Philippine Companies’ Approach to Cybersecurity Matures; Investments Moving Towards More Sophisticated Tools According to Palo Alto Networks Research
Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today unveiled new research examining businesses’ attitudes towards cybersecurity across several markets in Southeast Asia, including Indonesia, Singapore, the Philippines and Thailand. The survey, conducted in February 2020 before the global escalation of COVID-19, revealed that Philippine businesses are the most confident and proactive in dealing with cybersecurity issues in the ASEAN region.
Shifting cybersecurity investments
With the rise of cyberthreats in the Philippines, 1 in 2 companies (54%) increased their cybersecurity budget compared to 2019. Almost half of the businesses (43%) allotted the majority of their IT budgets to cybersecurity. This spending was attributed to the need to upgrade existing security frameworks to automated technologies (67%), a growing volume of cyberthreats (63%), and the result of cyber risk assessment (57%).
“It’s encouraging to see that Philippine companies are consistent in giving due importance and attention to cybersecurity. This underscores businesses’ growing awareness on the importance of preventing successful cyberattacks that have the potential to disrupt businesses, as we’ve seen in recent years,” said Oscar Visaya, country manager, the Philippines, Palo Alto Networks. “However, in light of the COVID-19 pandemic, businesses will now need to navigate the newfound risks brought about by remote work and other COVID-19-themed threats. This will require a relook at cybersecurity existing strategies and investments.”
Beyond anti-malware and antivirus solutions
Alongside popular solutions such as anti-malware and antivirus tools (86%) as well as next-generation firewalls (59%), almost half the respondents surveyed (47%) said their companies have begun investing in cloud native security. The Philippines has held a respectable spot in terms of cloud adoption in Asia-Pacific, ranking ninth in Asia Cloud Computing Association’s 2018 Cloud Readiness Index.
Emerging solutions such as software-defined wide-area network security (42%) have also become popular as more companies across the Philippines connect offices and staff to cloud infrastructure.
Despite the growing enterprise attention to curbing cyberattacks, however, challenges remain. The most glaring obstacle is employees’ lack of awareness on cybersecurity (58%), which makes organizations more vulnerable to internal cyberthreats. This is followed by risks from third-party service providers and suppliers, making companies increasingly vulnerable (45%), while IT departments have other priorities on which to focus (33%).
Proactive, frequent in updating cybersecurity SOPs
The report also noted that Philippine companies are the most proactive and frequent in reviewing cybersecurity standing operating procedures (SOPs), particularly in the Finance, Transport, and Public sectors. In the survey, 98% of Philippine companies claimed to have updated their cybersecurity policies and SOPs at least once a year.
Philippine companies are also the most mindful about transparency when it comes to cyberthreats, with 98% supporting mandatory reporting of data breaches to authorities in compliance with guidelines by the National Privacy Commission (NPC).
The country also led the ASEAN region in terms of maintaining and overseeing cybersecurity in company workstations, with 83% of companies surveyed saying they check their computers monthly to ensure data protection software is up to date.
Likewise, the Philippines have the most organizations (93%) that clearly communicate their cybersecurity SOPs with their employees. As such, less than half (45%) of the Philippine respondents believe that their company is susceptible to cyberattacks, which is in line with the country’s high scores for confidence.
Cybersecurity risks remain
Despite the high level of confidence, almost a third of the companies in the Philippines (29%) regard their organization’s risk level regarding cyberthreats as “high” and “very high,” while 49% claimed the monetary damage worsened last year, compared to 2018. Beyond monetary damages, companies regard the loss of internal data (38%) such as employee information and intellectual property, and external data (24%) such as customer transactions as the biggest worries during a cyberattack.
“Philippine companies are being confronted by new cyber risks and perennial threats, which leave cybersecurity teams and the broader workforce with little choice but to adapt. The race is now on for businesses to leverage new tools such as automation and machine learning to close the gap as fast as they can, and secure both an ever-expanding network and a growing number of connected devices,” said Oscar Visaya.
Note to editors
The survey was conducted among 400 respondents holding a range of management and IT-related roles, representing enterprises from a diverse range of industries and sizes. There were 100 respondents each from Thailand, Indonesia, Philippines and Singapore.
This survey was conducted online from 6-15 February 2020, before the commencement of strict, widespread social distancing measures.