LONDON, June 25, 2026 /PRNewswire/ -- Inside most large organisations today, an AI agent is making decisions, accessing data and taking actions that nobody is fully tracking. Not because leaders are unaware; 90% say they are deploying agents faster than their security teams can evaluate or govern them, but because competitive pressure to adopt agents outpaces the infrastructure to control them. New research from Economist Enterprise, developed as part of its Tech Frontiers initiative and supported by Rubrik, puts a number against the consequences: 98% of organisations have already experienced a disruptive agent-related incident and nine-in-ten expect more regardless of the safeguards put in place.
In the agentic era, failure is inevitable
The study, Power without control: Rethinking cybersecurity for the age of agentic AI, draws on a global survey of more than 800 business decision-makers across nine countries, all of whom operate AI agents in live environments. Its central finding is unambiguous: disruption is no longer a risk to be prevented, it is a reality to be managed. 88% of respondents believe that agents introduce fundamentally new types of risk that existing controls were not designed to manage, yet deployment continues to accelerate.
When, not if, incidents occur, the consequences reach far beyond IT. Leaders identify regulatory fines, supply chain disruption, revenue loss and reputational damage as the four business areas most vulnerable to agent-related incidents. Agentic risk is a business problem, not a technology problem.
The illusion of preparedness
Awareness of agentic risk is widespread, but readiness tells a different story. Two-thirds of organisations lack full visibility into their AI agents, leaving most unable to detect, contain or reverse failures when they occur.
The gap between confidence and capability runs deeper still: while 95% of organisations have recovery time targets, nearly half of those targets remain informal or loosely defined, creating a false sense of readiness when incidents actually occur. Just 30% have robust, fully tested rollback capabilities and 43% report that their recovery processes do not cover all agents or incident types.
The problem extends to the boardroom. Only one in four organisations regularly reports cyber recovery performance to senior leadership, leaving boards to make consequential decisions about AI investment without visibility into whether the organisation can actually recover when something goes wrong.
"Two thirds of organisations cannot tell you what their agents did five minutes ago. When an incident unfolds at machine speed, that is not an inconvenience, it is the difference between containment and catastrophe. We are deploying autonomous systems faster than we are building the means to understand them," said Kavitha Mariappan, Chief Transformation Officer, Rubrik.
Security spending hasn't caught up with reality
The investment picture compounds the problem. Despite near-universal incidents and widespread acknowledgement that more incidents are coming, organisations continue to allocate the majority of their cybersecurity budgets to prevention rather than response and recovery - 55% versus 45% today - and leaders expect this imbalance to persist until 2030.
"For decades, cybersecurity has focused on keeping external threats out. Agentic AI fundamentally changes that paradigm. As risk moves inside organisations, fortifying the walls is no substitute for fixing the foundations," said Vaibhav Sahgal, principal of technology at Economist Enterprise, who led the research programme. "Disruption must now be assumed. Leaders should move beyond asking how to prevent it, and instead ask how prepared their organisation is to contain the impact and recover quickly when disruption occurs."
Three capabilities define cyber resilience in the agentic era
The research points to three capabilities that separate resilient organisations from those that will be scrambling when incidents occur:
- First, full observability. Organisations cannot control what they cannot see, yet two-thirds lack visibility into their agents. Without it, detection, containment and recovery become guesswork.
- Second, rapid response and recovery. When incidents move at machine speed, the window to contain them is measured in minutes, not hours or days. The study found that only 30% of organisations have robust, tested capabilities to roll back harmful agent actions.
- Third, regular testing and validation. Having a recovery plan is not enough. Of the 73% of organisations that have defined their minimum viable business configurations, fewer than half test them regularly, leaving their ability to respond unproven under pressure.
The research will be discussed today in the opening keynote at Rubrik FORWARD EMEA conference. Read the full report: Power without control
About Economist Enterprise
Economist Enterprise is the arm of The Economist Group that provides services to businesses, government agencies and financial institutions. Its work is grounded in The Economist Group's values of independence, integrity and progress. Economist Enterprise gives organisations the tools to make better decisions, take confident action and demonstrate leadership on a global stage.
Find out more about Economist Enterprise: https://www.economistgroup.com/press-centre/the-economist-group/the-economist-group-launches-economist-enterprise
About Rubrik
Rubrik (NYSE: RBRK), the Security and AI Operations Company, leads at the intersection of data protection, cyber resilience, and enterprise AI acceleration. Rubrik Security Cloud delivers complete cyber resilience by securing, monitoring, and recovering data, identities, and workloads across clouds. Rubrik Agent Cloud accelerates trusted AI agent deployments at scale by monitoring and auditing agentic actions, enforcing real-time guardrails, fine-tuning for accuracy and undoing agentic mistakes. For more information, please visit www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.
About the research
Power without control: Rethinking cybersecurity for the age of agentic AI is an Economist Enterprise study, developed as part of its Tech Frontiers initiative, and supported by Rubrik. The study surveyed 804 business decision makers (VP+) at organisations with at least US$500m in annual revenue across Australia, France, Germany, India, Italy, Japan, Spain, the UK and the US between December 2025 and January 2026. All respondents have AI agents currently operating in their systems.
Explore the research:
https://insights.economistenterprise.com/technology-innovation/ctrlz
View original content:https://www.prnewswire.co.uk/news-releases/ai-agents-are-breaking-things-and-organisations-know-it-they-are-deploying-more-anyway-302810522.html
