The Block Box

By Donald Patrick Lim

STOCK PHOTO | Image by DC Studio from Freepik

In today’s hyperconnected world, cybersecurity is no longer a technical concern relegated to IT departments — it is a national, economic, and business imperative.

As organizations across the Philippines race toward digitalization, adopting cloud solutions, AI-powered tools, e-commerce platforms, and blockchain systems, the risks associated with cyber threats grow exponentially. Last week, in response to these rapidly escalating challenges, we launched the Cybersecurity Council of the Philippines — an unprecedented, multi-sectoral initiative that brings together leaders from government, business, and academia to chart a national direction on cybersecurity.

The Philippines has embraced digital transformation at a remarkable pace. Businesses are moving online, banks are transitioning to digital-first services, public agencies are automating processes, and citizens are increasingly reliant on smartphones for everything — from work to shopping, banking, and accessing government services. But with that shift comes vulnerability. Every new app, every online transaction, every digital record is a potential point of attack for cybercriminals.

Just last year, the Philippines ranked among the top 10 countries in the world in terms of users attacked by malware, phishing attempts, and ransomware. Major Philippine institutions — from government agencies to hospitals and universities — have experienced cyberattacks that resulted in data leaks, service disruptions, and massive reputational damage. In an age where data is the new currency, these attacks are not just IT issues — they are direct threats to the safety, trust, and stability of our society.

The cost of cybercrime is staggering. According to a report by Cybersecurity Ventures, global cybercrime costs are expected to reach $10.5 trillion annually by 2025. In the Philippines, cybercrime has already inflicted losses amounting to tens of billions of pesos per year. Small businesses, which make up 99% of our economy, are particularly vulnerable. Most do not have in-house cybersecurity teams or even basic protocols to defend themselves from increasingly sophisticated threats. A single ransomware attack or data breach can cripple an SME, erode consumer trust, and lead to regulatory penalties.

But the threat is not limited to the private sector. Government systems — many of which store sensitive personal, financial, and national security data — are frequent targets. In the past few years alone, cyberattacks have paralyzed websites, exposed personal data, and even disrupted law enforcement systems. As we move towards e-governance and digital ID systems, cybersecurity must become a national priority.

This is why the creation of the Cybersecurity Council of the Philippines is so timely and urgent. It was formed this year, and formalized and inducted by Department of Information and Communications Technology (DICT) Secretary Henry Aguda last Friday. The 15-man board of directors and the 63 people were sworn in and form the new Council. It is not just a symbolic effort — it is a strategic response to a clear and present danger. It is composed of senior leaders from government agencies, large corporations, ICT associations, financial institutions, the academe, and civil society. Our goal is to create a unified, agile, and forward-looking response to cybersecurity threats by building awareness, advocating policies, upskilling talent, and driving collaboration across sectors.

One of the Council’s primary mandates is to build cybersecurity awareness among leaders — especially in the C-suite and boards of companies. In many Filipino organizations, cybersecurity is still viewed as a backend IT function rather than a strategic concern. This mindset must change. Cybersecurity is governance. Cybersecurity is risk management. It must be owned and championed by leadership. The Council is working to create executive education and briefings that will equip decision-makers with the knowledge they need to build resilient organizations.

Second, we are focused on building national capacity. There is a global shortage of cybersecurity professionals, and the Philippines is not spared. We need thousands of cybersecurity analysts, ethical hackers, risk assessors, forensic investigators, and data privacy officers to support both the public and private sectors. The Council is working with academic institutions to develop curriculums, certifications, and career pathways that will produce a new generation of cybersecurity professionals. This is also an opportunity for the country to create new high-value jobs that are globally relevant and in demand.

Third, we are pushing for better coordination and information-sharing between the government and industry. Cyberattacks move fast, often across borders and systems. Our response must be equally agile. The Council is advocating for a national threat-sharing platform where companies and agencies can share threat intelligence in real-time — an early warning system that allows others to prepare for and block similar attacks. We’re also exploring public-private simulations and drills to stress-test our readiness and response capabilities.

Fourth, the Council is committed to supporting legislation and regulatory policies that strengthen cybersecurity. We need updated data protection laws, stronger mandates for critical infrastructure providers, and incentives for organizations to invest in cybersecurity systems. We need a legal and policy environment that is responsive to emerging threats such as AI-powered cyberattacks, deepfakes, social engineering, and attacks on smart infrastructure.

Cybersecurity is also about trust. In a digital economy, consumer trust is the most valuable asset a company or government can have. If people don’t trust that their data is safe, they won’t transact online. They won’t open digital wallets. They won’t vote online. They won’t engage with digital services. By securing our systems, we protect that trust — and that is essential for economic growth, innovation, and democratic participation.

This is not a challenge we can face alone. It requires a whole-of-nation approach. That’s why the Council was deliberately built as a collaborative body, not a regulatory one. Its power lies in convening, connecting, and catalyzing action. We are calling on more institutions to join us — banks, telcos, hospitals, utilities, retailers, schools. If you’re online, you’re a stakeholder in cybersecurity. The stronger our collective defense, the safer our digital future.

As we look ahead, the Cybersecurity Council will also focus on empowering Filipino citizens to protect themselves. Cyber hygiene starts with each of us — knowing how to spot phishing attempts, protecting our passwords, securing our devices, and being responsible digital citizens. We must make cybersecurity part of our national consciousness, much like how we teach disaster preparedness or public health.

We are living in a time of extraordinary digital progress — but also extraordinary risk. The stakes are high. But so are the rewards if we get it right. With the launch of the Cybersecurity Council of the Philippines, we take the first coordinated step toward a future where Filipinos can live, work, transact, and innovate online with confidence and security.

Cybersecurity is not just a technical issue — it is a matter of national resilience, business continuity, and public trust. It is time we give it the attention, investment, and collaboration it deserves. The Council is here to lead that charge. But the success of this mission depends on all of us. Let us secure our digital nation — together.

 

Dr. Donald Patrick Lim is the founding president of the Global AI Council Philippines and the Blockchain Council of the Philippines, and the founding chair of the Cybersecurity Council, whose mission is to advocate the right use of emerging technologies to propel business organizations forward. He is currently the president and COO of DITO CME Holdings Corp.

RELATED ARTICLESMORE FROM AUTHOR