Cyber literacy key to a safer digital Philippines

Stronger education, collaboration, practices sought for ‘cyber-literate nation’ in BusinessWorld Insights forum

By Mhicole A. Moral, Special Features and Content Writer

Cyber threats now rank among the most costly and persistent risks facing governments and businesses, with global losses projected to reach $20 trillion a year by 2030, according to the World Economic Forum. The scale of the threat has widened the discussion beyond technology, which place human behavior and education at the depths of cybersecurity planning.

This reality framed discussions at the third leg of BusinessWorld Insights Cybersecurity Series, with the theme “Building a Cyber-Literate Nation,” held Jan. 29, at the Golden Ballroom of Okada Manila.

In his opening remarks, BusinessWorld Executive Vice-President Lucien C. Dy Tioco said the gains of digital participation remain limited without stronger public understanding of online risk.

“For the country to draw real value from digital growth, people and institutions must do more than connect. They must know how to navigate the digital space with care and judgment,” said Mr. Dy Tioco.

Mr. Dy Tioco added cybersecurity should be treated as a public effort that involves everyone. Preparation, he said, should move beyond technical use and focus on confidence and informed participation in digital spaces.

With Okada Manila as the official venue partner of the forum, Executive Director-Chief Information Officer of Information Technology Division Mark Ryan Talabis highlighted the significance of cybersecurity discussions in his special message.

“We are thrilled to host this gathering of industry leaders, as we explore some of the most pressing topics in the field of cybersecurity,” he shared. “Cybersecurity is a key pillar of our ‘Okada Green Hearts’ initiative. Our dedication to safety and security not only support our operations, but also aligns with our mission to create a sustainable and resilient environment for our guests, our team members, and our community.”

Cybercrime Investigation and Coordinating Center Acting Executive Director Renato “Aboy” Paraiso

Undersecretary Renato “Aboy” Paraiso, acting executive director of the Cybercrime Investigation and Coordinating Center (CICC), said attackers now need only one weak point to succeed, while defenders must protect every access point across expanding digital networks.

“Even with the most advanced firewalls in the world, it cannot stop a plague that comes from a lack of awareness. Today, the stakes are all over just technical. They are existential,” he shared. “For us at the CICC, the loss of trust in our digital ecosystem far exceeds any financial figure. That is why our focus has shifted.”

Mr. Paraiso defined cyber literacy as the ability to navigate and assess digital systems, identify cybersecurity risks, detect misinformation and practice responsible online communication.

“Digital resilience is not a product that you can buy. It is a combination of technology, economic policy, and most importantly, human factor. So, beyond skills, it is the power of cyber-literacy,” Mr. Paraiso explained.

He added that the country needs to anchor its cybersecurity approach on education. A study published in the International Journal of Innovative Science and Research Technology found that students demonstrate stronger critical thinking when cybersecurity is included in school curricula.

“An educated nation is a resilient nation, where our populace knows how to spot red flags and adopt protective habits that simply shapes back into our favor,” Mr. Paraiso added.

In workplaces, he said a single cybersecurity seminar no longer matches the pace of attacks. Organizations are encouraged to require onboarding programs that include phishing simulations and threat response tracking, so workers learn through repeated practice.

Mr. Paraiso also called for a change in workplace culture that discourages silence after an incident.

“Reporting is an act of courage,” he said. “When you dial CICC’s Hotline 1326, you are not only helping yourselves; you are also helping the whole country.”

Moving past basic digital awareness

Panel Discussion 1 (from left): Angel Redoble of Philippine Institute of Cyber Security Professionals, Sam Jacoba of ASEAN Japan Cybersecurity Community Alliance, Lito Villanueva of RCBC, Derick Ohmar Adil of Globe Telecom, and BusinessWorld Reporter Beatriz Marie D. Cruz (moderator)

Philippine Institute of Cyber Security Professionals Chairman and Founding President Angel Redoble, Globe Telecom Senior Director and Head of AI and Privacy Governance Derick Ohmar Adil, ASEAN Japan Cybersecurity Community Alliance Strategic Communications Lead Sam Jacoba, and RCBC Executive Vice-President and Chief Innovations and Inclusion Officer Lito Villanueva composed the panel for the first discussion themed “Beyond Awareness: Developing Literacy in a Digital Philippines.”

Moderated by BusinessWorld Reporter Beatriz Marie D. Cruz, the panel discussion framed cyber literacy as a shared responsibility that spans individuals, businesses, and institutions.

Experts noted that while digital transformation has connected Filipinos and simplified daily life, it has also increased vulnerability.

“Digital transformation has made life faster, easier, and more connected. But here is the truth we must face: a digital Philippines without cyber-literacy is a vulnerable Philippines. While technology empowers honest people, it also empowers criminals,” said Mr. Redoble.

