The Philippines could jeopardize the US portion of its business processing outsourcing (BPO) market—amounting to 75% percent of the $23-billion sector—if the gaps in the country’s cybersecurity capacity remain unaddressed, a report by the United States Agency for International Development (USAID) has shown.
The report, developed by IBM for USAID’s Better Access and Connectivity (BEACON), finds that in 2021, the Philippines had the highest numbers of users attacked by banking Trojans—a type of malicious software—in the Asia-Pacific, and was the fourth most targeted country by cybercriminals overall.
The report recommended that the Philippines invest in its cybersecurity capacity and address its shortage of cybersecurity professionals to weather increasing and relentless cyber-attacks and information security breaches.
“The nations that do not respond well to the wave of cyber-crime will at best stagnate their BPO markets, and will at worst, lose their BPO market share to other nations that prioritize cybersecurity,” it said.
Cyber sector issues
The study found there is a global shortage of cybersecurity professionals, the situation is even “more acute in developing countries where technical talent gaps are the largest.”
In the Philippines, while the majority of the cyber workforce is well-educated and hold a STEM degree, their salary is woeful compared to their US counterparts, even adjusting for the cost-of-living difference between the two nations.
"[T]his enormous difference may help to explain the movement of cyber workforce members from the Philippines to the US markets," the report said.
Another problem for the Philippines is that "cybersecurity job roles and responsibilities are not defined clearly at a national level," with the DICT noting that the country's cybersecurity sector is still in its "infancy."
"Though the Civil Service Commission is the national government agency that sets job descriptions, there are none for cybersecurity, and ICT job descriptions currently available are, at best, archaic," the report said.
If the Philippines does not address these issues, the study concludes, it will "fail to substantially increase the size of its cyber workforce in the nation’s business market; continue to have great difficulty recruiting and retaining cyber talent within the national government departments/agencies; and be unable to take advantage of a burgeoning world demand for cyber expertise (i.e., via the Philippines’ BPO market)."
To address the gaps, the USAID study presented solutions divided into two tracks: incremental solutions and jumpstart/adaptive solutions.
Track 1: Incremental solutions. These are "natural evolutions" or the “extensions” of existing cybersecurity activities and are considered to be “low-risk.”
Track 2: Jumpstart/adaptive solutions. These are more radical and designed to “prime the pump for a more robust Philippine cybersecurity ecosystem.”
Recommendations under this track include:
The report stressed that if only Track 1 or the "incremental solutions" are implemented, without the "jumpstart" to the industry offered by the second group of recommendations, 75 percent of the Philippines' BPO sector, representing the US portion, "may soon be jeopardized."
If cyber staff shortages are allowed to continue, it added, real negative consequences will result.
In June, the BPO industry reported it surpassed its revenue target of $29.1 billion and 1.43 million full-time employees for 2022. — BM, GMA Integrated News