U.S. firms must advocate their specific value add on solutions to cybersecurity in the Philippines.
Having a robust social media savvy population with few data protection mechanisms makes the Philippines extremely vulnerable to cyber-attacks and incidents. In 2019, one study placed the Philippines as the 5th country most likely to be attacked, following Algeria, Nepal, Albania, and Djibouti. In 2016, the Philippine suffered its most significant data leak after the hacking of the 70 million votes data registered with the Commission on Elections.
In 2017, the Philippine Department of Information, Communications, and Technology launched the National Cybersecurity Plan 2022 to increase the security and resilience of critical data infrastructure that could avoid possible economic losses of $3.5 billion due to cybersecurity threats according to the 2019 study of Microsoft. The Government is also struggling to catch up with the Data Privacy Act of 2012, setting data protection standards, and urged for all entities to hire a Data Privacy Officer.
U.S. firms face several challenges in this sector. The biggest challenge is a lack of understanding of the cybersecurity of the Philippine stakeholders. Many agencies and even private firms have several sources of data, with not all of them being digital. This would require standardizing data streams, establishing a platform, and secure data storage facilities. Most agencies and firms do not yet recognize the many steps needed to get to the point of having a cybersecurity system, and considerable time may need to be invested in guiding potential consumers to the right purchase.
As U.S. solutions are generally more expensive than other competing nations, U.S. firms would also need to advocate their specific value add to the Philippine end user. The Philippine Department of Information, Communications, and Technology (DICT) launched the National Cybersecurity Plan 2022 in 2017. The plan aims to increase the security and resilience of critical data infrastructure. The first component, valued at $10 million, has created a National Computer Emergency Team (NCERT), and a Security Operations Center (SOC). The SOC serves as the government think tank to study and address online threat development and risk management issues. The second component, valued at $40 million, is the rollout of cybersecurity infrastructure from hardware to software, including capacity building training for all the national and local government agencies.
The rollout and allocated budget indicate opportunities for U.S. software and hardware solutions providers. The Government and major private sector players will be making purchases to protect their data. U.S. firms interested in Government tenders should register for the Philippine Government Electronic Procurement Systems (PHILGEPS) to see tender notices and bid. Most tenders will require a local partner. For private sector opportunities, U.S. firms would need to go through processes dictated by private firms. The U.S. Government has been conducting capacity-building programs to help Philippine stakeholders understand the importance of cybersecurity and guide them towards best practice solutions. An interagency group leads programming through the Digital Connectivity, and Cybersecurity Partnership (DCCP). The U.S. Trade and Development Agency has also hosted a group of Philippine government officials on a reverse mission to study cybersecurity in the United States.
For more information, please contact Commercial Specialist John Giray at John.Giray@trade.gov.