Modern cyberattacks, according to Mr. Redoble, often begin with simple deceptions: a message, link, call, or request that appears legitimate.

“Many cyber incidents do not begin with complex hacking anymore, where hackers will really try to intrude bypass and break your countermeasures. Today, they begin with a simple deception, a message, a link, a call, or a request that looks legitimate. That is why building a cyber-literate nation is not just a technology objective. It is a public safety priority, a national security requirement, and an economic resilience strategy,” he explained.

Filipinos also remain unprepared to respond to threats effectively, due to lack of digital literacy.

“I’d say Filipinos are [cyber] aware, but not yet prepared,” Mr. Adil said. “Awareness tells us that cars exist. Literacy teaches us how to cross safely. In the digital world, awareness is knowing the risks. Literacy is knowing how to act.”

Mr. Villanueva added that practical knowledge of Filipinos in cyber risks remains limited. 

“The mass market does not fully comprehend digital threats,” he said.

He pointed out that existing reporting mechanisms are fragmented, with most victims contacting only banks or service providers, leaving official channels such as the government’s 1326 hotline underused.

“When you do not have digital literacy, the biggest risk is not broken systems but human shortcuts,” Mr. Adil said. “People prioritize familiarity, convenience, and speed over caution. Even in large organizations, one rush click or one wrongly shared credential can undo months of security work.”

Mr. Jacoba highlighted human behavior as the most significant vulnerability in cybersecurity.

“The best hackers in the world do not hack systems. They hack people,” he said. “The basic cybersecurity discipline that you can share or maybe develop in your organization is zero trust. This is the world we live in right now. Do not trust anything that you see on your phone or in your laptop.”

Panelists called for stronger collaboration between government and private sectors to raise cyber literacy and protect users.

“In 2023, the Fintech Alliance collaborated with government agencies and media groups for a campaign called ‘Wag Magpaloko Maging Scam Alerto.’ It showed that even private-led initiatives need government participation to be effective,” Mr. Villanueva said.

Mr. Adil also stressed that strong alignment between government and industry is vital to build a cyber-literate country.

“The government has authority. The private sector sees real threats daily. If they speak together, people will listen,” he said.

Call for stronger cyber protection

Panel Discussion 2 (from left): Maricris A. Salud of Bangko Sentral ng Pilipinas, Frank Vibar of Asian Hospital and Medical Center, Joel Geronimo of GCash, Portia Edillor of PWC Philippines, and TV5 Anchor Jester delos Santos (moderator)

The second panel, themed “Critical Cyber Risks Challenging Consumers,” featured Bangko Sentral ng Pilipinas Deputy Director and Head of Cybersecurity Supervision and Oversight Group Maricris A. Salud, Asian Hospital and Medical Center Chief Information Technology Officer Frank Vibar, GCash Head of Strategy and Cyber Resilience Joel Geronimo, and PWC Philippines Risk Services Senior Manager Portia Edillor.

Ms. Salud said social engineering remains the top threat, accounting for 76% of reported cyber-related fraud losses.

“The weakest link is no longer just technology. It is the human element. So, it’s really the people that they’re attacking,” she said.

She described phishing, smishing, and AI-generated scams as increasingly convincing, exploiting trust to target Filipino consumers. Organized threat actors accounted for roughly 30% of fraud losses, while compromised card data represented 8%.

Mr. Geronimo noted that phishing, identity theft, account takeovers, and scams related to fake jobs, investments, and romance are major concerns. He added that these attacks threaten consumer trust and the reputation of financial institutions while slowing the government’s efforts to expand financial inclusion.

In 2024, the Philippines recorded 10,000 cybersecurity complaints, marking a 300% increase from the previous year. Losses totaled P198 million, or roughly P20,000 per victim.

Mr. Vibar emphasized that cybersecurity risks extend beyond monetary losses. Online abuse affects roughly two million children in the country, raising broader societal concerns.

“Cybersecurity threats used to affect only a few targeted individuals or institutions, but nowadays they are impacting everyone. Cyber risk in the Philippines is no longer just an IT problem; it now has broader societal implications,” he explained. “The reason we are holding these sessions and events is to address these issues as soon as possible. If we do not, Filipinos risk being left behind in the digital space, which cannot happen given how rapidly the world is moving online.”

Panelists also stressed the importance of transparency and consumer education. Ms. Edillor said prompt disclosure of system glitches or breaches can reduce panic and minimize the impact on consumers.

“We have to accept that cyber criminals will stay here, and they will always be here,” she added. “We need to promote more on consumers skepticism and zero trust.”

Ms. Edillor also called for improved public campaigns that use visual and behavioral messaging.

