Skip to main content

Cybersecurity threats to cost organizations in the Philippines US$3.5 billion in economic losses


A Frost & Sullivan study commissioned by Microsoft revealed thatthe potential economic loss in the Philippinesdue to cybersecurity incidentscan hit a staggeringUS$3.5billion. This is 1.1 percent of the Philippines’total GDP of US$305 billion[1].


The study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the region and identify thegaps in organizations’ cybersecurity strategies. The study involved a survey of 1,300 business and IT decision makersranging from mid-sized organizations (250 to 499 employees) to large-sized organizations(>than 500 employees). 

The study reveals thatmore than half of the organizationssurveyed in the Philippines have either experienced a cybersecurity incident (18%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (34%).

“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimize operations, they take on new risks,” said Hans Bayaborda, Managing Director, Microsoft Philippines.“With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financialloss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”


The True Cost of Cybersecurity Incidents – Economic, Opportunity and Job Losses

The study revealed that:

A large-sized organization in the Philippines can possibly incur an economic loss of US$7.5million, more than 200timeshigher than the average economic loss for a mid-sized organization (US$35,000); and

Cybersecurity attacks have resulted in job losses across different functions in seven in ten (72%) organizations that have experienced an incident over the last 12 months.

To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based on macro-economic data and insights shared by the survey respondents. This modelfactors in three kinds of losses which could be incurred due to a cybersecurity breach:

Direct: Financial losses associated with a cybersecurity incident - this includes loss of productivity, fines, remediation cost, etc;

Indirect:The opportunity cost to the organization such as customer churn due to reputation loss; and

Induced: The impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.

“Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of the iceberg,” said Edison Yu, Vice President and Asia Pacific Head of Enterprise for Frost & Sullivan.“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organizations suffering from cybersecurity attacks can be often underestimated.”

In addition to financial losses, cybersecurity incidents are also underminingthe Philippines organizations’ ability to capture future opportunities in today’s digital economy, with more than half(57%) respondents stating that their enterprise has put off digital transformation efforts due to the fear of cyber-risks.

Key Cyberthreats and Gaps in the Philippines Organizations’ Cybersecurity Strategies

Although high-profile cyberattacks, such as ransomware, have been garnering a lot of attention from enterprises, the study found that for organizations in the Philippines that have encountered cybersecurity incidents, data exfiltrationand data corruptionarethe biggest concern as they have the highest impact with the slowest recovery time.

Besides external threats, the research also revealed key gaps in organizations’ cybersecurity approach to protect their digital estate:

Security an afterthought:Only44% oforganizations consider cybersecurity before the start of a digital transformation project. Majority of respondents (56%)either think about cybersecurity only after they start on the project or do not consider it at all. This limits their ability to conceptualize and deliver a“secure-by-design” project, potentially leading to insecure products going out into the market;

Creating a Complex Environment:Negating the popular belief that deploying a large portfolio of cybersecurity solutions will render stronger protection, the survey revealed that 17% of respondents with more than 50 cybersecurity solutions could recover from cyberattacks within an hour. In contrast, more than twice as many respondents (38%) with fewer than 10 cybersecurity solutions responded that they can recover from cyberattacks within an hour; and

Lacking cybersecurity strategy:While more and more organizations are considering digital transformation to gain competitive advantage, the study has shown that46% of respondents see cybersecurity strategy only as a means to safeguard the organization against cyberattacks rather than a strategic business enabler. A mere 25% of organizations see cybersecurity strategy as a digital transformation enabler.

“The ever-changing threat environment is challenging, but there are ways to be more effective using the right blend of modern technology, strategy, and expertise,” added Hans. “Microsoft is empoweringbusinesses in the Philippines to take advantage of digital transformation by enabling them to embrace the technology that’s available to them, securely through its secure platform of products and services, combined with unique intelligence and broad industry partnerships.”


In a digital world where cyberthreats are constantly evolving and attack surface is rapidly expanding, AI is becoming a potent opponent against cyberattacks as it can detect and act on threat vectors based on data insights. The study reveals that more than almost four in five (79%)organizations in the Philippines have either adopted or are looking to adopt an AI approach towards boosting cybersecurity.

AI’s ability to rapidly analyze and respond to unprecedented quantities of data is becoming indispensablein a world where cyberattacks’ frequency, scale and sophistication continue to increase.

