The Philippines needs to do more to guard against the threat of cyberattacks, according to a new report, though both the private and public sectors are moving to reduce risks and bolster security systems.
Released in May by research and consulting firm Frost & Sullivan, the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” report found the country could endure up to $3.5bn in direct, indirect and induced losses from breaches to cybersecurity.
The study, which was commissioned by Microsoft and surveyed 1300 business and IT decision-makers from 13 markets within the region, found that while 52% of companies featured in the report had either experienced or suspected a cyberattack, 79% of firms had already deployed or were actively looking to deploy artificial intelligence to counter security breaches.
In the past the Philippines underspent on cybersecurity, making it a relatively soft target in the ASEAN region, according to Ernesto Alberto, executive vice-president and chief revenue officer of telecommunications firm PLDT, and CEO of its digital solutions subsidiary ePLDT, in conversation with OBG.
In 2017 the country spent 0.04% of its GDP on cybersecurity, compared to the ASEAN annual average of 0.07%, according to a report by AT Kearney.
However, risk awareness is growing, as evidenced by the increasing number of defensive measures initiated by the public and private sectors.
“As one of the principal cyberattacked countries internationally, significant resources and building capability have already been invested to help enterprises address cybersecurity and protect against these attacks, which include hacks, security malwares and viruses,” Alberto told OBG.
Cloud computing growing among businesses
One solution to cyberthreats is cloud computing, which is increasing in popularity, with a growing number of public and private organisations moving to adopt a cloud-first policy.
“As cyberthreats become more sophisticated, organisations need to know that it will be safer to use the cloud as opposed to relying on traditional forms of IT,” Hans Bayaborda, managing director of Microsoft Philippines, told OBG.
This shift in perception has been bolstered by government initiatives, particularly with the launch of GovCloud – an online portal for information, transactions and services – by the Department of Information Communication Technology in 2013.
More recent efforts towards cloud computing fall under the government’s broader National Cybersecurity Plan 2020, launched in 2017, which aims to reduce risks through a four-pronged approach, including the protection of critical information infrastructure, government networks, supply chains and individuals.
EU data protection law to affect multiple sectors
In the private sphere, the importance of upgrading cybersecurity is paramount for Philippine companies that trade or provide services to the EU following recent changes to the union’s data protection law.
Introduced at the end of May, the General Data Protection Regulation (GDPR) requires organisations dealing with EU citizens to reassess their data-processing customs and set up safeguards that meet the standards set by the regulation.
As the GDPR is applicable to all companies that do business in or with the EU, the Philippines is required to meet the new data protection standards. Failure to comply may result in a fiscal penalty and a potential ban from trading within the EU.
Sectors that could be affected by the GDPR compliance requirements include retail, tourism, health care and financial services, according to a recent study by cybersecurity solutions firm Forient.
Benefits of stricter EU regulations
While the GDPR could create compliance hurdles for Philippine companies and agencies, it may also provide opportunities. Organisations that meet the regulatory requirements could promote their compliance as a feature of their services, making them more attractive to consumers or clients from the EU.
To achieve this, local firms will need to step up investments in cybersecurity to boost their business credentials. The Frost & Sullivan report found that only 25% of Filipino respondents viewed higher levels of spending on cybersecurity as a business differentiator.
The upgraded EU rules could also have a flow-on effect for the Philippines, prompting regulators to strengthen the country’s own compliance requirements. If so, this would create further opportunities for service providers, with an increase in demand for cybersecurity products and technology.