A global survey of 804 business leaders, conducted by Economist Enterprise and supported by Rubrik, reveals a stark disconnect between awareness and readiness. While 88% of decision-makers acknowledge that agentic AI introduces risks their current controls cannot handle, internal infrastructure remains woefully inadequate. Two-thirds of organizations lack full visibility into their AI agents, rendering them unable to detect or reverse failures in real time.

This lack of oversight extends to the boardroom, where only one in four companies reports cyber recovery performance to senior leadership. Despite the near-certainty of future incidents, most organizations continue to prioritize prevention over recovery, funneling the bulk of their cybersecurity budgets toward keeping threats out rather than building the capacity to survive internal system failures. Kavitha Mariappan, Chief Transformation Officer at Rubrik, warns that when incidents occur at machine speed, the inability to track agent activity turns a manageable technical error into a catastrophic business event.

To bridge this gap, the research highlights three essential requirements: full system observability, rapid rollback capabilities, and rigorous, regular testing of recovery plans. Currently, only 30% of firms possess the ability to roll back harmful agent actions effectively. Without these foundations, leaders are essentially betting that their AI deployments will function flawlessly, despite overwhelming evidence to the contrary.