“Cyber criminals trigger the five senses. We need to trigger the five senses as well,” she explained. “We have to change the language of the campaign because most of the time we see ‘do not click.’ Our brains do not process ‘do not click’ effectively, so the message is often ignored. By changing the language, Filipinos — or people in general — can understand what they need to do. This helps reprogram beliefs. Once beliefs are reprogrammed, behavior changes.”

In terms of reporting and preventing incidents, Ms. Salud outlined BSP standards under the Anti-Financial Account Scamming Act. Banks have the authority to recover funds quickly and must follow BSP Circular 1019 for operational reporting, requiring incidents to be reported within two hours with follow-ups within 24 hours.

Meanwhile, Mr. Geronimo described multi-layered processes for assessing incidents, ranging from phishing attempts to identity theft and account compromises.

“We have a partnership with different government agencies and law enforcement agencies like the [Philippine National Police Anti-Cybercrime Group, CICC,] as well as BSP and [the National Telecommunications Commission]. Every time there is an incident or confirmed fraud or scam report, we also coordinate those matters. We are working right now with different [bank and non-bank] organizations to develop a more secure ecosystem,” he said.

Protecting people, not just systems

Department of Information and Communications Technology Undersecretary for Policy, Legal, and Communications Atty. Sarah Maria Q. Sison

Digital technology has opened doors to learning, public services, and new sources of livelihood, but it has also brought new dangers, particularly for women and children.

In her closing keynote, Department of Information and Communications Technology Undersecretary for Policy, Legal, and Communications Atty. Sarah Maria Q. Sison highlighted the growing vulnerabilities faced by these groups online.

“Digital information has opened doors to learning, livelihood, and public services, but it has also exposed new vulnerabilities, especially for women and children who face some of the greatest risks online,” she said.

According to Atty. Sison, about 67% of Filipinos aged 10 and above access the Internet, with over 90 million active on social media platforms. Women account for roughly 60% of this online population. Despite this widespread access, millions of Filipinos remain unconnected, and many lack the skills or safeguards needed to use the Internet safely.

“Access is not automatically mean security and connectivity does not guarantee confidence,” she emphasized.

While men and women may use digital devices at similar rates, equal usage does not translate to equal opportunity or safety. Women are underrepresented in science, technology, engineering, and mathematics roles, as well as in information and communications technology positions. Cultural expectations, unpaid care responsibilities, and limited Internet access in rural areas continue to restrict women’s participation in digital sectors.

Atty. Sison also shared insights from the Commission on Human Rights, noting that the Philippines remains a major source of online sexual abuse against children. In fact, the Philippine Internet Crimes Against Children Center receives millions of reports annually, many involving victims under the age of 13 exploited through live stream abuse.

Although the Philippines has enacted several laws to address online abuse, including the Safe Spaces Act (Republic Act 11313), the Anti-Child Pornography Act (Republic Act 9775), the Anti-Online Sexual Abuse or Exploitation of Children Act (Republic Act 11930), and the Cybercrime Prevention Act (Republic Act 10175), Atty. Sison said laws alone are not enough.

“Whether you like it or not, we have the laws; but how are they implemented, we have to actually update them,” she said.

She urged the government to issue clear policies on digital protection, called on the private sector to build security and education into platforms, and asked media organizations and civil society groups to translate digital risks into practical guidance for the public.

Cyber literacy, Atty. Sison explained, must extend beyond basic awareness. It should include understanding individual rights and responsibilities, practicing digital hygiene, recognizing abuse, and knowing where to seek assistance.

“The measure of our digital progress is not the speed of networks or the size of our digital economy. It is measured in whether a child can learn online without fear, whether a woman can work and speak freely without harassment, and whether every Filipino can navigate the digital world with confidence, dignity and trust. This is really the true meaning of a cyber-literate nation. Not just aware, but empowered. Not just connected, but protected. And moreover, not just digital, but human,” she concluded.

This BusinessWorld Insights forum was presented by BusinessWorld Publishing Corp., in partnership with the Cybersecurity Council of the Philippines and GCash; and is sponsored by Converge ICT Solutions, Inc. and RCBC; with the support of Asian Consulting Group, American Chamber of Commerce of the Philippines, Bank Marketing Association of the Philippines, British Chamber of Commerce of the Philippines, Financial Executive Institute of the Philippines, French Chamber of Commerce and Industry Philippines, European Chamber of Commerce of the Philippines, Management Association of the Philippines, People Management Association of the Philippines, Philippine Chamber of Commerce and Industry, Philippine Franchise Association, Philippine Retailers Association, Information Security Officers Group (ISOG), official venue partner Okada Manila, and official media partner The Philippine STAR.