By Bambi Escalante, Country Manager, Fortinet Philippines
The Philippines’ digital economy is expanding rapidly as businesses adopt new technologies, e-commerce continues to surge, and the use of artificial intelligence (AI) becomes more widespread. Recent estimates suggest the sector could reach between $80 billion and $150 billion in gross merchandise value by 2030.
But as digital participation grows, so does exposure to cyber risk. Each new online service or connected system presents a fresh opportunity for cybercriminals who are now operating with greater speed and sophistication, often aided by AI-driven tools that make it easier to launch attacks at scale. What once required specialist skills can now be purchased as a service, increasing pressure on organizations of all sizes.
Against this backdrop, the Philippines faces a widening challenge: technology is advancing quickly, but the number of cybersecurity professionals needed to secure that progress is not keeping pace.
A widening shortage
According to the Fortinet Cybersecurity Skills Gap 2025 Report, 98% of organizations in the Philippines experienced at least one security incident in the past year that they attributed to a lack of skilled cybersecurity personnel. Nearly half of the surveyed organizations reported losses exceeding $1 million, and 63% said that recovery from a cyberattack took more than a month.
The talent shortfall is also structural. Figures from the Department of Information and Communications Technology (DICT) show that the country has roughly one cybersecurity professional for every 2,000-3,000 people. By comparison, mature digital economies operate with ratios closer to one in 200.
This mismatch strains already lean security teams, prolongs detection and response times, and gives attackers greater opportunity to exploit vulnerabilities. As the Philippines continues its shift toward a digital-first economy, closing this gap becomes critical to maintaining trust and ensuring the resilience of national systems.
Where shortages are most acute
Some roles are proving particularly hard to fill. Cyber threat intelligence and data security are the most in-demand skills, each cited by 36% of organizations. Cloud security skills follow at 28%, while secure operations and malware analysis are also high on the list.
Recruitment challenges further complicate the picture. AI and machine learning specialists are the hardest to hire, with 36% of organizations reporting difficulties. Security Software development, cloud security, network security, and data security experts are also difficult roles to fill.
These shortages have practical consequences. The absence of AI and ML expertise slows the detection of complex threats. A lack of secure software development skills increases application vulnerabilities. Gaps in cloud and network security heighten the risk of misconfigurations, while limited threat intelligence capacity delays response to emerging attacks.
Each unfilled role introduces risk into an organization’s security posture, a reality that underscores the need for a stronger and more diverse cybersecurity workforce.
Efforts to grow the talent pool
The Philippine government has acknowledged the challenge and is taking steps to build capacity. The DICT’s National Cybersecurity Plan (NCSP) 2023-2028 includes scholarships, skills development initiatives, and partnerships with academic and industry groups. These programs have been useful, yet demand continues to outpace supply. The DICT estimates that the government alone may require around two million cybersecurity workers in the coming years, far more than the number currently available.
Hiring practices also remain a barrier. While many organizations value certifications and express willingness to train new hires, four-year degrees continue to be prioritized. This makes it harder for candidates from non-traditional paths, including mid-career professionals and bootcamp graduates to enter the field.
Building a more inclusive pathway
Recent trends suggest that organizations are expanding their approach to talent. Many are investing in diversity initiatives to widen access to cybersecurity careers. Eight in 10 have programs encouraging more women to join the field.
Hiring standards are also shifting. Three-quarters of employers still consider four-year degrees, but 66% now place significant weight on professional certifications. This signals a more balanced view that blends formal education with validated skills and practical experience.
The private sector also plays a role in strengthening the pipeline. Fortinet, for instance, has committed to training one million cybersecurity professionals globally by 2026. In the Philippines, the company partners with universities and colleges through its Academic Partner Program, giving students access to industry-recognized training and certifications.
Institutions such as Manila Central University, Our Lady of Fatima University, Mindanao State University Sulu, Don Bosco Technical College Mandaluyong, Ilocos Sur Polytechnic State College, Central Philippines State University, Bulacan Agricultural State College, Systems Plus College, and Northern Iloilo State University have adopted the program as an elective. Meanwhile, Holy Angel University has fully integrated it into its curriculum, helping equip graduates with practical, job-ready skills that align with industry needs.
A shared responsibility
Addressing the cybersecurity skills gap is not a challenge for one sector alone. It demands alignment between government, industry, academia, and individuals who are ready to develop new capabilities. While technology and automation can reduce pressure on teams, the strength of the country’s cyber resilience ultimately depends on people, their expertise, readiness, and ability to act.
By widening the talent pipeline, embracing more inclusive hiring practices, and investing in long-term skills development, the Philippines can build the workforce it needs to secure its digital future and sustain the growth of its digital economy.