Employees across Asia Pacific are adopting collaboration tools faster than IT and governance models can keep pace — and new research from Mimecast warns that these increasingly fragmented environments are also becoming the foundation for AI agents operating at speed and scale.
Findings from the State of Human Risk 2026 study reveal that while collaboration tools now underpin how work gets done across modern enterprises, many organisations are finding it difficult to keep pace with the growing complexity and fragmentation of these environments.
The study found that 90% of APAC organisations say collaboration tools are essential to day-to-day operations.
Meanwhile, 66% say employees regularly download and use collaboration tools that have not been vetted or approved by IT teams, highlighting how workforce behaviour is increasingly moving faster than governance processes can adapt.
The growing sprawl of communication, messaging and file-sharing platforms is also creating mounting concerns around visibility and security oversight.
72% say collaboration tools are introducing new threats and security loopholes that urgently need to be addressed. As organisations increasingly embed AI capabilities into collaboration environments, visibility gaps created by unmanaged tools may introduce additional layers of operational and security risk.
At the same time, 45% of APAC organisations reported an increase in collaboration-tool-based threats over the past year, suggesting that these concerns are already beginning to materialise.
“Work today happens across an increasingly fragmented mix of collaboration platforms, cloud environments and AI-assisted workflows,” said Nicky Choo, Vice President and General Manager, APAC, Mimecast. “The challenge for many organisations is no longer simply securing a single channel like email. It is maintaining visibility, governance and trust across how work is created, shared and acted upon across the business.”
The governance gap carries particular urgency as AI agents move from pilot to production inside enterprises across the region. Unlike individual users, AI agents can operate across multiple systems and workflows simultaneously, amplifying existing visibility and governance challenges.
Without foundational visibility and governance already in place, organisations risk deploying agents into environments they cannot adequately monitor or control. Managing collaboration sprawl is increasingly becoming a prerequisite for responsible AI adoption.
Choo added that many organisations are now dealing with environments where employees adopt new tools faster than governance models can evolve around them.
“Employees are constantly looking for faster and more efficient ways to collaborate, especially as AI capabilities become embedded into everyday workflows. But when organisations lack consistent visibility across these environments, it becomes harder to understand where sensitive information is moving, who or what is accessing it, and whether the appropriate controls are in place,” he said.
The findings also suggest many organisations are still relying on fragmented approaches to governance and compliance.
Only 37% of APAC organisations say they have automated compliance tools in place across multiple communication channels, despite collaboration ecosystems becoming increasingly distributed.
The priority now is ensuring governance, visibility and accountability evolve alongside how modern work happens. Security models need to support organisations in moving faster safely, not hold them back.Nicky Choo
The research reflects a broader shift in how organisations need to think about cybersecurity and risk management as work becomes increasingly decentralised and AI-enabled. Rather than focusing solely on protecting channels or endpoints, organisations are increasingly being challenged to secure the integrity, accountability and governance of work itself across both human and AI-assisted environments.
“Organisations are not slowing down AI or collaboration adoption — nor should they,” added Choo. “The priority now is ensuring governance, visibility and accountability evolve alongside how modern work happens. Security models need to support organisations in moving faster safely, not hold them back.”
Choo noted that AI agents represent the next frontier of this challenge. “AI agents are coming whether organisations are ready or not. The collaboration environments they will operate in need to be understood, governed and secured before those agents are deployed — not after. The organisations that invest in governance now will be the ones that can move fastest and most safely when agentic AI becomes the norm,” he said.
Mimecast’s State of Human Risk 2026 study is based on responses from IT and security decision-makers across APAC, North America and EMEA, and examines how human behaviour, insider activity and organisational practices are influencing today’s cyber risk landscape. The research highlights the need for organisations to better understand and manage insider risk as a core component of their overall cyber resilience.
RESEARCH METHODOLOGY
Mimecast commissioned Vanson Bourne to survey 2,500 IT security and IT decision makers across nine countries in November and December 2025. All organizations surveyed had more than 250 employees and more than 250 email users. Organisation sizes ranged from 250 to over 10,000 employees.
Geographic coverage: United States (500), United Kingdom (300), Germany (300), France (300), Spain (200), Italy (200), South Africa (200), Singapore (250), Australia (250)
Sectors covered: A range of private and public sectors, including financial services, healthcare (public and private), IT/technology/telecoms, manufacturing, retail, public sector, energy/utilities, business services, construction, consumer services and media/entertainment.
Download the 2026 State of Human Risk Report
About Mimecast
Mimecast is a global cybersecurity and data governance leader redefining how organisations secure human risk. Its AI-powered, API-enabled platform is purpose-built to protect organisations from the spectrum of cyber threats. Integrating cutting-edge technology with human-centric pathways, our platform provides enhanced visibility and strategic insight.
By enabling decisive action and empowering businesses to protect their collaborative environments, our technology safeguards critical data and actively engages employees in reducing risk and enhancing productivity. More than 42,000 businesses worldwide trust Mimecast to help them keep ahead of the ever-evolving threat landscape.
From insider risk to external threats, customers get more with Mimecast. More visibility. More agility. More control. More security.