PHL organizations lack mature cyber risk management — report

PHILIPPINE organizations are among the least mature in the region in implementing third-party cyber risk management (TPRM) despite their increasing vulnerability to cyberattacks, according to US-based cyber defense company BlueVoyant.

According to a survey presented in its State of Supply Chain Defense Report, BlueVoyant said only 23% of organizations in the Philippines have an established or optimized TPRM, the lowest globally.

This compares to 32% of Asia-Pacific organizations that have an established TPRM system.

The survey also showed that 64% of Philippine organizations rarely or sometimes used dedicated third-party risk management platforms.

Meanwhile, 100% of Philippine organizations surveyed said they were negatively impacted by a supply chain–related cyber breach in 2025, with 40% experiencing at least two breaches via third parties last year.

“As vendor ecosystems expand and operational dependencies deepen, the findings underscore the urgent need for organizations to enhance program maturity to manage critical supply chain risks,” BlueVoyant said.

Key barriers that Philippine organizations experience include the internal resistance to change (25%) and cross-stakeholder collaboration (25%).

It added that 18% struggle to get suppliers to complete risk questionnaires and 16% face challenges in collecting accurate insights.

Despite this, about 63% of Philippine organizations said they work with third-party firms to fix cybersecurity issues, with 23% of them collaborating directly with vendors throughout the process.

The report also noted that 98% of organizations in the Philippines increased their TPRM spending in the last 12 months, with investments focused on remediation (38%), reporting (37%) and monitoring of third parties (34%).

They are also tapping artificial intelligence to help in monitoring cyber threats, with 53% planning to use it for managing risk questionnaires.

Also, 97% of organizations expect their third-party networks to grow, with 41% anticipating a growth of 6% to 10%.

Across the Asia-Pacific region, organizations cited integration with enterprise risk and governance, risk and compliance tools as their top operational challenges.

“This could suggest that they’re investing in tools before building a strong foundation,” BlueVoyant said.

William Oh, head of Asia-Pacific at BlueVoyant, said Philippine organizations need to strengthen their foundations and executive alignment to address persistent threats within the third-party ecosystem.

“As the Philippines increasingly recognize cybersecurity central to the economy’s digitalization, third-party cyber risk management is emerging as a crucial aspect in organizational resilience,” he said in a statement.

BlueVoyant commissioned independent research organization Opinion Matters to conduct its sixth annual survey for the report.

It surveyed 100 C-suite leaders in the Philippines that have expertise on cybersecurity, supply-chain oversight, or enterprise risk across organizations with over 1,000 employees from Sept. 16 to 25.

The survey has a total of 1,800 respondents from countries across the Asia-Pacific, North America, Europe, and Australia. — Beatriz Marie D. Cruz