Three in five employees in Australia and New Zealand already pick their own AI tools when the corporate ones feel too slow or too restrictive. That is the most uncomfortable number inside KnowBe4's latest ANZ research, and it is the figure that turns the region's headline AI lead into a quiet insurance problem.
The survey's marquee number, that 64% of ANZ organisations now use agentic AI against a global average of 58%, is the statistic boards like to cite. It frames ANZ as a fast follower that has quietly pulled ahead on the most-hyped deployment of the year. Half of those organisations told KnowBe4 their AI use was unapproved or ungoverned. The 59% self-sourcing rate is what those two numbers actually mean in practice.
"Agentic" is the key word. Unlike a chatbot that waits for a prompt, agentic AI tools browse, draft, file, message, and sometimes code on their own, often with credentials pulled from the same stack that grants the employee access to customer records. When 59% of employees go around the official tool, the resulting footprint does not show up on a software inventory. It shows up as odd OAuth grants, browser-side data exfiltration, and traffic that nobody on the security team has classified.
Insurance Business Mag editorial observes that Australian cyber insurers have not yet figured out how to price that footprint. APRA's quarterly statistics, released 29 May 2026 and summarised by the trade press, show the Australian cyber class posted positive insurance service results in each of the last three quarters: A$17 million in September 2025, A$10 million in December 2025, and A$10 million in March 2026. Gross written premium for the March 2026 quarter was A$32 million, under 0.2% of the industry's total. A profitable book on a sliver of premium is a market that is not yet underwriting the full risk.
That is the actual story behind the adoption headline. The cyber class is profitable because it is small, and it is small because underwriters cannot yet price what an organisation looks like when a meaningful share of its employees are running agentic tools that nobody in IT sanctioned. KnowBe4, a cybersecurity awareness vendor with a direct commercial interest in culture-first training, frames the answer as exactly that: more culture, more training. Insurance underwriters will need a different fix, a way to underwrite behaviour they cannot see.
The procurement-versus-policy split is also where the vendor framing breaks down. Culture-first training treats the 59% as a behaviour problem. Several IT and security outlets covering the report reach the same conclusion. Underwriters, who have to write a premium that holds for twelve months, will treat it as a footprint problem: which sanctioned models are exposed to which corporate data, and which departments have started using tools that no one on the security team has reviewed. The first question asks whether the policy is fit for purpose. The second asks whether the company can even see its own attack surface.
The harder question for ANZ boards is whether the 59% workaround rate is a policy failure or a procurement failure. If sanctioned AI tools are too restrictive, the gap is on the security team. If employees simply prefer the model they use at home, the gap is structural and a culture deck will not close it.
What to watch: APRA's next quarterly release, due in late August 2026, will be the first to show whether the March 2026 quarter's A$10 million service result held, narrowed, or turned. A second consecutive narrowing would tell underwriters the class is starting to feel the loss-frequency shift the KnowBe4 numbers predict. So far the market is still making money on a risk it has not yet learned to write.