Study: Enterprises State They Are Ready for Agentic AI Failures, but Couple Of Test Recovery Typically
Most business companies state they are ready to recover from interruptions involving agentic AI, however a brand-new study of more than 300 IT decision-makers from Australia, New Zealand, Europe, the United Kingdom, and the United States recommends relatively couple of test those plans often enough to prove it.
The study, carried out by Keepit, a vendor-independent cloud backup and recovery service based in Denmark, discovered that 94% of participants were positive their catastrophe recovery prepares covered agentic AI systems, even though just 32% said they tested those strategies regular monthly.
Perhaps more worrying, 33% of IT and security leaders reacting to the study said they have just partial control over using agentic AI in their organizations, and 52% had doubts about whether their healing prepares cover agentic AI situations.
“Organizations require to put more emphasis on developing long-term, structured, and tested catastrophe recovery strategies,” stated Kim Larsen, Group Chief Information Gatekeeper at Keepit, in a statement. “This also suggests putting a spotlight on data governance and accountability, which is the structure for any resiliency strategy.”
Among the essential findings were that a lot of companies were evaluating healing, however not regularly. Around 90% have actually evaluated massive data recovery a minimum of as soon as; nevertheless, testing is not frequent or methodical across all systems.
Moreover, a vital part of IT, access and authentication, was typically ignored in recovery preparation. Identity-related systems, such as Microsoft’s Entra ID and Confluence’s Okta, are tested far less often than other information systems.
Compared to productivity applications such as Microsoft 365, Google Office, and Salesforce, Keepit discovered that, on average, productivity applications are brought back four times as regularly as identity applications.
“For every four companies who run a yearly test on their efficiency work, just one of them (25%) will have run a test on their identity applications,” the report stated.
The survey likewise discovered that many bring back activity involves single-file downloads, showing routine operational needs rather than large-scale healing events. Numerous events are granular, making it quicker and more practical to recover a specific file.
The report’s authors noted that backup produces worth when organizations can recover confidently, properly, and efficiently, whether the requirement is small and instant or broad and time-critical. Likewise, restore activity is strong among larger companies.
The report’s authors stated their goal was to identify whether external, high-profile events caused any modifications in remediation habits. Keepit examined two such occasions in 2024 and one occasion in 2025 that might have caused information loss or unavailability: the solar flares in May 2024, the CrowdStrike occurrence in July 2024, and the Microsoft failures in October 2025.
The results were worrying because none of these occasions prompted any change in user behavior. There was no sign of increased activity to verify that backups were working in the days and weeks following the events.
Two theories are proposed in the report regarding behavior. Initially, organizations did not experience extensive, immediate remediation needs as a direct outcome of these occasions; 2nd, the outcomes likewise suggest that “awareness moments” do not immediately equate into changes in recovery regimens.
The service, according to the report’s authors, is to be proactive instead of reactive to comparable occasions. “Organizations can utilize external occasions as structured triggers for guided recovery checks– brief, repeatable validations that reinforce confidence without requiring massive, disruptive exercises,” the report noted.
They also suggested carrying out “directed recovery” enabled by MCP (Design Context Protocol), which unlocks to “asking for aid” in the minute that matters.
Additionally, an MCP-enabled assistant can help recognize unhealthy tenants or suspicious patterns in safeguarded information and guide administrators through the right recovery steps, turning healing into a workable, repeatable procedure.
“Everything boils down to knowing who is in charge of healing and which systems are restored initially when numerous systems are affected,” Larsen said. “When choices are postponed, recovery takes longer than needed.”
The full report is readily available here on the Keepit website (registration needed).