Cyber Threats Evolve Beyond Hacks: DICT Highlights Strategic Risks for 2024–2025

The Department of Information and Communications Technology (DICT) has released the Cybersecurity Strategic Risk Assessment for the Philippines (2024–2025), highlighting persistent and evolving cyber threats that affect governance, economic stability, and public trust.

The report shows that cyber risks are increasingly systemic and interconnected, moving beyond isolated technical incidents to impact core government functions and critical infrastructure. Criminal cyber ecosystems continue to exploit personal data, credentials, and network access, while state-linked espionage targets sensitive sectors such as telecommunications, government, and defense.

“We are no longer facing isolated hacks—we are facing an ecosystem under pressure. Every data breach, every compromised credential, every third-party vulnerability can cascade across institutions and affect millions of Filipinos,” said DICT Undersecretary for Cybersecurity Julius B. Gorospe.

“This assessment is a call to treat cybersecurity as a strategic responsibility, not just a technical checklist.” The report identifies key threat drivers including underground markets for stolen data, third-party dependencies, risky digital behavior, and strategic interest in Philippine digital infrastructure. Predominant risk vectors include credential compromise, external data breaches, extortion-driven cybercrime, and service disruptions such as distributed denial-of-service attacks. “Cybersecurity is about anticipation, not reaction. It’s about understanding how attacks propagate through systems, supply chains, and human behavior—and taking coordinated action before the damage spreads,” Gorospe added.

The DICT emphasizes that the report is non-attributive and intended to inform policy, governance, and risk management discussions.

Findings do not assign blame but provide a risk-based picture to help government agencies, critical infrastructure operators, and the broader ecosystem strengthen resilience. As the Philippines accelerates its digital transformation across public services, finance, education, and communications, the report underscores the importance of whole-of-government coordination, inter-agency collaboration, and international partnerships.

“Resilience is built before an incident hits, not after. By sharing information, aligning policies, and focusing on systemic risk, we can safeguard public trust and economic confidence,” Undersecretary Gorospe concluded.