As the Philippine IT-BPM industry continues to grow—projected to reach 1.9 million full-time digital workers and $40 billion in export revenue by 2025—cybersecurity threats like vishing attacks are becoming more sophisticated, putting the safety of both local and international stakeholders at risk. A recent data breach at Qantas Airways’ Manila-based contact center underscores the urgent need for stronger safeguards across the sector.
1. Impact on Safety and Security of Stakeholders
Cyberattacks compromise the personal data of millions, eroding trust among clients, investors, and customers. For companies outsourcing services to the Philippines, breaches can mean more than financial loss—it can damage reputations and reduce confidence in the country’s capacity to protect sensitive information. Stronger cybersecurity protocols directly benefit all stakeholders by minimizing risk exposure and preserving the Philippines’ status as a trusted IT-BPM destination.
2. Pros and Cons of Current Initiatives
Pros:
- Increased Vigilance: IT-BPM firms are adopting tools like the One Trust Link (OTL) to screen high-risk individuals and prevent internal fraud.
- Policy Momentum: There is growing support for laws like the Critical Information Infrastructure Protection Act and updates to the Cybercrime Prevention Act.
- Training & Authentication: Best practices such as multi-factor authentication and employee simulations are being encouraged to reinforce cybersecurity protocols.
Cons:
- Enforcement Gaps: While laws exist, cybercrime enforcement and investigation capabilities remain limited.
- Human Factor: Even seasoned support staff can fall victim to sophisticated vishing tactics.
- Operational Impact: Implementing added layers of verification may slow down service delivery and require additional resources.
3. Other Ways to Build Cybercrime Resilience
Beyond current measures, companies and the government can strengthen cybersecurity by:
- Enhancing Cyber Literacy: Regular and mandatory training at all levels, including simulated phishing and vishing exercises.
- Third-Party Security Audits: Independent assessments of cybersecurity infrastructure to identify vulnerabilities.
- Public-Private Collaboration: More active partnerships between government, industry leaders, and international bodies to share intelligence and best practices.
- Incident Response Teams: Establishing rapid-response units within companies to address breaches immediately and mitigate damage.
Ultimately, the resilience of the IT-BPM sector depends not only on technology but also on people and policy. As threats evolve, so must the systems and behaviors that protect this critical pillar of the Philippine economy
