TL;DR: A survey of 1,218 organisations across eight Asian markets found 40% average data growth, 63% multi-cloud or hybrid adoption, and 73% of respondents saying AI increases breach risk, according to Commvault and Tech Research Asia. Recovery confidence, regulatory consistency, and AI governance are now the real resilience tests.
NHIMG editorial — based on content published by Commvault: The State of Data Readiness in Asia, second edition
By the numbers:
- The average organisation in Asia saw its data grow by 40% in the last 12 months.
- A majority of companies, 63%, now operate in multi-cloud or hybrid cloud environments.
- 74% of Asian organisations currently use business-focused AI solutions.
Questions worth separating out
Q: How should organisations govern AI tools that touch sensitive data?
A: Treat AI tools as governed data pathways, not as isolated applications.
Q: Why do multi-cloud environments make recovery harder?
A: Multi-cloud environments fragment backup, access, and restoration authority across different control planes.
Q: What do security teams get wrong about AI risk?
A: Teams often focus on model behaviour while underestimating the governance around data access, storage, and onward sharing.
Practitioner guidance
- Reconcile recovery authority with identity ownership Document who can restore, decrypt, or rehydrate each critical dataset across cloud platforms, and verify that those permissions are reviewed alongside service account and workload access.
- Inventory AI-connected data paths Track where business AI tools ingest, generate, store, and forward sensitive data, including logs and downstream workflow systems, so access boundaries reflect actual data movement.
- Map regulatory obligations to specific controls Translate cross-border requirements into concrete rules for access, retention, evidence, and recovery, then assign each control to an accountable owner.
What's in the full report
Commvault's full report covers the operational detail this post intentionally leaves for the source:
- Country-by-country survey breakdowns across Indonesia, Hong Kong, Korea, Malaysia, Philippines, Singapore, Thailand, and Vietnam
- Detailed recovery benchmarks showing where organisations think they stand versus how long restoration actually takes
- Comparative findings on breach experience, ransom payment behaviour, and AI risk perception
- The underlying survey methodology and respondent profile behind the 1,218-company dataset
👉 Read Commvault's report on data readiness, AI risk, and recovery in Asia →
Data readiness in Asia: are recovery and AI controls keeping up?
Explore further
Recovery confidence is now an identity and governance problem, not a backup problem. The report shows a wide gap between what leaders expect after an incident and what organisations can actually restore. That gap usually appears when access, ownership, and recovery permissions are not governed as tightly as the data itself. The implication is that resilience programmes must treat restoration authority as part of the identity model, not as a separate ops concern.
A few things that frame the scale:
- 60% of NHIs are being overused, with the same NHI utilised by more than one application, increasing the risk of widespread compromise if exposed, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches, according to the same research.
A question worth separating out:
Q: Who should own recovery readiness in a hybrid cloud programme?
A: Recovery readiness should be shared across infrastructure, IAM, security, and resilience owners, because restoration depends on access rights as much as on backups. The right question is not who owns the backup, but who can actually restore data, validate integrity, and prove the result under incident conditions.
👉 Read our full editorial: Asia data readiness lags AI adoption, cloud complexity and recovery