AI at scale demands a new approach to data resilience and privacy

Australian organisations are embedding AI into core business processes, customer interactions and operational decision making. AI has become an enterprise dependency and requires organisations to fundamentally rethink their data resilience and privacy strategies.

This year, Data Privacy Week took on a different significance. This year’s theme, ‘Take control of your data’, underscored this new reality for technology leaders: to trust AI, we must trust the foundation that fuels all AI platforms — data. With organisations averaging 897 applications and only 29% integrated, fragmented data environments are becoming a major barrier to trusted AI. Privacy cannot be just a compliance checkpoint: organisations must genuinely understand, control and trust their data, at scale. This is being compounded by the changing regulatory landscape.

For many, this is easier said than done. AI systems draw on data from across the enterprise — often combining operational, customer and employee information. However, data privacy, security and recovery remain fragmented across teams, tools and processes. Recent Veeam research found that while seven in 10 organisations were impacted by cyberattacks, only one in 10 was able to recover more than 90% of its data — a clear sign that many organisations lack adequate data resilience even as threats evolve.

The double-edged sword of AI and data

AI amplifies both the value and the risk of data. It exposes weaknesses that previously might have gone unnoticed. Poor visibility increases the likelihood that sensitive information is used inappropriately, and inconsistent governance introduces bias and compliance failures. Coupled with weak recovery capabilities, cyber incidents can quickly turn into prolonged business disruption. When AI depends on data that cannot be clearly governed or reliably recovered, trust erodes quickly — internally and externally.

This is compounded by the complexity of the operating environments of modern enterprises, where data sprawl has become the norm. Many would struggle to answer basic questions about where sensitive data resides, how it is protected, and if it is suitable for use in automated decision-making. Without unified visibility, risk management is reactive by default. In fact, the Veeam Data Resilience Maturity Model found that three in 10 CIOs believe their organisations are above average in data resilience, but less than 10% actually are.

Why resilience and privacy must converge

Resilience is no longer just restoring systems after an outage. It’s about data integrity, availability and trust across the AI lifecycle. Similarly, privacy is no longer limited to access controls and policy documents. It requires continuous oversight of how data is classified, governed and used — particularly as data flows into AI systems that operate with increasing autonomy.

Historically, data resilience, privacy and AI have been managed in silos, creating gaps in accountability and coordination. For enterprises to scale AI safely, this separation can’t continue. When these functions remain disconnected, the gaps are inevitably exposed — especially during cyber incidents, operational failures, or regulatory scrutiny. Organisations then find themselves responding under pressure, rather than managing risk by design.

Rising expectations from regulators and boards

Regulatory expectations across the country continue to evolve, with growing emphasis on accountability, preparedness and demonstrable control over sensitive data. The Office of the Australian Information Commissioner (OAIC) has scheduled its first-ever privacy compliance audit in January 2026. The focus is no longer simply on whether data is protected, but whether organisations truly understand and govern how it is used.

This represents a significant escalation in regulatory posture (a theme we are seeing across the world) moving from reactive investigations to a targeted, risk-based review of business practices. Boards and executives are asking tougher questions: What data underpins our AI systems? Who has access to it? What AI models are using our data? How quickly can we recover if something goes wrong? Is it secure, appropriate and accurate?

Beyond regulation demands, organisations that can’t answer these questions with confidence put innovation at risk because uncertainty limits progress.

The organisations that are leading the way with AI are rethinking their data foundations. Instead of adding more point solutions, they are adopting unified approaches that bring privacy, security, governance and recovery together. This improves visibility, reduces blind spots and enables consistent governance so that data is appropriately handled before it is used for analytics or AI. Critically, it strengthens resilience by ensuring data can be recovered quickly and securely in the event of an incident.

This process enables innovation. Unifying data resilience and privacy creates the right conditions for AI to deliver sustainable value, innovation to scale safely, while meeting regulations by design rather than reaction.

The real risk today is not moving too quickly with AI, but standing still. Data Privacy Week is a timely reminder that taking control of your data is a strategic capability, essential for scaling AI responsibly and maintaining trust.

Image credit: iStock.com/Shinsei Motions