%202%20(1).png)
The Philippines
The Philippines has made significant progress in advancing policy frameworks, such as the National Cybersecurity Plan 2022, to tackle cyber threats. However, enforcement and implementation are far from solid. Major factors, such as insufficient funding, slow interagency cooperation and the inadequacy of the cybersecurity workforce, stifle the government’s ability to deliver its on-paper commitments. The lack of a capable cybersecurity workforce also hamstrings the Philippines’ ability to conduct effective digital forensics or attribute cyber-enabled operations to known actors, such as China and North Korea.
A view of the Metro Manila skyline at night, mainly the cities of Makati, Taguig, Mandaluyong, San Juan, and Manila - 2024 CC 1.0 YZJay
Key Facts
.svg)
R&D Investments
Patent Applications
Cybersecurity Agency
The Philippines' efforts to develop its knowledge economy through legislation like the Philippine Innovation Act and initiatives to support start-ups and SMEs place it at modest risk of cyber-enabled IP theft. Its ongoing process of digital transformation creates some vulnerabilities that could be exploited by cyber threat actors.
The Philippines has been promoting the development of a knowledge economy. In 2018, the congress passed the Philippine Innovation Act, which seeks to enhance the country’s competitive edge and digital transformation efforts. The Philippine Development Plan 2017–2022 aimed to further upgrade the country to upper-middle-income status with a GDP growth rate of 7%–9%. The plan aligns with the long-term vision of AmBisyon Natin 2040, focusing on achieving inclusive growth and a resilient society. To strengthen the country’s science, technology, and innovation capabilities, an update to the plan was produced in 2021, including a new chapter on the knowledge economy. While those legislative initiatives promise growth and development, the lack of investment in science, technology, and innovation hampers industry–academia collaboration and regional innovation efforts. Nonetheless, joint partnerships in fintech and cybersecurity have emerged, driving innovation in digital payments.
The Philippines' strategic location and complex relationships with major powers, particularly China's increasing investments in critical sectors like telecommunications, expose it to heightened risks of economic cyber-espionage. Additionally, the country's expanding digital economy and deepening economic ties with certain advanced economies, especially in high-tech sectors like semiconductors and information security systems, make it an attractive target for state-sponsored cyber actors seeking valuable intellectual property and economic information.
As the country expands its investment and trade strategy in digital technologies, the Department of Trade and Industry’s Strategic Trade Management Office is revisiting cybersecurity guidelines to address rising cyber threats. The Philippines engages with OECD member states through bilateral and regional approaches, including through ASEAN. Recently, ASEAN and the OECD signed a memorandum of understanding to strengthen mutual engagement in various areas, including Covid-19 responses, digitalisation, agriculture and sustainability. At the bilateral level, the Philippines has signed agreements with the US, Australia and Japan for science and technology cooperation.
The Philippines continues to be a major target of state-sponsored cyberattacks, making it highly susceptible to cyber-enabled IP theft as well. Although the country has made significant progress in tackling cybersecurity threats through the National Cybersecurity Plan 2022, enforcement and implementation are far from solid. Major inhibiting factors include insufficient funding, slow interagency cooperation and the lack of a capable cybersecurity workforce. Due to those shortcomings, the Philippines remains incapable of implementing its whole-of-society approach to cybersecurity. Lapses in cybersecurity can also undermine the country’s ability to attract ICT investments, especially into IP-intensive industries. Essentially, the Philippines’ lagging cybersecurity measures combined with frail safeguards on foreign investment screening create gaping vulnerabilities that malicious actors can exploit to acquire strategic assets, such as IP.
The DICT is working to address shortcomings and enhance the country’s overall cybersecurity posture. More funds have been made available, the national security operations centre has been upgraded, and cybersecurity simulations and drills are conducted. Data privacy and protection are overseen by the National Privacy Commission, which is working on a voluntary certification scheme for compliance with international standards. The Philippines also participates in international cyberdiplomacy, engaging in regional and international forums to promote international law in cyberspace and responsible state behaviour. To address the transnational nature of cybercrime, the Philippines affirms the importance of international cooperation against cybercrime to protect critical national infrastructure and national security.
However, the Philippines’ ability to counter the risk of economic cyber-espionage is undermined by problems associated with governance. Corruption in the Philippines has metastasised. It’s largely driven by patronage and state capture or cronyism and systemic bureaucratic corruption. The growing number of cases of corruption in the country can be exploited by nefarious foreign actors who have vested interests in the country’s critical resources and infrastructure. It’s been alleged that Chinese firms have increasingly used ‘handmaidens’ to facilitate their control of companies in extractive industries (specifically, the ownership of mining assets vital to Beijing’s search for new resource frontiers). Similar schemes could be applied and leveraged to facilitate IP theft, potentially allowing Chinese or other foreign firms to siphon off important IP due to the country’s weak or disjointed investment screening strategy, especially in the field of ICTs.
Reported cases of economic cyber-espionage
Name of Incident
