Cloudflare’s inaugural 2026 App Innovation Report shows that application modernisation has become a decisive factor in whether organisations realise real value from AI, with a widening gap emerging between leaders and laggards across the Asia–Pacific region.
According to the report, organisations in APAC that modernise their applications are three times more likely to see a clear return on AI investments. Among leading organisations, 92% said application modernisation is the single most important factor in unlocking AI value. Despite this, only 14% of organisations across APAC — including Australia and New Zealand — are ahead of schedule with modernisation efforts.
Cloudflare defines applications broadly, encompassing the IT stack, APIs and internal workflows that underpin continuous innovation. The report argues that without modernised, unified application foundations, organisations struggle not only to deploy AI effectively, but also to do so safely and at scale.
One of the report’s more counterintuitive findings highlights what it calls a “developer paradox”. Leading organisations are not constantly rebuilding systems from scratch. Instead, 58% of leaders focus more developer time on maintaining and refining existing platforms, creating a stable core on which AI innovation can be layered. In contrast, up to 83% of lagging organisations across APAC remain stuck in rebuild cycles, reacting to technical debt or security gaps rather than advancing AI initiatives.
The divide is driven as much by governance and culture as by technology. The report found that 72% of leading organisations centralise application modernisation decisions with a small group of senior stakeholders, enabling faster execution and more confident investment. Laggards tend to operate with fragmented decision-making, slowing progress and diluting accountability.
AI further amplifies these differences through what Cloudflare describes as an AI–modernisation flywheel. Modern infrastructure enables effective AI deployment, and early AI success then justifies further modernisation investment. Leaders are therefore far more likely to prioritise AI integration early and translate it into measurable business outcomes.
Additional APAC findings reinforce the link between security alignment and execution speed. Ninety per cent of leading organisations have already integrated AI into existing applications, with 80% planning to expand integration further in the coming year. Seventy-six per cent of leaders said aligning security with application modernisation is “very easy”, allowing faster delivery of AI-enabled services without increasing risk.
By contrast, lagging organisations reported lower confidence in their infrastructure and were significantly more likely to modernise reactively following incidents. Tool sprawl was also identified as a drag on progress, with 86% of APAC leaders actively consolidating technology stacks to reduce complexity and accelerate delivery.
Budget expectations mirror these confidence gaps. Nearly three-quarters of leading organisations expect significant increases in modernisation investment, while more than half of laggards anticipate only marginal budget growth.
For CISOs and cyber risk leaders, the report positions application modernisation not as an IT hygiene exercise, but as a core risk and value lever — determining whether AI becomes a controlled, compounding advantage or an unmanaged source of exposure.
You can read the full report here.
