By Arjay L. Balinbin, Senior Reporter

THE GOVERNMENT is coming up with a new roadmap to update the National CyberSecurity Plan 2022 that was created prior to the pandemic, the Cybercrime Investigation and Coordinating Center (CICC) said.

The goal is to make the country’s cybersecurity roadmap more adaptive to change, Mary Rose E. Magsaysay, deputy executive director at CICC, said during a briefing in Mandaluyong City on Tuesday.

“We found that the roadmap was pertaining to the government being at the height of a pyramid, while what the new one has is a federated approach, which means that we may be there to assist but everybody is treated equally in terms of their capabilities and inputs to help in the cybersecurity to go against cybercrime,” she said.

“Things change. There was no COVID when it was created, and it had the Department of Information and Communications Technology (DICT) at the helm,” she added.

The National CyberSecurity Plan 2022, which was launched in May 2017, was developed to “assure the continuous operation of our nation’s critical infostructures, public and military networks and implement cyber-resiliency measures to enhance our ability to respond to threats before, during and after attacks,” the DICT said on its website.

At the same time, it was created to ensure effective coordination with law enforcement agencies and improve cybersecurity awareness.

The plan was updated in 2021 to strengthen the cybersecurity capabilities of both government and private organizations.

“We are going to be coming out with a more realistic perspective — as I’ve mentioned, implementing plans and procedures, not anymore IRR (implementing rules and regulations),” Ms. Magsaysay said.

“We have to be setting the tenor as government, and that’s why the new roadmap is working on including the word ‘change’ as a very important part, as well as agility,” she added.

Ms. Magsaysay noted that 37% of online users in the country reported cyberattacks in 2020.

At least 73% of consumer data from micro-, small-, and medium-sized enterprises were lost to attackers, greater than the 56% figure in the Asia-Pacific region.

According to cybersecurity firm Sophos, the Philippines placed third in worldwide ransomware payments in 2021, with local organizations paying an average of $1.6 million, doubling the country’s average of $820,000 in 2020.