Cyber Risk a Constant but Not (Yet) a Crisis — Experts
As artificial intelligence (AI) becomes increasingly integral to industry operations, cyber risks are evolving from sporadic crises to ever-present threats. Rashish Pandey, a top executive from global cybersecurity firm Fortinet, highlighted these changes in the cybersecurity landscape during a forum in Taguig City.
Pandey, who serves as the Vice President of Marketing and Communications for Asia and ANZ (Australia and New Zealand) at Fortinet, shared insights into this transformation. He emphasized that organizations, particularly in the Philippines, are now more vulnerable to threats operating under the radar.
Ransomware, cited at a striking 66 percent, remains the most reported threat. Following closely are software supply chain attacks (62 percent), cloud vulnerabilities (58 percent), insider threats (56 percent), and phishing (50 percent).
“The most disruptive threats are no longer the most obvious,” Pandey said. “They present serious challenges as they frequently escape detection by traditional defense systems, exploiting internal weaknesses and visibility gaps.”
Phishing and malware threats continue to grow at a rate of 10 percent. However, this increase is tempered by established defenses like endpoint protection and user awareness training. In contrast, more sophisticated threats are on the rise, including supply chain attacks (16 percent), IoT/OT attacks (14 percent), cloud vulnerabilities and insider threats (12 percent each), and unpatched/zero-day exploits (10 percent).
“These threats are escalating swiftly because they exploit deficiencies in governance, visibility, and system complexity,” Pandey noted. “This makes them not only harder to detect but also significantly more damaging when they succeed.”
The repercussions of cyberattacks have reached beyond simple operational downtime. The major consequences now range from loss of customer trust (62 percent) to regulatory penalties (56 percent), data theft and privacy violations (54 percent), and operational disruption (42 percent). Financial impacts are also prevalent with 46 percent of breaches resulting in monetary loss, and one in four costing over $500,000.
AI-driven threats in the Philippines present a new frontier of challenges. These include deepfake impersonation in business email compromises, AI-enabled social engineering, adversarial AI and data poisoning, automated reconnaissance, and polymorphic malware.
Despite these advancements, only 9 percent of organizations feel very confident in their ability to defend against AI-driven threats. An additional 27 percent of businesses acknowledge that these threats surpass their current detection capabilities, while 19 percent admit to an inability to track them altogether.
Adding to the complexity is a significant shortage of skilled cybersecurity professionals. “On average, only 7 percent of an organization’s workforce is in IT, and merely 13 percent of that small segment focuses on cybersecurity,” Pandey revealed. This translates to fewer than one full-time cybersecurity expert for every 100 employees.
Further complicating matters is the lack of dedicated leadership and specialized teams. Only 15 percent of organizations employ a standalone Chief Information Security Officer, while 63 percent assign cybersecurity responsibilities to broader IT roles. A scant 6 percent have specialized teams for targeted operations such as threat hunting.
“These lean teams are under increasing pressure,” Pandey said. “The main challenges include an overwhelming threat volume (54 percent), difficulties in retaining cybersecurity talent (52 percent), and tool complexity (44 percent), all of which contribute to burnout and operational fragmentation.”
In conclusion, as cyber risks continue to evolve alongside advancements in AI, the need for robust cybersecurity measures becomes more critical. Businesses must be proactive, not reactive, ensuring they can detect and neutralize threats before they escalate into crises.
