IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Asia firms adopt agentic AI faster than resilience

Asia firms adopt agentic AI faster than resilience

Wed, 1st Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Commvault has published research on AI adoption and cyber resilience among enterprises in Asia, finding a gap between the rising use of agentic AI and preparedness to secure and recover those environments.

The report is based on a survey of 1,234 organisations across Singapore, Indonesia, Hong Kong, Korea, Malaysia, Thailand, Vietnam and the Philippines, conducted by Omdia. It found that nearly all respondents plan to increase AI investment, while more than a third are already trialling or deploying agentic AI across IT, cybersecurity and business operations.

Indonesia, Thailand and Hong Kong were among the strongest adopters in the region. The findings point to a broader shift in how companies are introducing autonomous systems into day-to-day operations, even as controls around those systems remain uneven.

Identity gaps

A central issue highlighted in the research is the growth of non-human identities such as machine accounts, applications, APIs and automated workflows. As AI systems spread, these identities are gaining broader access to critical systems, but resilience planning has remained focused largely on people rather than software-driven actors.

The survey found that 73% of organisations have incorporated human identities into cyber resilience planning, but only 34% have done the same for non-human identities. The shortfall was more pronounced in Korea, at 22%, Hong Kong, at 23%, and Malaysia, at 28%.

It also found that 78% of organisations believe agentic AI is increasing the complexity of identity management and resilience operations. This suggests many companies are facing new operational and security pressures as they add autonomous tools without making equivalent changes to oversight and recovery planning.

Martin Creighan, Vice President, Asia Pacific, Commvault, said the pace of AI uptake has created a clear operational challenge. "Asia's AI ambition is undeniable. But as autonomous systems become part of how organisations operate, resilience can no longer sit on the sidelines. Organisations need a new posture entirely, one where recovery isn't a backup plan, but how the modern business runs," Creighan said.

Governance shortfall

The survey also found weaknesses in governance before AI systems are put into use. Only 42% of organisations said they conduct comprehensive security, governance and compliance reviews before deployment.

According to the findings, that leaves fewer than half confident in their ability to detect compromised or non-compliant AI systems. In many cases, deployment is moving ahead faster than the internal processes designed to assess risk, accountability and policy compliance.

The data also showed a continuing mismatch between expectations after a cyber incident and actual recovery performance. For the third year running, business leaders expected operations to resume within five days, yet the average recovery time reported in the study was 28 days.

Only 23% of organisations said they were able to maintain operations without disruption during an incident. Most said they had to continue in a degraded or limited operating state, underlining how resilience planning often falls short once an attack or system failure affects core business activity.

Operational strain

The findings come as AI spending across Asia Pacific continues to rise, with the regional market projected to reach USD $175 billion by 2028, according to data cited in the research. That growth is likely to increase pressure on technology and security teams as businesses expand the use of autonomous systems in production environments.

Gareth Russell, Field CTO, Security, Asia Pacific, Commvault, said organisations have a narrowing window to respond to threats as AI changes the pace of exposure. "AI is collapsing the gap between exposure and impact. When attack surfaces can be mapped overnight and vulnerabilities emerge faster than organisations can respond, the question isn't whether organisations get hit. It's whether they can continue operating when they do," Russell said.

The respondent base included Chief Information Officers, Chief Information Security Officers, IT leaders, IT decision-makers and their direct reports. Across the eight markets surveyed, the results point to a common pattern: AI adoption is moving quickly, while resilience, governance and recovery measures are advancing more slowly.

One of the clearest findings was the scale of the gap between recovery expectations and actual performance, with organisations taking an average of 28 days to recover despite leadership expecting a return to normal operations within five days.