84% of Philippine Businesses Impacted by a Supply Chain Breach Last Year

Manila, 27 January 2025 – Today, a leading researcher released findings from its fifth annual global survey on supply chain cyber risk management. The Philippines-specific results reveal over 84% of organizations reporting an average of 3.13 breaches impacting their operations in 2024.

The findings highlight critical gaps in third-party cybersecurity risk management among Philippine organizations. Nearly a third (32%) of respondents admitted they have no way to detect cybersecurity incidents within their supply chains, surpassing the global average of 30% and underscoring significant visibility challenges. Additionally, 65% acknowledged that third-party cybersecurity risk management is either not a priority or only somewhat of a priority, pointing to the urgent need for stronger monitoring, prioritization, and risk mitigation strategies.

“These findings demonstrate that Philippine businesses continue to face significant challenges in mitigating supply chain and third-party cyber risks,” said William Oh, interim head of Asia-Pacific at the research firm.

“Despite the increasing frequency of breaches, awareness and prioritization of these issues remain alarmingly low compared to global counterparts. Managing risk across the supply chain is critical, especially as the Philippines remains a prime target for cyberattacks such as phishing, scam calls, and data breaches.”

Key Findings from Philippine Organizations: Monitoring Frequency Varies:

Annual checks are the most common (33%, higher than the global rate of 17%), while monthly monitoring drops to 13%, significantly lower than regional peer Singapore (27%) and the global average (17%).

Common Solutions for Managing Third-Party Cyber Risk:

Exchanges and marketplaces are the most widely adopted solution (36%), slightly ahead of network scanning and penetration tests for third parties (34%).

Philippine organizations are also more likely to outsource remediation efforts, including working with vendors on mitigation plans and ensuring mitigation takes place (42%).

Areas for Improvement:

32% of organizations have no way of knowing if a cyber breach occurs and are less likely to use autonomous transparency tools.

55% of Philippine respondents reported no autonomous visibility into their supply chain, compared to 39% globally.

Concern Over Recent Breaches:

Nearly half (43%) of Philippine organizations indicated that recent high-profile breaches (e.g., MOVEit and other large supply chain cybersecurity incidents) are likely to lead to increased budgets for additional internal and external resources to address supply chain cybersecurity issues.

Budget Increases Amid Disconnect:

While 90% of Philippine organizations reported budget increases for third-party cybersecurity risk management programs (higher than the global average of 86%), there remains a disconnect between budget allocations and the actual impact of supply chain incidents.

“While increased budget allocations are encouraging, the prioritization of third-party cybersecurity risk in Philippine organizations needs further attention,” said Oh. “Organizations must proactively monitor third parties and address critical risks. These budget increases can help drive greater maturity in third-party cyber risk management, aligning with practices in other regions.”

Joel Molinoff, global head of Supply Chain Defense at the research firm, added: “More organizations than ever before indicated that their primary focus is no longer on raising awareness of third-party risk management or program adoption, but rather on the operational, day-to-day challenges of running an effective program. While this progress brings new challenges, it represents a significant step forward compared to previous years, when many organizations had poor vendor tracking, minimal leadership oversight, and little collaboration in remediating cyber issues.”

The study was conducted by Opinion Matters, an independent market research organization, which surveyed 2,100 C-suite leaders responsible for supply chain and cyber risk management across various industries, including 290 responses from the Philippines. The research spanned 11 countries across North America, Europe, and Asia-Pacific to provide a global perspective.