Singapore – Organisations across APAC are encountering structural technology constraints that are slowing innovation and increasing cyber risk, even as AI becomes more deeply embedded in business operations, according to findings from Cloudflare’s recent 2026 report.
The research indicates that many enterprises in the region are approaching what the study describes as a ‘technical glass ceiling’, where legacy systems, fragmented architectures, and delayed modernisation efforts limit the ability to scale AI effectively. While AI adoption is now widespread, the ability to deliver consistent returns increasingly depends on the strength and flexibility of an organisation’s infrastructure and readiness rather than experimentation alone.
Modernisation has emerged as a decisive factor in AI performance. Organisations that have updated their application environments are around three times more likely to report a clear return on AI investments. In APAC, 92% of surveyed leaders identified software modernisation as the single most important contributor to improving AI capabilities, underscoring the extent to which infrastructure readiness now shapes competitive outcomes across the region.
Mindsets around AI have also shifted from adoption to integration. The report found that 90% of leading APAC organisations have already embedded AI into their existing application portfolios, while 80% plan to expand those integrations further over the next year. This reflects a broader move towards treating AI as a core operational capability rather than a standalone initiative, particularly among organisations that are ahead of schedule in their modernisation efforts.
“In order to succeed with AI, having a modern and secure foundation is non-negotiable. It is clear that organisations that prioritise modernisation are able to innovate at speed and scale, while those that don’t are likely to become the next target,” Matthew Prince, CEO and co-founder of Cloudflare, stated.
He added, “If you aren’t modernising your business to embrace AI and prevent the next wave of cyberattacks, you aren’t just standing still, you’re rapidly falling behind.
However, the benefits of this shift are unevenly distributed. Organisations that lag behind on modernisation report lower confidence in their infrastructure and are more likely to upgrade systems reactively, often following a security incident. These organisations tend to divert resources towards remediation and compliance rather than innovation.
The report also highlights organisational structure as a differentiating factor across APAC. Enterprises that are ahead of schedule in modernising their application environments typically have more centralised and streamlined decision-making, allowing them to move faster on AI deployment and infrastructure investment.
By contrast, organisations that remain behind schedule are more likely to be constrained by fragmented governance and competing priorities, which slow execution and limit the ability to translate AI initiatives into measurable business outcomes.
Security readiness is closely linked to this divide. APAC organisations that have aligned application modernisation with security by design report greater confidence in managing cyber risks while scaling digital services. Those who have not achieved this alignment often spend more time responding to incidents and maintaining compliance across fragmented environments.
The report suggests that while APAC organisations are no longer questioning whether to adopt AI, many remain constrained by the technical foundations required to support it at scale. Early and comprehensive application modernisation is increasingly viewed as a prerequisite not only for AI-driven growth, but also for stronger cyber hygiene and long-term operational resilience.
