SOME 84.5% of Philippine organizations experienced an average of three cybersecurity breaches in 2024 amid gaps in third-party cyber risk management, according to a survey by cyber defense company BlueVoyant.
The report showed that 32% of Filipino respondents had “no way” of detecting cybersecurity incidents within their supply chains, slightly higher than the global average of 30%, highlighting significant visibility challenges.
BlueVoyant said around 65% of Filipino organizations either do not or somewhat prioritize third-party cybersecurity risk management, citing a survey conducted by independent market research organization Opinion Matters.
“These findings highlight that Philippine businesses continue to tackle the critical challenge of mitigating supply chain and third-party cyber risks,” William Oh, interim head of Asia-Pacific at BlueVoyant, said in a statement.
“The importance of managing risk across the supply chain cannot be understated, especially as the Philippines remains a prevalent target for cyberattacks like phishing, scam calls, and data breaches,” he added.
According to the survey, 33% of Filipino organizations conduct annual monitoring, BlueVoyant said. However, only 13% do monthly monitoring, significantly lower than Singapore’s 27%.
Meanwhile, 55% of Philippine respondents said they have no autonomous transparency in their supply chain, significantly higher than 39% globally.
The most common solutions for managing third-party cyber risks among Filipino organizations are outsource remediation, which includes working with vendors on mitigation plans (42%), followed by exchanges and market places (36%), and network scanning and penetration tests for third parties (34%).
Despite this, 90% of the surveyed Filipino organizations have increased budgets for their third-party cybersecurity risk management programs, better than the global average of 86%.
These budget increases are expected to drive third-party cyber risk maturity among Filipino organizations, Mr. Oh said.
“While increased budget allocations are encouraging, prioritization of third-party cybersecurity risk in Philippine organizations needs further consideration,” he added.
In its latest State of Supply Chain Defense report, BlueVoyant cited organizations’ increased awareness and adoption of initial strategies in third-party cyber risk management.
“Third-party risk is less of an unknown than when we started this survey five years ago. Organizations are monitoring more vendors, and reporting status to senior leadership has normalized to be in line with reporting on other security measures and risks,” BlueVoyant said.
For 2025, more organizations are seen to continue adopting and building new programs for third-party cyber risk with improved tracking of risky behaviors, it said. These will likely also be integrated into various aspects of security operations.
Third-party risk management will likely rely heavily on automation and artificial intelligence but will have a continued focus on analyst-driven decision making or a “human in the loop,” BlueVoyant added.
Opinion Matters surveyed 2,100 suite leaders on supply chain and cyber risk management from various industries. It covered 11 countries across North America, Europe and Asia Pacific, with 290 respondents from the Philippines. — Beatriz Marie D. Cruz
