98% of large enterprises have already had an AI agent incident. They're deploying more anyway.

An Economist Enterprise survey of 804 senior executives, released at Rubrik FORWARD EMEA, finds governance has fallen years behind rollout.

98% of large enterprises have already absorbed a disruptive incident caused by one of their own AI agents, and 9 in 10 expect more regardless of what safeguards they install. Those are the headline numbers from “Power without control: Rethinking cybersecurity for the age of agentic AI,” an Economist Enterprise report supported by Rubrik and launched Thursday in the opening keynote of Rubrik FORWARD EMEA in London.

The survey ran between December 2025 and January 2026, polling 804 VP-and-above decision-makers across nine countries at organisations with at least $500m in annual revenue. Every respondent already runs agents in production. This isn’t a sentiment study about the future; it’s a damage report from the present.

The governance gap is the story. 90% of leaders concede agents are being deployed faster than their security teams can evaluate or govern them. Two-thirds lack full visibility into what their agents are doing. Only 30% have a robust, fully tested rollback capability. 43% admit recovery processes don’t cover all agents or all incident types. Just one in four regularly reports cyber recovery performance to senior leadership.

“Two thirds of organisations cannot tell you what their agents did five minutes ago,” Kavitha Mariappan, Rubrik’s chief transformation officer, said in the keynote.

88% agree agents introduce fundamentally new categories of risk that existing controls weren’t built for, with exposed surfaces including regulatory fines, supply-chain disruption, revenue loss and reputational damage. Yet the budget posture hasn’t moved. Spending sits at 55% prevention to 45% response and recovery, a split respondents expect to hold through 2030. It’s the same ratio that defined perimeter-era security, applied to a problem that lives inside the perimeter.

“As risk moves inside organisations, fortifying the walls is no substitute for fixing the foundations,” said Vaibhav Sahgal, principal of technology at Economist Enterprise.

Rubrik, predictably, has products ready for the foundations it’s diagnosing: Rubrik AI, pitched as the first agentic system built for cyber recovery, and Rubrik Agent Cloud for Anthropic’s Claude Code, whose Agent Rewind feature is designed to reverse unintended actions. The vendor-funded survey is itself a piece of narrative management, but the numbers it surfaces echo what TechCrunch reported in May about Google and others navigating agent security in real time. The structural read is older than this cycle. Enterprises shipped first and governed later in the 1996 telecom buildout and again in the 2017 cloud migration wave. Each time, the recovery industry arrived after the breach reports did.