Growing concerns over continued government data breaches are intensifying calls for the Philippines to accelerate long-delayed cybersecurity reforms, even as the Bangko Sentral ng Pilipinas (BSP) moves to fortify the financial sector against increasingly sophisticated cyber threats.
As reported in Manila Bulletin, a cybersecurity expert from the Philippine Institute of Cyber Security Professionals (PICSPro) has warned that the country’s current approach remains dangerously inadequate following reported intrusions affecting key government agencies, including the Department of Science and Technology (DOST) and the Department of the Interior and Local Government (DILG).
These incidents, they said, underscore systemic weaknesses rather than isolated technical failures.
“The government must move away from reactive, fragmented, and ceremonial approaches to cybersecurity,” said Angel Redoble, chairman of PICSPro. “What we are seeing today is the result of years of underinvestment, lack of coordination, and misplaced priorities.”
Redoble said a breach of the scale reported at the DOST should have triggered an immediate, coordinated, government-wide security audit, noting that no such comprehensive response materialized. The subsequent reports of compromised systems in other agencies, he added, further highlight the country’s vulnerability.
“Cybersecurity is national security, economic security, and public safety. We cannot treat it as a PR exercise,” Redoble said.
A push for a coordinated national cybersecurity framework
PICSPro is urging the adoption of a multi-pillar cybersecurity framework that includes globally aligned laws, standardized security protocols, a coordinated national incident-response system, and sustained investments in skills development.
Without these foundations, Redoble warned, the Philippines will remain exposed to both domestic and cross-border cyber threats.
He emphasized that cybersecurity challenges now extend beyond technology, requiring a whole-of-nation approach anchored on policy coherence, reliable infrastructure, and a highly trained workforce, alongside stronger international cooperation.
“Our goal is to help the Philippines build a truly resilient cybersecurity ecosystem— one that protects our institutions, our economy, and our people,” Redoble said. “We need coordinated reforms, not a patchwork of projects.”
BSP steps up defenses in the financial sector
Against this backdrop, the BSP has taken a more proactive stance within the financial system, launching the Financial Services Cyber Resilience Plan (FSCRP) as a comprehensive roadmap to strengthen banks and other supervised institutions against cyber risks.
Unveiled in 2024, the FSCRP outlines high-level goals and phased strategies to safeguard the integrity and stability of the country’s financial ecosystem from 2024 to 2029. The plan aligns with the government’s broader National Cybersecurity Plan 2028, led by the Department of Information and Communications Technology (DICT).
BSP Governor Eli M. Remolona Jr. said cybersecurity has become a critical pillar of trust as financial services undergo rapid digital transformation.
“The 2024–2029 Financial Services Cyber Resilience Plan is a key pillar in the industry’s cybersecurity journey,” Remolona said. “I urge all stakeholders to embrace this plan as a commitment to building trust, reliability, and security in financial services for every Filipino.”
The launch, themed “Fortifying the Cyber-Frontier for BSP-Supervised Financial Institutions,” gathered more than 200 executives from various banks, industry groups, and government agencies, including representatives from the DICT, the Bankers Association of the Philippines (BAP), and lawmakers who authored recent cybersecurity-related legislation.
Law, collaboration, and information sharing
A key enabler of the FSCRP is the Anti-Financial Scamming Act (AFASA), signed into law in July 2024. The measure strengthens information sharing across the financial community and targets cyber-enabled crimes such as social engineering scams and the use of money mules.
Another core component is the BAP Cybersecurity Incident Database (BAPCID), an industry-led platform that allows banks to share threat intelligence, raise situational awareness, and improve collective response to cyber incidents.
The BSP said the phased rollout of the FSCRP will allow financial institutions to adapt to the rapidly evolving threat landscape while continuously strengthening controls, governance, and coordination.
Bridging gaps beyond banking
While the FSCRP is seen as a significant step forward for the financial sector, experts caution that broader national reforms remain urgent. Recent government breaches illustrate how weaknesses outside the banking system can still undermine public trust and national security.
“The BSP’s efforts show what is possible when there is clear leadership and coordination,” Redoble said. “The challenge now is extending that same level of urgency and discipline across the entire public sector.”
As cyber threats grow more complex and transnational, both policymakers and industry leaders agree that resilience will depend not only on technology, but on sustained coordination, accountability, and investment across the public and private sectors.