Philippines’ $40Bn IT-BPM sector at risk as cyberattacks threaten trust
TAGUIG, PHILIPPINES — The Philippines’ booming IT-BPM industry, a key driver of its economy, faces mounting cybersecurity threats that could erode its reputation as a global outsourcing hub.
Analysts warn that weak enforcement of cybercrime laws and rising vishing (also known as “voice phishing”) attacks—such as the recent Qantas Airways data breach—put at risk the sector’s projected $40 billion revenue and 1.9 million jobs by 2025.
Cyberattacks threaten Philippines’ IT-BPM leadership
The vishing attack on Qantas Airways’ Manila-based contact center exposed data of 6 million customers, spotlighting vulnerabilities in the country’s call center industry.
Such breaches have raised concerns among analysts that they might deter foreign investors, threatening the sector’s export revenue target, which is in the billions.
Although several laws exist to prevent cybercrimes, including the Cybercrime Prevention Act of 2012, there is still insufficient enforcement of these laws, and thus, companies often fall prey to cybercrime.
Information Technology and Business Process Association of the Philippines (IBPAP) President Jack Madrid emphasizes the use of more robust authentication tools, such as One Trust Link (OTL), and immediate legislative changes, including the Critical Information Infrastructure Protection Act, to protect the industry’s status in the international market.
“OTL is part of the industry’s collective response to fraud prevention, providing companies with a mechanism to identify and screen high-risk individuals more effectively, while safeguarding due process and data privacy,” Madrid said.
Stricter laws and training needed to combat evolving threats
Satnam Narang, a Senior Staff Research Engineer at Tenable, a cybersecurity firm, explains in an email that individuals behind vishing attacks obtain information convincing even well-trained support staff.
“When it comes to catching cybercriminals, we have a cybercrime law. What’s really lacking there is cyber capacity — the influence of enforcement, investigation, and implementation of existing laws,” Madrid stresses, highlighting the need for improved action and administration of the laws against cyber security challenges.
He urges the government to accelerate the development and implementation of the National Cybersecurity Plan 2023-2028 and update outdated laws to ensure smoother prosecutions.
Madrid added, “Given the crucial role of technology and the IT-BPM sector in driving the Philippine economy, IBPAP also urges the government to enact and enforce robust data protection and cybersecurity legislation that can deter threats across industries.”
It is essential to take proactive measures that would keep the Philippines competitive in the global outsourcing market and protect consumers from rising cybercrime issues.
