Cybersecurity is still treated as an IT issue.

However, it takes more than an anti-virus to clean up your systems. Cybersecurity is broad. It encompasses human behavior, finance, data infrastructure, legal, and many others. Threats have no borders and a cybersecurity breach would require a company-wide collaboration.

According to the Philippine Threat Landscape 2024-2025 report, over 84 percent of Philippine organizations experienced supply-chain breaches last year, with the average company suffering more than three separate incidents. The financial sector alone absorbed P5.82 billion in cyber losses in 2024.

Government officials have also reported repeated attempts to breach systems, allegedly from foreign actors.

The Department of Information and Communications Technology (DICT) revealed plans that focus on protecting critical infrastructure, enhancing incident response, cultivating talent, and strengthening public-private collaborations.

Programs such as the National Cybersecurity Competency Framework and Cybersecurity Education and Awareness Program are part of the DICT’s roadmap to intensify cybersecurity training. This also includes partnerships with universities, technical institutions, and international agencies. The goal here is to train about 5,000 cybersecurity professionals over the next three years, for both the government and the private-sector. Cities like Clark, Cebu, and Davao, are key locations that support training efforts by facilitating incident response exercises and digital forensics workshops.

The Philippine Chamber of Commerce and Industry recognizes the need to ramp up cybersecurity, especially for the micro, small, and medium enterprises (MSMEs), which are considered the backbone of the country’s economy. They also present a vulnerable point in digital supply chains.

“By providing plain language cyber hygiene training and incentives to adopt internationally recognized security standards, we can protect livelihoods and strengthen the entire ecosystem,” said Ferdinand “Perry” Ferrer, chairman of the PCCI Innovation Committee. “Security must be practical, affordable, and shared.”

The PCCI wants to remind people that technology and policies are crucial. However, human behavior plays a significant factor. Enabling multifactor authentication, software updates, maintaining backups, assessing vendor risks, and training staff to spot scams can protect users from the majority of attacks. On top of this, as the country continues to be a top social media user, disinformation and deepfake threats continue to exist and they are growing. Digital media literacy and fact-checking skills are important in building a strong cybersecurity defense.

The PCCI recommends that corporate leaders should adopt frameworks such as ISO 27001 or the NIST Cybersecurity Framework and require vendors to meet minimum controls. The PCCI recommends the government should “continue building regional cyber capacity, streamline incident reporting across agencies, and expand public education campaigns. Industry bodies should scale accessible training for MSMEs and promote affordable certification pathways.”

Last October 20 and 21 was the 51st Philippine Business Conference and Expo. This event gathered business leaders, policymakers, and technologists to talk about digital transformation and leaders were encouraged to attend cybersecurity sessions. This is to encourage leaders to treat cybersecurity as more than an IT issue but as part of the core business.