Over 84% of PH organizations had a supply chain cybersecurity breach in 2024

BlueVoyant, an industry-leading cyber defense company, recently released research findings from its fifth annual global survey into supply chain cyber risk management. Results from the Philippines show that reducing supply chain cyber risk is a major problem, with more than 84% of organizations reporting an average of 3.13 breaches impacting operations this year. 

The results reveal critical gaps in third-party cyber security risk management among Philippine organizations, with almost a third (32%) of respondents reporting having no way to detect cyber security incidents within their supply chains, surpassing the global average of 30% and highlighting significant visibility challenges. Furthermore, 65% acknowledged that third-party cyber security risk management is either not a priority or only somewhat of a priority, underscoring the need for stronger monitoring, prioritization, and risk mitigation strategies.

“These findings highlight that Philippines businesses continue to tackle the critical challenge of mitigating supply chain and third-party cyber risks,” said William Oh, interim head of Asia-Pacific at BlueVoyant. “Despite the rising frequency of breaches, awareness and prioritization of these issues remain alarmingly low compared to global counterparts. The importance of managing risk across the supply chain cannot be understated, especially as the Philippines remains a prevalent target for cyber attacks like phishing, scam calls, and data breaches.”  

Other key findings from Philippines organizations: 

  • Monitoring frequency varies, with annual checks being the most common (33%, higher than the global rate (17%), yet monthly monitoring drops down to (13%) and is significantly lower compared to regional peer Singapore 27% and 17% globally).
  • Exchanges and marketplaces are the most commonly reported solution for managing third-party cyber risk in the Philippines, adopted by 36% of organizations, slightly ahead of network scanning and penetration tests for third parties (34%). Philippines respondents are also more inclined to outsource remediation, including working with vendors on mitigation plans and ensuring mitigation takes place (42%).
  • There are areas for improvement for Philippines organizations, with 32% report they have no way of knowing if a cyber breach occurs and are less likely to report using autonomous transparency tools. Fifty-five percent of Philippine respondents reported no autonomous transparency into their supply chain compared to 39% globally.
  • Concern over recent breaches. Almost 45% (43%) of Philippines organizations indicated the news of breaches over the past 12 months (example MOVEit and other large supply chain cyber security breaches) are likely to lead to an increase in budget for additional internal and external resources to help protect against supply chain cyber security issues.

Disconnect Between Budgets and the Impact of a Supply Chain Incident 

The good news is that 90% of The Philippines organizations are reporting budget increases with their third-party cyber security risk management programmes which reflects greater importance on cyber risk compared to 86% globally.

“While increased budget allocations are encouraging, prioritization of third-party cyber security risk in Philippines organizations needs further consideration. Organizations must proactively monitor third parties and address critical risks. These budget increases can help drive greater third-party cyber risk maturity, aligning with other regions,” said Oh.

Joel Molinoff, global head of Supply Chain Defence at BlueVoyant added: “More organizations than any previous year indicated that their primary focus is no longer on awareness of the third-party risk management problem or adoption of a program, but rather with the operational, day-to-day challenges of managing an effective program. While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organizations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues.” 

The study was carried out by an independent market research organization, Opinion Matters, who surveyed 2,100 -suite leaders responsible for supply chain and cyber risk management across a range of industries (including 290 responses in The Philippines). To gain a global perspective, the research was conducted in 11 countries across North America, Europe and Asia Pacific.

Learn more about the full report: “The State of Supply Chain Defence: Annual Global Insights Report 2024,” including analysis across countries and vertical sectors.