Software-as-a-service (SaaS) data protection is seen as a high priority when implementing AI solutions – but a survey of senior IT decision-makers has revealed a gap between perceived readiness and tested, validated disaster recovery capability.
This is among the findings from Keepit’s new survey, “Peer insights on AI adoption and the disaster recovery gap”.
Key findings from the poll include:
- 94% of respondents say they’re confident their current disaster recovery plan covers scenarios involving agentic AI systems.
- 33% of IT and security leaders say they have only partial control over the use of agentic AI in their organisations.
- 56% of respondents place a high priority on protecting SaaS data and disaster recovery when implementing AI solutions.
- Only 41% of respondents have significantly changed their approach to disaster recovery planning due to accelerated AI adoption.
- 32% of respondents conduct monthly testing of disaster recovery plans.
This underscores that, while 94% of survey respondents say they are confident their disaster recovery plans cover agentic AI systems, only 32% test those plans on a monthly basis.
This gap between confidence and validation raises concerns about organisations’ true ability to recover when failures occur – especially as AI-driven automation increases system interdependencies and accelerates the spread of errors.
Governance and testing lag AI adoption
The implementation of AI raises the bar for governance and recovery planning — and the survey showed that many organisations haven’t evolved their disaster recovery approach accordingly.
The survey revealed that 33% of IT and security leaders say they have only partial control over the use of agentic AI in their organisations, and 52% have doubts about whether their recovery plans cover agentic AI scenarios.
Only 41% of respondents say they have significantly changed their approach to disaster recovery as a result of AI adoption.
“Organisations need to put more emphasis on creating long-term, structured and tested disaster recovery plans. This also means putting a spotlight on data governance and accountability, which is the foundation for any resiliency plan,” says Kim Larsen, group CISO at Keepit.
“It all boils down to knowing who is in charge of recovery and which systems are restored first when multiple systems are affected. When decisions are delayed, recovery takes longer than necessary.”
Building confidence in recovery
Confidence in recovery is built through regular testing.
The survey showed a gap between confidence and tested recovery capability: While backup is common, recovery capability is less consistently understood, tested, or validated.
These findings are backed up by the Keepit Annual Data Report 2026 that showed recovery practices remain a work in progress for many, especially smaller, organisations.
“One of the challenges faced in adopting agentic AI is adequately protecting identity and access management,” Larsen point out.
“The Keepit Annual Data Report 2026 showed that restoration of identity systems is tested four times less often than restoration of productivity systems, highlighting a lack of recovery maturity.
“This is particularly concerning for identity applications which are critical to managing agentic AI: losing access to identity systems can cut off access to all other SaaS applications and bring operations to a halt – making it paramount to protect them.”