Learning from PwC’s Global Digital Trust Insights 2026

According to the survey, only about half of organizations worldwide feel “somewhat capable” of defending against cyberattacks. Just 6% stated that they are highly confident. This resonates closely with the Philippines’ cybersecurity maturity landscape.

Many Filipino organizations, particularly small and medium enterprises (SMEs) and local government units (LGUs), still face considerable challenges in building comprehensive cyber resilience. Infrastructure gaps, limited cybersecurity budgets, and uneven adoption of best practices hinder the ability to defend against sophisticated attacks. Awareness is growing, but comprehensive vulnerability management and incident response capabilities need strengthening.

What hinders resilience?

• Complexity of digital environments: Modern IT ecosystems involve cloud platforms, legacy systems, Internet of Things (IoT) devices, and third-party services, creating a labyrinthine attack surface.
• Emerging threats: Advanced persistent threats (APTs), zero-day exploits, ransomware variants with destructive payloads, and insider threats all pose sophisticated challenges.
• Resource constraints: Limited skilled personnel and budget restrictions often impede comprehensive vulnerability management and incident readiness.

Organizations must adopt a layered defense approach with continuous monitoring, vulnerability management, and regular crisis simulations. Investing in cyber resilience is no longer optional but critical to preserving business continuity and stakeholder trust.

Globally, reactive cybersecurity spending still dominates, with only 24% of organizations investing significantly more in proactive measures. In the Philippines, anecdotal evidence suggests a similar pattern.

Filipino organizations, constrained by budget and expertise, often allocate resources to address immediate threats and breaches rather than invest sufficiently in preventative monitoring, continuous assessments, and security controls. This reactive posture increases risk exposure and potential cost from future incidents.

Amplifying proactive investment in mechanisms such as regular vulnerability scans, penetration testing, and employee cybersecurity training could significantly enhance the overall security posture of Filipino enterprises and government bodies.

The survey highlights agentic AI, which autonomously performs tasks to detect and respond to threats, as a priority for global organizations. For the Philippines, leveraging AI-enhanced cybersecurity tools presents a promising path to counterbalance talent shortages and amplify defensive capabilities.

The country’s growing tech sector and vibrant startup ecosystem can foster innovation in AI and cybersecurity technologies. Collaborations between government, academia, and industry to develop AI-driven security initiatives could help Philippine organizations better protect cloud assets, personal data, and critical infrastructure.

Quantum computing ranks among the threats that organizations are least prepared for, with less than 10% prioritizing it financially. The Philippines, still in the early stages of its quantum awareness and preparedness journey, must begin exploring quantum-resistant encryption technologies.

Despite looming uncertainties, proactive research, policy development, and international collaboration on quantum-safe security standards will be crucial for long-term data protection. This is especially critical for government agencies and industries handling sensitive information.

Talent shortages hinder cybersecurity progress worldwide. PwC notes that 53% of companies prioritize AI to alleviate these gaps and increasingly rely on managed security services.

The Philippines faces a critical shortage of cybersecurity professionals, partly due to competition from overseas markets and limited local training capacity. To address this, the country needs sustained investment in cybersecurity education, certifications, and workforce development programs.

Furthermore, expanding the role of managed security services providers (MSSPs) can deliver expert monitoring and incident response capabilities to organizations, especially SMEs, that lack in-house resources. Specialized MSSPs are becoming key strategic partners offering 24/7 monitoring, expertise, and scalable response capabilities that many organizations cannot develop internally. These providers act as accelerators, enabling faster adoption of advanced analytics, threat intelligence, and compliance frameworks. Outsourcing core or specialized security functions enables internal teams to focus on strategic initiatives and governance. This hybrid approach, combining AI technology with managed expertise is emerging as a practical response to skills shortages and increasing complexity.

The overarching theme of PwC’s Digital Trust Insights 2026 is that digital trust must move beyond a technical security focus to become a holistic, strategic business priority.

In the Philippines, we should focus on:

• elevating cybersecurity as a national strategic priority, integrating digital trust across government policies, industry standards, and public awareness campaigns;
• increasing proactive cybersecurity investments in continuous monitoring, vulnerability management, and employee training to reduce reactive expenditures on incident management;
• fostering innovation in AI-driven cybersecurity tools through partnerships between the public and private sectors;
• initiating early research on and planning for quantum-safe cryptography, ensuring the country is not caught unprepared by future quantum threats; and
• developing and retaining cybersecurity talent locally and leveraging managed services to supplement skills gaps.

By embracing these priorities, organizations will not only reduce their risk exposure but also enhance stakeholder confidence, improve regulatory compliance, and create competitive advantages in an increasingly digital economy.

PwC’s Digital Trust Insights 2026 offers a valuable lens for the Philippines at a pivotal stage of digital growth. Amid accelerating digital adoption and evolving cyber threats, the country’s public and private sectors must act decisively to build robust digital trust frameworks that reflect global best practices while addressing local realities.

Proactive investment, technology adoption, skills development, and policy alignment form the foundation of resilient cyber ecosystems in the Philippines. By heeding these lessons, the nation can harness digital opportunities securely and safeguard its stakeholders in the years ahead.

The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of Isla Lipana & Co. The content is for general information purposes only, and should not be used as a substitute for specific advice.

References

1. PwC Global Digital Trust Insights 2026
   ^{PwC. (2024). Global Digital Trust Insights 2026.
   Retrieved from: https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html}
2. Philippine Cybersecurity Act of 2012 (Republic Act No. 10175)
   ^{Official Gazette.
   Retrieved from: https://www.officialgazette.gov.ph/2012/09/12/republic-act-no-10175/}
3. Department of Information and Communications Technology (DICT), Philippines
   ^{Official website: https://dict.gov.ph/}
4. (ISC)² Cybersecurity Workforce Study
   ^{(ISC)². (2023). Global Cybersecurity Workforce Study.
   https://www.isc2.org/Research/Workforce-Study}
5. GSMA Mobile Economy Report: Southeast Asia 2023
   ^{GSMA. (2023). The Mobile Economy: Southeast Asia 2023}
6. World Bank - Digital Economy Reports
   ^{World Bank. (2023). Digital Economy in the Philippines.
   https://www.worldbank.org/en/country/philippines/overview}