Commvault has warned that organisations across Australia and New Zealand are embracing AI at speed, but many remain unprepared to manage the cyber resilience and governance risks that come with it.
New findings from Commvault’s State of Data Resilience – Australia and New Zealand, 6th Edition (2026) report show AI investment is accelerating rapidly, with more than one-third of organisations increasing AI spending by over 25 per cent this year.
At the same time, over 30 per cent of surveyed organisations are already deploying or trialling agentic AI technologies across hybrid and multi-cloud environments. Commvault said this is creating new operational complexity as AI agents increasingly interact with enterprise data, identities, and infrastructure.
The report found that data estates across ANZ organisations have expanded by 30 per cent year-on-year, driven largely by AI adoption. However, many businesses are struggling to keep governance and resilience controls aligned with the pace of deployment.
While the number of organisations implementing policies for AI-generated data and content has more than doubled – rising from 29 per cent to 66 per cent in a year – the report suggests policy creation alone is not enough to mitigate risk.
Among the key findings:
- Fifty-eight per cent of respondents said they lacked strong confidence in responding when AI systems operate outside established guardrails
- Only one-third had completed rigorous security and governance assessments prior to AI deployment
- Just 36 per cent had incorporated AI agents into broader resilience planning initiatives
Martin Creighan said the rapid rise of AI is fundamentally changing how organisations manage data and resilience.
“AI is now central to how organisations operate but its value depends on the integrity of data behind it,” he said.
Commvault said organisations are currently prioritising explainability and transparency in AI systems ahead of more foundational resilience capabilities. According to the research, explainability ranked as the top priority at 22 per cent, while integration, scalability, and automated incident response ranked significantly lower.
Gareth Russell said resilience strategies must move beyond traditional backup and recovery approaches.
“Recovery isn’t just about restoring data anymore,” Russell said. “It’s about restoring systems, configurations, dependencies and operational trust across increasingly dynamic AI-driven environments.”
The survey was conducted independently by TRA, now part of Omdia, and included responses from 411 organisations across Australia and New Zealand.
