Pineda Cybersecurity, a local cybersecurity firm I founded back in 2017, conducted a study to determine the organizations’ cybersecurity awareness and compliance level. It was part of a business plan requirement in determining whether there is a need for cybersecurity programs in Philippine organizations.

In the survey conducted on April 28-May 11, 2022, we wanted to know if they know the cybersecurity problems in their organizations and if the management is doing something to address these issues.

Cybersecurity Problems and Solutions Needed

84.7% (111 out of 131) of the respondents were from large organizations[1]. When asked what the cybersecurity problems are their organization is encountering, the majority of the respondents identified:

• Unauthorized Access (55.7%)
• Virus (52.6%)
• Data Breach (47.3%)

When asked which cybersecurity services their organization needs, an overwhelming majority of the respondents said that their organizations need the following cybersecurity services:

• Data Privacy (83.2%)
• Security Awareness (72.5%)

Cybersecurity and Privacy in the Organization

Zooming in to the organization, we wanted to find out if there is: 1) A Data Protection Officer (DPO) officially assigned to handle data privacy issues; and 2) a Dedicated Cybersecurity Team. The following results came out:

• 72% of the respondents say that their organization has a dedicated cybersecurity team that addresses their cybersecurity issues.
• 82.8% of the respondents say they have their official Data Protection Officer (DPO).

Observations and Areas of Improvement

Observation: Based on the survey results, employees are aware of their organizations’ cybersecurity issues. On a high level, they also know what solutions can help resolve these issues.

Area of Improvement: Organizations need to include cybersecurity in their company-wide programs. Even if a lot of respondents know what their organization’s cybersecurity pain points are, there are a lot of respondents too who didn’t respond to this question. It may indicate that cybersecurity is not part of the organization’s priority or critical areas.

Observation: External entities like the government, such as National Privacy Commission (NPC), was able to bring the message of data privacy across organizations. The respondents know that their organizations have to comply consistently.

Area of Improvement: Organizations must invest in compliance with security and data privacy. It is not an easy task, and it is not something that can be randomly assigned. Some organizations don’t have a dedicated cybersecurity team and an official Data Protection Officer. As an initial step, they should allocate a budget and resource for these roles so that important cybersecurity issues can be addressed. The roles don’t have to be 100% in-house and can be hybrid or outsourced. The bottom line is that there has to be a resource that can handle these cybersecurity issues.

Disclaimer: The data contained in this article is part of the Author’s marketing study in his Master in Entrepreneurship (ME) business plan.

[1] On the other hand, large enterprises are defined as businesses with more than 200 employees or asset size of more than P100 million. (https://www.bworldonline.com/infographics/2018/07/08/171092/small-businesses-in-the-philippines-continue-to-grow/)