CEBU CITY — Despite being the second biggest player in the global IT-BPO industry, the Philippines has far fewer cybersecurity professionals than its competitors, a study supported by the United States Agency for International Development (USAID) said.
Demand is growing for cybersecurity professionals in the Philippine government and the private sector to counter the threat of digital attacks, USAID said.
However, the Philippines in 2021 had only 202 cybersecurity professionals with Certified Information Systems Security Professional (CISSP) certifications, considered to be the gold standard in the industry, according to a USAID-supported study by IBM.
Singapore has 2,804 CISSP holders, it noted.
When compared to other top BPO countries, the Philippines’ had fewer CISSP holders than Thailand, Mexico, Malaysia, Brazil, Poland, and significantly less than India, Japan, and China, the study added.
"The needs here are very big. The problem in the Philippines is a workforce problem when it comes to cybersecurity," USAID senior economic growth specialist Jon Avila said.
"There’s already a degree of awareness, but we need people to man those emergency response teams, man those offices in government, as well as in the private sector," he said in a media seminar sponsored by the US Embassy in Manila.
GOOD PAY, OPPORTUNITIES
Opportunities abound for young Filipinos to get into cybersecurity, according to Carlos Ely Tingson, senior vice president at Kroll Inc., an American corporate investigation and risk consulting firm.
"There’s so much talent actually in the Philippines. In fact, a lot of cybersecurity firms are making their presence here... There's so much opportunity for young Filipinos to get into cybersecurity," he said in the same seminar.
Cybersecurity professionals are "strongly compensated", with global respondents reporting an average salary before taxes of $90,900 or around P5 million, the IBM study found.
In the Philippines, the average salary of a mid-level Filipino cybersecurity specialist was P747,054, it added.
The country's experience in the BPO sector "puts us in a very good position for cybersecurity," USAID's Avila said.
"The BPO sector here, they’re very adept and the way the BPO sector evolved also, we started with just receiving complaints, the consumer part, to other things na... As we mature, we look at other services," he told reporters.
"Any service that you can deliver from afar, kayang gawin ng BPO dito (the BPO can do from here). Cyber[security] is also like that. You can do the audit from here," he added.
PROPER PAY IN GOVT
USAID is helping train government cybersecurity experts.
Government, however, faces a problem with retaining cybersecurity professionals, Avila said.
"As soon as we train people in the government, they get pirated by the private sector. Or worse…they get a job offer in Singapore," he said.
"Right now, government does not have in its plantilla a cybersecurity professional, nor the job description, nor the salary commensurate to that professional," he added.
The USAID is providing technical support for the budget department and the Civil Service Commission to come up with these plantilla items and set their job description and compensation, Avila said.
"Most of the IT positions in government is data entry specialist. But a cybersecurity specialist would require a bit more compensation," he said. "The issue then here becomes one of coming up with an adequate compensatory system that you can retain talent in government."
"Of course, all Filipinos love their country and want to serve, but they also have to support family. It has to be a reasonable compensation and government is well aware of those issues."
At least 3 out of 4 companies in the Philippines have suffered from a form of cyber attack, a Kroll study released last year showed.
Top banks, telcos, energy firms, and other companies operating critical information infrastructure (CII) could lose P6 billion a day if they are all compromised at the same time in a cyberattack, an advocacy group warned.