By Beatriz Marie D. Cruz, Reporter

AROUND 28% of Philippine companies said that cybersecurity breaches cost them over $3 million (around P174.02 million) to recover, according to cybersecurity firm Fortinet.

Sectors mainly in manufacturing, retail, telecommunications, and government offices said they had to pay millions to recover from a cyberattack, Fortinet Philippines Country Manager Alan C. Reyes told BusinessWorld on Tuesday, citing the company’s latest survey.

Furthermore, around 52% of organizations said that breaches cost them over $1 million to recover.

Following a single data breach, companies have to pay for the cost of operational disruption and the actual recovery of data, among other expenses, Fortinet said.

“If you talk to some of the IT (information technology) professionals, what’s more important for them is the recovery of the data rather than the money that they’re paying for,” Mr. Reyes said during a briefing.

Mr. Reyes said that among all industries, the banking sector has been the most advanced in adopting cybersecurity measures, while the manufacturing industry is trailing behind.

In the Philippines, the average recovery time from a cyberattack takes around two months, according to Fortinet.

Around 55% of Philippine organizations said it took more than a month for them to recover from a cyberattack, while 25% said it took them four months or longer.

Rashnish Pandey, Fortinet’s vice-president for marketing and communications in Asia/ANZ, said Philippine companies can detect cyberattacks in minutes through artificial intelligence (AI)-powered infrastructure.

“AI-powered platforms look at the entire infrastructure and automate a lot of responses instead of waiting for a human analyst to step in,” he told the briefing.

For 2025, Fortinet expects more Cybercrime-as-a-Service (CaaS) models from attackers, wherein cybercriminals take more specialized roles to conduct an attack. Tools and expertise are also being sold to specific segments of the attack chain.

“The segmentation of attack capabilities increases the efficiency of the cybercrime ecosystem, lowering barriers for adversaries to execute sophisticated campaigns,” Mr. Pandey said.

Last year, Fortinet said around 94% of Philippine organizations had one or more cybersecurity breaches, while 28% experienced five or more.

To encourage stronger cybersecurity adoption, companies should look at it as a form of risk management rather than a mere “high-tech” concept, Mr. Reyes said.

“If you take cybersecurity as nothing more than risk management… then it becomes more palatable because it affects your business.”