Oxford Business Group

The Philippines needs to do more to guard against cyberattack, according to a new report, though the private and public sectors are moving to reduce risks and bolster security systems.
The Philippines could sustain up to $3.5 billion of direct, indirect and induced losses from breaches to cybersecurity, according to the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” report released in May by research and consulting firm Frost & Sullivan.
The study, which was commissioned by Microsoft and surveyed 1,300 business and IT decision-makers from 13 markets within the region, found that while 52% of companies in the Philippines had either experienced or suspected a cyberattack, 79% of firms had already deployed or were actively looking to deploy artificial intelligence to counter security breaches.
In the past the Philippines underspent on cybersecurity, making it a relatively soft target in the ASEAN region, Ernesto Alberto, executive vice-president and chief revenue officer of telecommunications firm PLDT, Inc., and CEO of its digital solutions subsidiary ePLDT, told OBG.
In 2017 the country spent 0.04% of its GDP on cybersecurity, compared to the ASEAN annual average of 0.07%, according to a report by AT Kearney.
However, risk awareness is growing, as evidenced by the increasing number of defensive measures initiated by the public and private sectors.
“As one of the principal cyberattacked countries internationally, significant resources and building capability have already been invested to help enterprises address cybersecurity and protect against these attacks, which include hacks, security malwares and viruses,” Alberto told OBG.
One solution to cyberthreats is cloud computing, which is increasing in popularity, with a growing number of public and private organizations moving to adopt a cloud-first policy.
“As become more sophisticated, organizations need to know that it will be safer to use the cloud as opposed to relying on traditional forms of IT,” Hans Bayaborda, managing director of Microsoft Philippines, told OBG.
This shift in perception has been bolstered by government initiatives, particularly with the launch of GovCloud – an online portal for information, transactions and services – by the Department of Information Communication Technology (DICT) in 2013.
More recent efforts towards cloud computing fall under the government’s broader National Cybersecurity Plan 2020, launched in 2017, which aims to reduce risks through a four-pronged approach, including the protection of critical information infrastructure, government networks, supply chains and individuals.
In the private sphere, the importance of upgrading cybersecurity is paramount for Philippine companies that trade or provide services to the EU following recent changes to the union’s data protection law.
Introduced at the end of May the General Data Protection Regulation (GDPR) requires organizations dealing with EU citizens to reassess their data-processing customs and set up safeguards that meet the standards set by the regulation.
As the GDPR is applicable to all companies that do business in or with the EU, the Philippines is required to meet the new data protection standards. Failure to comply may result in a fiscal penalty and a potential ban from trading within the EU.
Sectors that could be affected by the GDPR compliance requirements include retail, tourism, health care and financial services, according to a recent study by cybersecurity solutions firm Forient.
While the GDPR could create compliance hurdles for Philippine companies and agencies, it may also provide opportunities. Organizations that meet the regulatory requirements could promote their compliance as a feature of their services, making them more attractive to consumers or clients from the EU.
To achieve this, local firms will need to step up investments in cybersecurity to boost their business credentials. The Frost & Sullivan report found that only 25% of Filipino respondents viewed higher levels of spending on cybersecurity as a business differentiator.
The upgraded EU rules could also have a flow-on effect for the Philippines, prompting regulators to strengthen the country’s own compliance requirements. If so, this would create further opportunities for service providers, with an increase in demand for cybersecurity products and technology.
This Philippines economic update was produced by Oxford Business Group.