Strengthening Cybersecurity in the Philippines

Written By Ethan Koh

As cyber threats grow in scale and sophistication, organisations across ASEAN are struggling to keep up—not just in terms of technology, but also in human capital. The Philippines faces one of the most severe cybersecurity talent shortages in the region, leaving businesses and government agencies vulnerable to attacks. Without a strong cybersecurity workforce, the country's ability to defend critical infrastructure, financial institutions, and digital services remains at risk.

The Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape report provides insights into this pressing issue. According to the report, 37% of surveyed organisations in ASEAN—including those in the Philippines—cite the lack of cybersecurity talent as one of their biggest challenges. This shortage directly affects the country’s ability to prevent, detect, and respond to cyber incidents, making it a key barrier to achieving digital resilience.

📖 Read more on Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape

How is the Philippines tackling its cybersecurity talent shortage? With cyber threats escalating, are government initiatives, industry programs, and AI-driven solutions enough to bridge the gap?

The Cybersecurity Talent Shortage in the Philippines

As digital transformation accelerates across ASEAN, the shortage of cybersecurity professionals has become a significant barrier to securing businesses and government systems. The Philippines is among the hardest-hit countries, with organisations struggling to find qualified cybersecurity talent to defend against rising cyber threats. In the first quarter of 2024, hacking incidents targeting the Philippines surged by 325%, exacerbating the urgency for skilled cybersecurity professionals. This shortage is further intensified by the country's demand for cybersecurity experts, highlighting the urgent need for talent in this field. ​

This skills gap significantly weakens the country's ability to proactively manage cybersecurity risks, leaving government agencies, financial institutions, and critical infrastructure providers particularly vulnerable. The Department of Information and Communications Technology (DICT) highlights the severity of the issue, noting that the country has only about 200 certified cybersecurity experts, with 80% of them working abroad. In a digital economy that relies heavily on cloud platforms, e-commerce, and online financial services, this unfilled cybersecurity workforce puts both businesses and consumers at substantial risk. This scarcity of skilled cybersecurity professionals becomes even more critical when considering the complexity and continuous evolution of cybersecurity threats that CISOs must manage.

“The threat landscape is ever changing, we are talking about novel attacks, we are talking about novel approaches, a lot of new vendors, new strategies, frameworks, regulations, and so on. So the CISO has to be on top of all of that.” — Alexander Antukh, CISO, Aboitiz Power

Impact on Cybersecurity Resilience

Slower Threat Detection and Response

A dearth of skilled professionals hampers organisations' abilities to swiftly identify and mitigate cyber threats. In 2024, 94% of organisations in the Philippines experienced at least one security breach, with many attributing these incidents to inadequate cybersecurity staffing. 

This high incidence of breaches underscores the critical need for a robust cybersecurity workforce. The lack of skilled professionals not only delays threat detection and response times but also increases the vulnerability of organisations to various cyber attacks, including phishing, ransomware, and supply chain attacks. 

Strategies to Address the Talent Shortage in the Philippines

The National Cybersecurity Plan (NCSP) 2023–2028

The Department of Information and Communications Technology (DICT) has introduced the National Cybersecurity Plan (NCSP) 2023–2028, a comprehensive roadmap aimed at establishing a secure and resilient cyberspace for Filipinos. Key initiatives of the plan include:

  • Cybersecurity Awareness Programs: Educating businesses and individuals about best practices in cybersecurity to foster a culture of security consciousness.

  • Scholarships and Training Programs: Offering financial support and educational opportunities to encourage more Filipinos to pursue careers in cybersecurity.

  • Public-Private Partnerships: Collaborating with private sector entities to enhance cybersecurity resilience across critical sectors.

Strengthening Industry Collaboration

The Department of Information and Communications Technology (DICT) actively collaborates with educational institutions and industry stakeholders to enhance cybersecurity capabilities in the Philippines. A notable example is the partnership between the DICT and the University of the Philippines Open University (UPOU), which led to a training program that equipped 84,632 teachers with techniques for remote teaching. In addition to its collaboration with the UPOU, the Department of Information and Communications Technology (DICT) has partnered with the United States Agency for International Development (USAID) through the Better Access and Connectivity (BEACON) project. This partnership aims to enhance the Philippines' digital infrastructure and services, focusing on improving cybersecurity measures and expanding internet connectivity across the country. 

Automating Cyber Security Functions

In response to the persistent cybersecurity skills shortage, the Department of Information and Communications Technology (DICT) emphasises the adoption of advanced technologies to enhance cybersecurity measures in the Philippines. One of the department's key initiatives is the development of eGovernment Digital Platforms, which aim to address issues arising from decentralised and siloed systems. These platforms focus on improving interoperability, reducing development and maintenance costs, and strengthening cybersecurity through integrated digital solutions.

Additionally, the DICT advocates for the implementation of robust security standards across public telecommunication entities. By promoting the adoption of frameworks such as the Philippine National Standards (PNS) ISO/IEC 27000, the department seeks to safeguard telecom networks and enhance the overall cybersecurity posture of the nation's critical infrastructure.

The Road Ahead

As cyber threats continue to evolve in scale and sophistication, the Philippines faces significant challenges in building robust cybersecurity defences. The persistent shortage of skilled professionals, coupled with the rapid digitalisation of the economy, necessitates a multifaceted approach to enhance cyber resilience.

To address these challenges, the Department of Information and Communications Technology (DICT) has launched the National Cybersecurity Plan (NCSP) 2023–2028, aiming to develop a secure and resilient cyberspace for Filipinos.

Similarly, the ASEAN region confronts comparable obstacles in fortifying its cybersecurity infrastructure. 

🔗 Download the full report here: [Link]

About ASEAN Innovation Business Platform (AIBP)

AIBP serves as an avenue for public and private organisations in Southeast Asia to access information about enterprise growth and innovation. With a current network of over 30,000 stakeholders in Southeast Asia, AIBP continues to develop ecosystems by engaging in activities which create value-adding information for our stakeholders seeking to make transformative impacts within their organisations. For additional information about AIBP, please visit www.aibp.sg


Ethan Koh
Next

From Vulnerability to Resilience: Building Indonesia's Cyber Defences in the AI Era