AnAI-driven cybersecurity architecture will be more intelligent and be equipped with predictive abilities to allow organizations to fix or strengthen their security posture before problems emerge. It will also grant companies with the capabilities to accomplish tasks, such as identifying cyberattacks, removal of persistent threats and fixing bugs, faster than any human could, making it an increasingly vital element of any organizations’ cybersecurity strategy.

Recommendations for securing the modern enterprise in a digital world

AI is but one of the many aspects that organizations need to incorporate or adhere to in order to maintain a robust cybersecurity posture. For a cybersecurity practice to be successful, organizations need to consider People, Process and Technology, and how each of these contributes to the overall security posture of the organization.

To help organizations better withstand and respond to cyberattacks and malware infections, here are five best practices that they can consider in improving their defense against cybersecurity threats:

Position cybersecurity as a digital transformation enabler: Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;

Continue to invest in strengthening your security fundamentals: Over 90% of cyber incidents can be averted by maintaining the most basic best practices.  Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyberattacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;

Maximize skills and tools by leveraging integrated best-of-suite tools. The best tools are useless in the hands of the amateur. Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;

Assessment, review and continuous compliance: The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and

Leverage AI and automation to increase capabilities and capacity: With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions. Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.

For more information on the study, please visit:

To better understand the cyberthreats happening globally and in Asia Pacific, please download the Microsoft Security Intelligence Report Volume 23 here: https://info.microsoft.com/ww-landing-Security-Intelligence-Report-Vol-23-Landing-Page-eBook.html

Footnote:
[1] World Bank’s Asia Pacific GDP information: https://data.worldbank.org/indicator/NY.GDP.MKTP.CD

Comments

Popular posts from this blog

Top BPO Convergys Philippines Celebrates 15th Anniversary

Convergys Philippines, one of the largest and leading BPO companies in the country, celebrates its 15th anniversary wiith the theme “Made By YOU – Celebrating Our Stories, Embracing New Possibilities.”
Convergys is known for putting its people front and center and with the celebration of its 15 years its focus on people remain true since Convergys Philippines opened its first contact center back in 2003, creating jobs and careers for talented Filipinos with its nationwide expansion, and helping build its communities and the country’s economy in the process. This same focus has enabled a number of breakthroughs such as nationwide operations from North Luzon to Mindanao, being first to be inducted into the ICT Hall of Fame as Best Company and Best Employer, first BPO in the world to gain the global standard on workplace gender equality, and sustaining its position as the country’s largest private employer. More than anything, this focus on people is perhaps the greatest quality the comp…

Dina dela Paz, Awarded as Most Influential Filipina in the World

Another Filipina awarded in the 100 MOST INFLUENTIAL FILIPINA IN THE WORLD.
Dina Dela Paz-Stalder, a skincare expert, was awarded with this prestigious recognition, specifically in the Founder and Pioneer Category (Global FWN100 Award) in Toronto, Canada on October 27, 2017, by Filipino Women’s Network. She was selected from an outstanding field of nominees from around the world.

The Global FWN100 Award™ recognizes 100 Filipino women who are changing the face of leadership in the global workplace.  It distinguishes them for their outstanding work in their respective fields, and further recognizes them for their achievement and contributions to society.  Dina Dela Paz-Stalder’s award and global recognition is another evidence of Filipino pride as she proves that Filipinos are also global leaders in terms of skincare innovations and extraordinary leadership.

Started from just a small steel pot for skincare formulations,  she now owns and leads the Stalder Group of Companies which includ…

City Garden Grand Hotel Holds 2nd GRAND Skills Competition

Today, students from the Far Eastern University, National University, Philippine Women University, Lyceum and the University of Sto. Tomas got together for City Garden Grand Hotel’s 2nd GRAND Skills Competition.


For the second time City Garden Grand Hotel hold the competition where the top 5 schools competed for the chance to be the best in the following categories: Table set up with Centerpieces, Food Art, Bartending/Cocktail Mixing, and Gourmet Student Meals.






For six hours, students took the time to set up tables with their own theme and menu, prepared gourmet meals, food art and concoct drinks. Then it was time for the judges to pick the best among the best. Judges includes Chef Miko Aspiras, Jill Meneses, Chef Dennis Peralta, Jason Hussein Ali, Jordan Tan.






Here is the list of winners for the following categories:
FOOD ART

1st Place:Far Eastern University (FEU) 2nd Place:LYCEUM 3rd Place:National University (NU)
GOURMET STUDENT MEALS
1st Place:LYCEUM 2nd Place:NU 3rd Place:University of Sto. …