The Urgent Need to Strengthen Third-Party Cyber Risk Management in the Philippines

A recent survey by cyber defense firm BlueVoyant revealed a sobering reality—84.5% of organizations in the Philippines suffered an average of three cybersecurity breaches in 2024. The findings underscore a critical issue: many businesses remain vulnerable due to gaps in third-party cyber risk management. As cyber threats become more sophisticated, organizations that fail to prioritize vendor security could find themselves increasingly exposed.

One of the most concerning takeaways from the report is that 32% of Filipino businesses have no way of detecting cybersecurity incidents within their supply chains. This lack of visibility leaves organizations open to attacks that could disrupt operations, expose sensitive data, and lead to financial losses. Globally, third-party risks have become a top concern, with many attacks originating from suppliers, contractors, and external vendors rather than directly targeting businesses.

Despite these risks, 65% of Philippine organizations either do not prioritize or only somewhat prioritize third-party cybersecurity risk management. Many companies continue to rely on outdated security practices, conducting annual monitoring instead of more frequent checks. The report found that only 13% of Filipino businesses conduct monthly monitoring, significantly lower than Singapore’s 27%. Given how quickly cyber threats evolve, infrequent monitoring is no longer enough.

There is, however, a silver lining. The survey found that 90% of organizations in the Philippines have increased their cybersecurity budgets for third-party risk management an encouraging sign that awareness is growing. As businesses invest more in protecting their supply chains, automation and artificial intelligence are expected to play a greater role in strengthening cybersecurity defenses. AI-powered threat detection, real-time monitoring, and automated response systems are becoming essential tools for organizations looking to stay ahead of evolving threats.

Directpath Global Technologies (DGT) understands the growing complexity of cybersecurity risks, particularly in managing third-party vulnerabilities. As a Managed Security Service Provider (MSSP), we provide advanced solutions such as Managed Threat Detection (MTD), Extended Detection and Response (XDR), and Vulnerability Risk Management as a Service (VRMaaS) to help businesses enhance their security posture. Our AI-driven approach allows organizations to gain deeper visibility into supply chain risks, detect potential threats before they escalate, and implement proactive security measures tailored to their specific needs.

The increase in cybersecurity breaches across Philippine organizations highlights the urgent need for stronger third-party risk management strategies. Businesses must move beyond traditional security measures and embrace a more proactive, technology-driven approach. By prioritizing vendor security, investing in continuous monitoring, and leveraging AI-powered cybersecurity solutions, organizations can better protect themselves against an increasingly hostile digital landscape. Source: Business World