The Philippines' National Cyber Security Plan
March 11, 2025
Cybersecurity has become a rapidly growing concern worldwide, and the Philippines is no exception. The Philippines experienced the highest number of cyberattacks in Southeast Asia in 2023, with 29% of organizations reporting a significant increase in security incidents.
Cybersecurity: A Growing Concern in the Philippines
A separate study by Kroll, a risk and financial advisory solutions provider, found that 75% of businesses in the Philippines have suffered a cyberattack—higher than the 59% average in the Asia-Pacific region.
To address these challenges, the Philippine government introduced the National Cybersecurity Plan (NCSP) 2023-2028, a comprehensive strategy aimed at bolstering the country’s cyber resilience. This blog explores the NCSP’s impact on the economy, the roles of the public, private, and academic sectors in its implementation, and the importance of training in building a skilled cybersecurity workforce.
What is the Philippines’ National Cybersecurity Plan 2023-2028? The NCSP is a multi-faceted initiative designed to address the Philippines’ cybersecurity challenges through collaboration between the private sector, government, and international partners. It provides a strategic framework for cybersecurity professionals, including Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), security managers, and analysts, to enhance their organizations’ security posture.
For Learning and Development (L&D) professionals, the NCSP emphasizes the need to upskill the current workforce and align with the latest skills frameworks in the country’s ICT industry. The plan aims to secure the Philippines’ cyberspace and foster a culture of cybersecurity resilience and awareness.
Key Outcomes of the NCSP roactive Security and Protection in Cyberspace:
Enhance the security of the Government Network (GovNet) to protect national and local government agencies connected through the National Fiber Backbone.
Strengthen the National Computer Emergency Response Team (NCERT) and establish a National Security Operations Center.
Enhanced Cybersecurity Workforce Capabilities:
Provide cybersecurity scholarships for higher education.
Partner with international training organizations to offer relevant certifications and courses.
Re-establish the ICT Academy to develop a skilled workforce.
Improved Cybersecurity Policy Framework:
Optimize the National Cybersecurity Inter-Agency Committee (NCIAC) to coordinate security policies across government agencies.
Promote an executive order for the protection of Critical Information Infrastructure (CII) and advocate for new legislative measures.
Six Pillars of the NCSP Enactment of the Cybersecurity Act:
Strengthen the legal and policy framework to establish clear laws and regulations against online threats.
Secure and Protect Critical Information Infrastructure (CII):
Safeguard essential systems like power grids, financial services, and transportation through vulnerability assessments, incident response plans, and cybersecurity certifications.
Proactive Defense in Cyberspace:
Focus on identifying and preventing cyber threats before they cause damage, including the establishment of a National Cybersecurity Operations Center.
Strengthening the Cybersecurity Workforce:
Develop a skilled workforce through training, scholarships, and partnerships with cybersecurity centers of excellence.
Public Cybersecurity Awareness and Education:
Launch awareness campaigns like National Cybersecurity Month and educational programs to promote best practices.
Collaboration and Coordination:
Foster collaboration between government agencies, the private sector, and international partners to combat large-scale threats.
Shifting the Cybersecurity Paradigm Through Economics Traditional cybersecurity efforts have focused on technical solutions like antivirus software and firewalls, as well as strict regulations. However, these measures are no longer sufficient.
The NCSP adopts a new perspective by incorporating economic and behavioral dimensions into its strategies. This approach recognizes the influence of community practices, culture, and traditions in shaping human behavior to improve cybersecurity resilience.
International bodies like the Organisation for Economic Co-operation and Development (OECD) also emphasize the economic and social dimensions of cybersecurity in their policy recommendations.
How Cybersecurity Resilience Drives Economic Growth A resilient cybersecurity framework ensures the continuous operation of essential services like banking, eCommerce, utilities, and telecommunications, maintaining public confidence and economic stability. It also protects sensitive data, reduces costly disruptions, and reassures investors, making the Philippines a more attractive destination for domestic and foreign investments.
Additionally, as businesses invest in better cybersecurity measures, the demand for skilled professionals increases, creating job opportunities and contributing to economic growth.
The Current State of Cybersecurity in the Philippines While many Filipinos commonly experience text scams or cyberbullying, the threat landscape is far more severe. From 2020 to February 2023, the National Computer Emergency Response Team (NCERT) monitored 57,400 threats and oversaw 3,470 incidents, with nearly half involving malware and the rest comprising data leaks and compromised websites.
These threats primarily targeted government agencies, emergency response systems, and critical infrastructure, causing operational disruptions. Sectors like academia, telecommunications, finance, and the military were also heavily targeted.
Globally, cyberattacks cost an estimated USD 6 trillion annually (PHP 343 trillion), yet many businesses remain slow to invest in cybersecurity. This reluctance is often due to misaligned incentives, knowledge gaps, and a lack of understanding of cybersecurity jargon among executives and board members.
How Organizations Can Adapt to the NCSP 2023-2028 To achieve cyber resilience, organizations must improve their ability to identify, respond to, and recover from security incidents. By doing so, they can avoid downtime, protect their reputation, comply with regulations, and save significant financial resources.
Here are actionable steps businesses can take:
Proactive Protection and Security:
Regularly assess and prioritize cyber risks.
Implement cybersecurity awareness training for employees.
Use strong authentication systems like multi-factor authentication.
Regularly update systems to fix vulnerabilities.
Enhance Cyberspace Intelligence Capabilities:
Monitor threat actor activities on the surface and dark web.
Use tools like User Entity and Behavior Analytics (UEBA) for threat detection.
Incident Response and Recovery:
Develop and regularly update incident response plans.
Focus on resilience planning to ensure uninterrupted operations during incidents.
Policy and Framework:
Collaborate with the public sector to build a robust cybersecurity ecosystem.
Align security policies with national standards and best practices.
Cybersecurity Workforce Development:
Establish training programs and provide scholarships to develop skilled professionals.
Partner with institutions like the ICT Academy and Cybersecurity Centers of Excellence.
Conclusion The National Cybersecurity Plan 2023-2028 represents a significant step forward in the Philippines’ efforts to combat cyber threats and build a resilient digital economy. By adopting the NCSP’s strategies, organizations can strengthen their cybersecurity posture, protect critical infrastructure, and contribute to the nation’s economic growth.
Investing in cybersecurity is no longer optional—it’s a necessity for safeguarding the future of businesses and the country as a whole.
