More Than 84% of Philippines Organisations were Negatively Impacted by a Cyber Security Breach Within Their Supply Chain in the Past Year

Manilla, 27 January  2025 – Today BlueVoyant, an industry-leading cyber defence company, released research findings from its fifth annual global survey into supply chain cyber risk management. The Philippines results show that reducing supply chain cyber risk is a major problem with more than 84% of organisations reporting an average of 3.13 breaches impacting operations in 2024.  

The results reveal critical gaps in third-party cyber security risk management among Philippine organisations with almost a third (32%) of respondents reported having no way to detect cyber security incidents within their supply chains, surpassing the global average of 30% and highlighting significant visibility challenges. Furthermore, 65% acknowledged that third-party cyber security risk management is either not a priority or only somewhat of a priority underscoring the need for stronger monitoring, prioritisation, and risk mitigation strategies.  

“These findings highlight that Philippines businesses continue to tackle the critical challenge of mitigating supply chain and third-party cyber risks,” said William Oh, interim head of Asia-Pacific at BlueVoyant. “Despite the rising frequency of breaches, awareness and prioritisation of these issues remain alarmingly low compared to global counterparts. The importance of managing risk across the supply chain cannot be understated, especially as the Philippines remains a prevalent target for cyber attacks like phishing, scam calls, and data breaches.”   

Other Key Findings from Philippines Organisations:  

• Monitoring frequency varies, with annual checks being the most common (33%, higher than the global rate (17%), yet monthly monitoring drops down to (13%) and significantly lower compared to regional peer Singapore 27%, and 17% globally). 
• Exchanges and marketplaces are the most common reported solution for managing third-party cyber risk in the Philippines, adopted by 36% of organisations, slightly ahead of network scanning and penetration tests for third parties (34%). Philippines respondents are also more inclined to outsource remediation which includes working with vendors on mitigation plans and ensuring mitigation takes place (42%). 
• There are areas for improvement for Philippines organisations, 32% report they have no way of knowing if a cyber breach occurs and are less likely to report using autonomous transparency tools. Fifty-five percent of Philippines respondents reported no autonomous transparency into their supply chain compared to 39% globally. 
• Concern over recent breaches. Almost 45% (43%) of Philippines organisations indicated the news of breaches over the past 12 months (example MOVEit and other large supply chain cyber security breaches) are likely to lead to an increase in budget for additional internal and external resources to help protect against supply chain cyber security issues. 

Disconnect Between Budgets and Impact of a Supply Chain Incident  

The good news is that 90% of The Philippines organisations are reporting budget increases with their third-party cyber security risk management programmes which reflects greater importance on cyber risk compared to 86% globally. 

"While increased budget allocations are encouraging, prioritisation of third-party cyber security risk in Philippines organisations needs further consideration. Organisations must proactively monitor third parties and address critical risks. These budget increases can help drive greater third-party cyber risk maturity, aligning with other regions,” said Oh. 

Joel Molinoff, global head of Supply Chain Defence at BlueVoyant added: “More organisations than any previous year indicated that their primary focus is no longer on awareness of the third-party risk management problem or adoption of a program, but rather with the operational, day-to-day challenges of managing an effective program. While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organisations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues.”  

The study was carried out by an independent market research organisation, Opinion Matters, who surveyed 2,100 -suite leaders responsible for supply chain and cyber risk management across a range of industries (including 290 responses in The Philippines). To gain a global perspective, the research was conducted in 11 countries across North America, Europe and Asia Pacific. 

Learn more about the full report: "The State of Supply Chain Defence: Annual Global Insights Report 2024," including analysis across countries and vertical sectors. 

About BlueVoyant  

BlueVoyant delivers a comprehensive cloud-native security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains, extending to the clear, deep, and dark web. The platform integrates advanced AI technology with expert human insight to offer extensive protection and swift threat mitigation, ensuring enterprise cyber security. Trusted by more than 1,000 clients globally, and the 2024 Microsoft Worldwide Partner of the Year, BlueVoyant sets the standard for modern cyber defence solutions.