Why Cybercrimes Keep Rising and What Financial Institutions Must Do Now

Cybercrime losses among financial institutions supervised by the Bangko Sentral ng Pilipinas (BSP) climbed to a staggering P5.82 billion in 2024, marking a 2.6 percent increase from the previous year. Even more alarming is the sharp rise in reported cybercrime cases 40,780 in 2024 compared to just 16,246 in 2022, a jump of 151 percent. These numbers, shared recently by BSP Deputy Governor Chuchi G. Fonacier, have sparked serious concern from government officials and financial regulators alike.

The question remains: why do cybercrimes persist despite laws and new regulations aimed at curbing them? The Philippines has made important strides with legislation such as the SIM Card Registration Act of 2022, intended to tackle scams proliferating through text messages, and the Anti-Financial Account Scamming Act enacted in 2024 to address rising fund transfer frauds. However, the reality is that cybercriminals continuously evolve their tactics, often outpacing current defenses. This evolution calls for constant upgrades in both policy and technology.

Unfortunately, preventive measures remain underfunded and fragmented. For instance, a critical P500-million budget allocation meant to enhance the Philippine National Police’s IT capabilities to fight cybercrime was cut from the 2025 national budget. This underlines a crucial point: cybersecurity cannot be the government’s burden alone. Banks and financial technology companies must also own their responsibility to build resilient, multi-layered defenses against increasingly sophisticated attacks.

The financial sector’s vulnerabilities are apparent. Remote purchase fraud, or “card-not-present” scams, accounted for P1.5 billion in losses last year alone. Cases like the recent social media story of a woman charged over P240,000 on a cloned credit card highlight serious gaps in banks’ credit card verification systems. Failures to implement measures such as one-time PINs or real-time alerts only magnify these risks. The BSP’s role in enforcing stricter regulations and penalizing banks for lapses is vital.

On the consumer side, phishing remains the biggest threat, with P1.8 billion lost last year due to fraudulent attempts to steal personal information. Public education on identifying suspicious communications and safe online habits is essential but must be paired with technical safeguards.

Experts consistently recommend multilayered cybersecurity strategies firewalls, intrusion detection systems, endpoint protection, and AI-powered threat monitoring to create a robust defense. These solutions help detect and respond to threats in real time, minimizing damage and enabling proactive security.

At Directpath Global Technologies (DGT), we specialize in delivering comprehensive managed security services tailored to the evolving needs of organizations. Our offerings include Mobile Threat Defense (MTD), Extended Detection and Response (XDR), Vulnerability Assessment and Penetration Testing (VAPT), SOC 2 compliance, Vulnerability Risk Management as a Service (VRMaaS), Web Application Firewall (WAF), and virtual Chief Information Security Officer (vCISO) services. Our advanced Artificial Intelligence Division further enhances these capabilities, crafting bespoke cybersecurity solutions that not only protect but optimize various facets of operations.

The rising tide of cybercrime sends a clear message: financial institutions must act urgently and decisively. Preventive measures, backed by strong policies, technological innovation, and shared responsibility, are the only way to protect the public’s trust and the integrity of the country’s digital financial ecosystem. Source: Inquirer Net