A recent study commissioned by global cybersecurity leader Fortinet reveals a dramatic surge in AI-powered cyber threats across the Philippines, exposing significant vulnerabilities in how organizations detect and respond to increasingly stealthy attacks.
The IDC survey, which gathered insights from 550 IT and security leaders across 11 Asia-Pacific markets, indicates that cybercriminals are now widely adopting Artificial Intelligence (AI) to scale sophisticated and covert attacks. In the Philippines, 78% of organizations reported encountering AI-enabled cyber threats in the past year, with 28% noting a threefold increase in such incidents.
AI is no longer a theoretical tool in the hacker’s arsenal — it is driving real, fast-moving attacks that exploit weaknesses in human behavior, misconfigurations, and digital identity systems. Common AI-driven threats reported in the country include deepfake impersonations in business email compromise (BEC), AI-enhanced social engineering, data poisoning, automated reconnaissance, and polymorphic malware.
Despite growing awareness, many organizations remain unprepared. Only 9% of respondents in the Philippines feel very confident in their ability to defend against AI-based attacks. Alarmingly, 19% lack the capability to track these threats altogether.
Cyber risk is now a persistent state rather than an occasional crisis. Ransomware (66%), software supply chain attacks (62%), cloud vulnerabilities (58%), and insider threats (56%) remain top concerns. However, newer threats — such as zero-day vulnerabilities, cloud misconfigurations, and human error — are proving even more disruptive, largely because they operate beneath the radar of traditional security defenses.
The financial and operational toll is rising. Nearly half (46%) of organizations experienced monetary losses from breaches, with one in four incidents costing over US$500,000. Reputational damage, regulatory penalties, and privacy violations are also key consequences cited by respondents.
Cybersecurity teams face major hurdles in meeting these challenges. On average, less than one cybersecurity professional is available per 100 employees. Only 15% of organizations in the Philippines have a dedicated Chief Information Security Officer (CISO), and just 6% have teams focused on advanced functions like threat hunting or security operations.
While 80% of local organizations have increased their cybersecurity budgets, most of these rises remain modest, under 10%, and still fall short of addressing the growing risk landscape. Budget allocations continue to prioritize identity security, SASE/Zero Trust, cyber resilience, and cloud-native protections. Yet areas such as IoT/OT security and cybersecurity training remain underfunded.
The report also shows a positive shift toward platform-driven resilience. A notable 96% of Philippine organizations are either actively converging networking and security or planning to do so. About 70% are consolidating security tools to improve response speed and simplify operations, although nearly half still struggle with tool fragmentation and integration.
Fortinet Philippines Country Head Bambi Escalante echoed this sentiment, emphasizing the importance of AI-powered, platform-based defenses, “Complexity is now the new battleground in cybersecurity—and AI is both the challenge and the frontline defence. As threats grow quieter and more coordinated, Fortinet is helping organizations across The Philippines stay ahead with a unified, platform-based approach that brings together visibility, automation, and resilience. In today’s threat environment, speed, simplicity, and strategy matter more than ever. Our focus is on helping customers shift from piecemeal defences to AI-powered security that’s built for scale and sophistication.”
The findings are detailed in the IDC Info Snapshot titled State of Cybersecurity in Asia-Pacific: From Constant Risk to Platform-Driven Resilience (May 2025, IDC Doc #AP249601X).