By Beatriz Marie D. Cruz, Reporter
THE PHILIPPINE government must prioritize measures that would regulate the country’s critical information infrastructure and artificial intelligence (AI) use amid the growing sophistication of cyberattacks, industry experts said.
“Our critical information infrastructure needs more stringent control,” Mark Anthony P. Almodovar, risk services – cybersecurity and privacy executive director at PwC Philippines, said on the sidelines of the BusinessWorld Insights Forum on Aug. 22.
Mr. Almodovar, a former president at the Information Systems Audit and Control Association Manila chapter, noted that critical information infrastructure, such as dams, power generators, and telecommunication systems, need “more stringent and the strictest control” to avoid cyberattacks that could inconvenience the public.
Since the beginning of the 20th Congress, several proposals have been filed mandating critical information infrastructure institutions to adopt adequate measures against cyberthreats.
These measures include Senate Bill No. 662, filed by Senator Juan Miguel F. Zubiri; House Bill (HB) No. 620, authored by Camiguin Rep. Jurdin Jesus M. Romualdo; HB 2826, authored by Camarines Sur Representatives Miguel Luis R. Villafuerte, Vincenzo Renato Luigi R. Villafuerte and Tsuyoshi Anthony G. Horibata, and Party-list Rep. Terry L. Ridon; and HB 3822, filed by Negros Occidental Rep. Javier Miguel L. Benitez.
Julian Louie Singson, executive director and co-founder at the Cybersecurity Council of the Philippines, said cybersecurity policies must be embedded in institutions using AI technologies.
“Cybersecurity stands as the guard that will stop whatever criminal threats or criminal actors that take advantage of the usage of AI,” he said in a chance interview.
Lawmakers have also filed bills seeking to regulate and create an AI body, but these have yet to be deliberated by their respective committees.
According to Mr. Singson, cybersecurity is no longer a mere IT issue, but an organization-wide concern across government and private sector institutions.
“If you provide your team, your staff, even your C-level management with the right education and information, they will protect themselves and in return, they’re already protecting the organization,” he said.
Only 6% of Philippine organizations have “mature” cybersecurity systems, while 52% remain in the “formative” level, according to Cisco’s 2025 Cybersecurity Readiness Index, which measures cybersecurity preparedness based on five pillars: identity intelligence, machine trustworthiness, network resilience, cloud reinforcement, and AI fortification.
Mr. Almodovar also noted that heavily regulated industries like banking and finance, insurance and telecommunications have more advanced cybersecurity policies. However, many traditional industries like manufacturing, and micro, small, and medium enterprises, do not even have a chief information security officer.
“If there would be new technology, regardless of digital transformation that will come our way, cybersecurity should be embedded in that transformation change,” Alexis Bernardino, field chief information security officer and head of cybersecurity product at PLDT Enterprise/ePLDT, said on the sidelines of the forum.
Mr. Singson also noted that the lack of cybersecurity experts remains a major industry issue, with many being lured to join companies abroad because of higher salaries and better working conditions.
“One of the biggest problems that we are facing here in the Philippines is not really the lack of cybersecurity expertise. The way they are being paid is not the same as how much people are getting paid in Singapore or the United States,” he said.
Eight out of 10 Filipino cyber-experts work overseas, and there are only 200 of them remaining in the country, former Information and Communications Technology Secretary Ivan John E. Uy said earlier.
