JERICHO P. DUPO, a 25-year-old full-stack developer at IBM Philippines, is looking for a job overseas, where he expects to earn more and gain more experience as a cybersecurity expert.
“The benefits, experiences and social networks that I can have access to once I start working overseas will be much greater,” the Filipino cyberwarrior, whose job involves patching up web-based software from threats and vulnerabilities, told BusinessWorld. “The pay in Manila is too low despite the high cost of living.”
Eight of 10 Filipino cyber-experts work overseas, and there are only 200 of them remaining compared with 2,000 in Singapore, former Information and Communications Technology Secretary Ivan John E. Uy has said.
Expectedly, few cybersecurity experts work in the government, whose agencies are often the target of hackers, due to the measly pay at about P50,000 a month, compared with P200,000 in the private sector.
Local organizations lost about $1 million (P56.5 million) in 2023 from cyberattacks, according to Cloudflare, Inc.
In a separate report, consulting firm Frost & Sullivan said the Philippines could sustain as much as P200 billion in yearly economic losses due to cybercrime.
“Low compensation, especially in government, limited career mobility and a lack of structured support systems are pushing many of our skilled experts to seek better opportunities abroad,” Ronald B. Gustilo, national campaigner for Digital Pinoys group, told BusinessWorld in a Viber message.
“Compared with our Southeast Asian neighbors, the Philippines is still lagging in both infrastructure and manpower, putting our institutions, businesses and citizens at risk,” he added.
The Philippines is likely to post a surplus of 171,960 information technology (IT) positions this year, showing a mismatch between graduate skills and industry needs, the Philippine Institute for Development Studies said in February.
Allan S. Cabanlong, regional director for Southeast Asia hub at the Global Forum on Cyber Expertise, cited the need to review and craft better performance-based salary models for cybersecurity professionals without straining public resources.
“We need innovative compensation models that are performance-based, allowing pay scales without blanket increases, and more public-private collaboration on schemes to reduce the strain on public coffers,” he said by telephone.
Financial institutions supervised by the Bangko Sentral ng Pilipinas (BSP) lost P5.82 billion from cyberattacks last year, up 2.6% from a year earlier, according to BSP Deputy Governor Chuchi G. Fonacier.
The central bank under Circular No. 1019 published in 2018 requires financial institutions to submit regular and event-driven reports covering technology-related information and major cyberattacks.
“The government must also provide dedicated funding for cybersecurity covering both tools and human resources and make public sector compensation more competitive,” Mr. Gustilo said. “These efforts shouldn’t be seen as costs, but as long-term investments in national security.”
‘NOT JUST AN IT FUNCTION’The Philippines posted 17.7 million cyberthreat incidents last year, according to Kaspersky Security Network. These were fewer than 22.7 million incidents in 2023.
In a March 3 report, the Cybercrime Investigation and Coordination Center (CICC) said cybercrime complaints more than tripled last year to 10,004 from a year earlier. Victims lost almost P198 million due to these crimes.
Data from the CICC showed that consumer fraud accounted for 3,534 or 35% of the cybercrime complaints, while online fraud accounted for 3,242 or 32%.
The DICT earlier reported 282 cyberattacks against government organizations between January and March 2024, adding that 90% of these had been resolved. It added that 811 or about 76% of the early-stage hacking attempts were detected and neutralized by the agency’s National Security Operations Center.
Last year, the Philippine Health Insurance Corp. was hit by Medusa ransomware, with more than 600 gigabytes of data stolen by hackers.
“Cybersecurity is not just an IT function,” Mr. Cabanlong said. “It is now a pillar of national resilience. Investing in talent is investing in national security and digital sovereignty.”
The DICT wants Congress to pass changes to the country’s 13-year-old cybersecurity law by requiring companies to report cyberattacks. The priority bill also creates a cybersecurity regulatory body that can impose monetary and administrative penalties on erring companies that operate critical information infrastructure.
Mr. Gustilo said it is crucial for the government to boost the country’s cybersecurity infrastructure, while allotting funding for these tools as more threats arise in the future.
“To move forward, we need a more aggressive and strategic national approach,” he said. “That starts with investing in digital literacy and cybersecurity education from an early stage to build a stronger talent pipeline.”
About 84.5% of Philippine organizations experienced an average of three cybersecurity breaches last year due to gaps in third-party cyber risk management, cyber defense company BlueVoyant LLC said in a report in January.
About 65% of Filipino organizations either do not or somewhat prioritize third-party cybersecurity risk management, it said, citing a survey conducted by independent market research group Opinion Matters.
Mr. Dupo, the full-stack developer, noted that the only way to advance in his career is to work toward high turnover rates when handling issues raised with his team and participate in as many software development projects as possible.
“Many cybersecurity professionals in the Philippines lack continuous training and development opportunities,” he said. “If they don’t have these certifications, it makes it difficult for them to stay up-to-date with industry trends.” — John Victor D. Ordoñez
