CYBERATTACKS are increasingly disrupting digital systems across the Philippines, prompting organizations to reassess how they prepare for outages and data loss as threats become more complex.
Cyber incidents surged 49 percent quarter-on-quarter in the third quarter of 2025, with 76 breach incidents affecting more than four million accounts, according to a cybersecurity report. Separately, the World Economic Forum warned in its Global Cybersecurity Outlook 2026 that AI-enabled fraud is emerging as a top risk, as generative AI tools make scams easier to scale and harder to detect.
For sectors that rely heavily on digital infrastructure — including business process outsourcing, retail, logistics, healthcare and financial services — system downtime can result in operational disruption, revenue loss and reputational damage.
Speaking at the CyberSecPhil Conference 2026, data management company Synology said organizations should view data protection as a business-wide responsibility rather than a purely technical concern, particularly as cyber incidents increasingly target recovery systems as well as primary networks.
“With digital operations now central to day-to-day business, the ability to recover data and systems quickly is becoming critical during cyber incidents,” said Claire Huang, Synology’s country manager for the Philippines.
Huang noted that traditional backup strategies alone are no longer sufficient, as attackers increasingly target backup and recovery environments.
“Effective data protection is no longer just about keeping copies of data,” she said. “It must ensure that data remains secure and that systems can be restored quickly even if primary environments are compromised.”
Industry assessments indicate that many organizations continue to face gaps in data protection, including weak access controls and limited visibility across systems. In some cases, backup environments remain connected to production networks, leaving them vulnerable during ransomware attacks designed to disrupt operations rather than simply exfiltrate data.
Cyber incidents may also carry regulatory consequences. Under the Data Privacy Act, organizations are required to implement reasonable and appropriate safeguards to protect personal information, including measures that ensure data remains available and protected following a security incident.
As cyber risks evolve, organizations are increasingly examining structured data protection strategies that prioritize recovery readiness alongside prevention, particularly as IT environments grow more distributed and complex.
“Resilience has become a core part of security planning,” Huang said. “Organizations need coordinated data protection and tested recovery processes to limit disruption during incidents.” / PR