Filipino users are becoming more careful about scams and social engineering, though progress is slow. Much of this awareness comes from warnings and shared updates in active Facebook groups and CERT pages.
With the new year starting, people and organizations should move away from risky digital habits that make them targets for cyberattacks. Building better cyber awareness and advanced skills is also very important.
In this blog post, we’ll look at the current state of cybersecurity in the Philippines, review recent news, and highlight some cybersecurity training programs you can join.
The State of Cybersecurity Attacks in the Philippines
Recent local cybersecurity news shows mixed results. While online scams by independent criminals have gone down, there has been a sharp rise in organized, AI cybersecurity attacks.
Reported online scams by individuals dropped by 48%, from 14,529 cases to 8,897, according to the Philippine National Police Anti-Cybercrime Group (PNP-ACG). The most common cases include online libel, swindling (estafa), and unauthorized access to data.
Data breaches rose by 49% in the third quarter of 2025, exposing over 52 million credentials. Ransomware attacks also went up, with some companies seeing as many incidents in the first half of 2025 as in all of 2024, according to Vietell Threat Intelligence. They also reported that criminals are now using AI-generated videos, cloned voices, and fake executive messages to trick employees and partners. With AI-assisted malware, these attacks are becoming more industrialized and widespread.
Government agencies are still being targeted. The Department of Information and Communications Technology (DICT) reported that more than 20,000 vulnerabilities were exploited by organized threat groups, affecting agencies like DENR, DA, and the Philippine Coast Guard. The National Intelligence Coordinating Agency (NICA) also found 234 data breaches in high-level government agencies in 2025, resulting in credentials from 32 organizations being leaked on the dark web.
The Philippines' Cybersecurity Strategy & Legislation
There are calls to incorporate artificial intelligence and cybersecurity to boost the country’s protection. This is now a national priority.
The National Cybersecurity Plan 2023–2028 remains in place. Its 2025 milestones include promoting capacity-building, threat detection, incident response, and public–private collaboration.
The 2026 National Budget includes measures to strengthen cybersecurity. This year's government budget was recently ratified by the House and Senate Bicameral Committee. It factored in funding for increased cybersecurity measures through the DICT, Cybercrime Investigation and Coordinating Center (CICC), and the National Privacy Commission (NPC).
The government budget matches the Philippine Skills Framework, which can help both the public and private sectors improve. This approach ensures that cybersecurity skills in the country can keep pace with the industry’s fast-changing needs.
IRR rules for the Konektadong Pinoy Act tightened. These mandate the vetting of foreign DTIPs, the establishment of CERTs, and the adoption of zero-trust frameworks, global standards, vulnerability testing, and third-party cybersecurity certification within two years.
We Need Cybersecurity Training Courses in the Philippines
Even with government support and progress over the past year, the country’s cybersecurity maturity is still average. It’s important to increase cybersecurity training programs in your organization and to avoid gatekeeping opportunities. This way, more professionals can become certified.
According to a Cisco survey, 92% of Philippine organizations are in the Progressive and Formative stages. Only 3% are considered Mature.
How do you boost your security maturity? Let me recommend some cybersecurity training programs for critical areas.
End-user cybersecurity staff training is critical.
Without a strong cybersecurity culture, your systems and software will be vulnerable. It needs to be inclusive. Even riders, drivers, cashiers, and admin staff need regular cybersecurity awareness training.
Strengthen your cybersecurity systems.
Consider courses such as Certified Ethical Hacking (CEH) and Certified Information Security Manager (CISM) that focus on Zero Trust and rapid incident response. Bonus: Read about the benefits of CISM for IT leaders.
Monitor your AI usage.
With the significant potential of artificial intelligence comes new threats and vulnerabilities. Courses like ISACA’s Advanced in AI Security Management™ (AAISM™) and Advanced in AI Security Management (AAISM™) help your IT teams reinforce AI cybersecurity.
Align IT goals with regulations.
Help your team become Certified in Governance, Risk and Compliance (CGRC) cybersecurity professionals who can support your organisation in achieving data security and privacy objectives.
Boost network security skills.
Empower your team with knowledge to protect the integrity, confidentiality, and accessibility of your computer network and data. Courses like EC-Council's Certified Network Defender and Network Defense Essentials and Cisco's Implementing Secure Solutions with Virtual Private Networks (SVPN) can come in handy.
Data is a valuable asset.
While modern Data Loss Prevention (DLP) tools exist, having people with the skills to use them is necessary. Cybersecurity certification training, such as ISACA's Certified Data Privacy Solutions Engineer (CDPSE®) and Certified in Risk and Information Systems Control (CRISC®), can support your staff.
Lumify Work offers cybersecurity training for all levels of your organisation. As part of Lumify Group, our team has been awarded for its commitment to boosting the next generation of cyber talent. Download our cybersecurity brochure to learn about our wider offerings.
