Philippine companies rely heavily on technology to fight cyber threats, according to the latest International Business Report of Grant Thornton.
The study shows that about 42 percent of medium-scale businesses in the Philippines placed their ultimate trust on software in managing digital risks such as cybersecurity and data privacy, which is higher by nearly half than the ASEAN average of 28 percent or global average of 32 percent.
The report said that in managing digital risks, the over-reliance on software and related technology is one weakness that business organizations need to assess first.
Global organizations have spent billions of dollars on technology that promises to keep cyber threats at bay, with the US spending $170 billion for software that thwart off cyber attacks and cyber piracy.
A valid observation of the IBR was the fact that business leaders acknowledge this over-dependence on technology, but companies are called on to improve their employees’ awareness and specialist skills in cybersecurity.
“It is essential that businesses understand that investing in technology alone is not the only answer to reducing digital risk, and it will not protect them from losing customer trust should the worst happen. A key starting point for companies is understanding the type of business they are in, and the value they deliver to the customer,” said P&A Grant Thornton chairperson and CEO Ma. Victoria Españo.
P&A is Grant Thornton’s partner in the Philippines.
Españo said that investments for cybersecurity will not entail huge amount of investments as companies will be able to taper technology spending as they build on their business acumen, processes, and in-house skills.
Internal governance, processes and people are the other crucial ingredients to mitigating a potential breach. Non-tech measures are also important to protecting company information and processes.
IBR found out that 63 percent of Filipino mid-sized businesses employ mechanisms to review all digital risks, including cyber, data privacy and disruption to operations compared to 66 percent in the ASEAN and 67 percent of global.
It also highlighted an important fact that while companies might be investing in sophisticated cybersecurity technology, the digital infrastructure could not prevent the human error that’s behind many cyber breaches.
Managers can address this by increasing awareness of cybersecurity issues across the business.
IBR noted that business organizations have been running cybersecurity webinars and mandatory training programs for years, yet human error continues to open them up to cyberattacks, a situation that warrants the introduction of a new form of education.
Advisory services head at P&A Grant Thornton Emiliano Librea III said that shorter training formats would help since one has time to watch hour-long training videos.
According to the IBR, businesses need to understand where they are vulnerable to cyberattacks and data protection breaches before investing in preventive software. This requires specialized skills that most cybersecurity functions do not have.
Many businesses have invested heavily in advanced analytical cybersecurity technologies that help identify new threats and vulnerabilities.
But these are only as good as the workforce that can interpret the results and implement corresponding changes.
“Lots of people look to technology as a magic bullet, but it isn’t. Many companies spend on a lot of money on AI-driven, behavioral analytics cybersecurity software, which can be really useful in some circumstances. However, you normally need to spend an awful lot of human time training it to ensure it delivers useful insights. Then, you need a human at the end of that chain who can look at the output and make or approve changes,” Españo said.
COMMENT DISCLAIMER: Reader comments posted on this Web site are not in any way endorsed by The Standard. Comments are views by thestandard.ph readers who exercise their right to free expression and they do not necessarily represent or reflect the position or viewpoint of thestandard.ph. While reserving this publication’s right to delete comments that are deemed offensive, indecent or inconsistent with The Standard editorial standards, The Standard may not be held liable for any false information posted by readers in this comments section.