CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom
Flux result 33d63835 97ae 4eb9 8f25 c62cb1e6c92a
#
Data Protection
#
DR
#
Cloud Security

Keepit survey finds gap in AI disaster recovery plans

Wed, 22nd Apr 2026 (Yesterday)
Author image
By Catherine Knowles, News Editor

Keepit has published survey findings that point to a gap between organisations' confidence in AI-related disaster recovery plans and how often those plans are tested. The study surveyed 301 IT decision-makers across six countries.

The results suggest many companies believe they are prepared for failures involving agentic AI systems, even though fewer have materially revised their recovery processes as AI use expands. According to the survey, 94% of respondents were confident their current disaster recovery plans covered scenarios involving agentic AI, but only 41% said they had significantly changed their approach to disaster recovery planning in response to faster AI adoption.

Testing emerged as a central weakness. Just 32% of respondents said they test disaster recovery plans every month, despite the high confidence levels reported in the survey.

The findings also highlighted governance concerns as organisations adopt AI tools more widely. A third of IT and security leaders said they had only partial control over the use of agentic AI in their organisations, suggesting oversight has not kept pace with deployment.

Another measure pointed to uncertainty beneath the headline confidence figures. While 94% said their plans covered agentic AI scenarios, 52% also reported doubts about whether those plans were adequate for such incidents.

Recovery Gap

The survey found that 56% of respondents place a high priority on protecting SaaS data and disaster recovery when implementing AI solutions. Even so, that priority has not always translated into more frequent testing or broader changes to recovery planning.

That matters because AI systems can create tighter links between applications, data sets and automated processes. In practice, a fault in one system can spread quickly to others, increasing the importance of knowing which services must be restored first and who is responsible for making those decisions.

"Organisations need to put more emphasis on creating long-term, structured and tested disaster recovery plans. This also means putting a spotlight on data governance and accountability, which is the foundation for any resiliency plan," said Kim Larsen, Group Chief Information Security Officer at Keepit.

"It all boils down to knowing who is in charge of recovery and which systems are restored first when multiple systems are affected. When decisions are delayed, recovery takes longer than necessary," Larsen said.

Identity Risks

Keepit also highlighted identity and access management as a particular issue in AI deployment. Recovery testing for identity systems remains far less common than testing for productivity systems, even though identity platforms control access to many other applications.

That imbalance could leave companies exposed during an outage or cyber incident. If identity services are unavailable, staff may be unable to access other SaaS tools needed for operations or recovery work.

Larsen said, "One of the challenges faced in adopting agentic AI is adequately protecting identity and access management. The Keepit Annual Data Report 2026 showed that restoration of identity systems is tested four times less often than restoration of productivity systems, highlighting a lack of recovery maturity. This is particularly concerning for identity applications which are critical to managing agentic AI. Losing access to identity systems can cut off access to all other SaaS applications and bring operations to a halt, making it paramount to protect them."

The survey was conducted online by Foundry and covered respondents in Australia, France, Germany, New Zealand, the UK and the US. Participants were IT decision-makers involved in networking, security, and decisions around AI services and platforms.

For Keepit, the results support the argument that backup alone is not enough if businesses have not verified that they can restore systems under realistic conditions. The data suggests a distinction between having recovery plans on paper and showing those plans work when AI-linked dependencies complicate an incident.

The figures also indicate that the spread of agentic AI is putting pressure on established approaches to resilience. Companies appear willing to rank SaaS data protection as a priority, but many still lack a regular testing regime and clear governance over where AI is being used.

In that environment, the gap between confidence and validation may become harder to ignore, particularly where identity systems sit at the centre of access to critical SaaS applications. Only 32% of respondents conduct monthly testing of disaster recovery plans.

Related stories
Talos flags KelpDAO rsETH exploit as major DeFi shock
KPMG & Google Cloud launch AI agents for regulated sectors
Exclusive: Google sees success with niche AI playbooks
Backbase launches AI-native banking OS to unify frontline
Council data breaches rise 53% in five years, study finds

Top stories

Klarus launches AI consultancy to fix weak returns
Ant International upgrades Alipay+ with privacy tech
SAS & Notilyze aid FairClimateFund carbon tracking
Manhattan adds AI agents & fulfilment tools for retailers
Geotab: Now's the time to get a grip on fuel consumption