to Pure Accelerate 2026

Read more about Commvault Brings AI-Enabled Cyber Resilience to Pure Accelerate 2026