Cybersecurity budgets among mid-sized organizations in the Philippines now account for 13.3% of revenue, reflecting one of the biggest jumps in Asia-Pacific, according to Palo Alto Networks’ first-ever 2025 Cybersecurity Resilience in Mid-Market Organizations study.
Palo Alto Networks (NASDAQ: PANW) is a US-based company that provides AI-powered security solutions across network, cloud, security operations and AI.
The benchmark study, conducted in collaboration with Tech Research Asia, surveyed over 2,800 mid-sized organizations across 12 countries, offering critical insights into cybersecurity maturity across the region, including the Philippines.
“It’s encouraging to see the Philippines taking meaningful steps to elevate its cybersecurity efforts, especially with the approval of the National Cybersecurity Plan, a critical move to safeguard institutions, infrastructure, and citizens amid growing threats,” said Steven Scheurmann, Regional Vice-President of ASEAN at Palo Alto Networks, in a news release.
He said that the Philippine digital economy, valued at ₱2.25 trillion in 2024 and accounting for 8.5% of GDP, is increasingly reliant on robust cybersecurity frameworks.
“Cybersecurity is no longer optional. The increased budgets among mid-market organizations reflect a deeper understanding that protecting digital assets is essential to sustaining business growth and national progress,” Scheurmann said, emphasizing the urgency of cybersecurity and partnerships in improving threat detection and response, and enabling the adaptive, intelligent security needed for the digital future.
The report reveals that 61% of Philippine companies currently rely on partners such as managed security service providers (MSSPs), with this figure expected to rise to 79% in the next two years.
MSSPs are preferred by 40% of firms, followed by managed service providers (MSPs) and systems integrators.
Top cybersecurity investments in the country are being funneled into security software (47.09%), network security hardware (38.35%), and data protection and privacy (37.86%).
However, while Philippine companies perform strongly in “Protect” and “Detect” categories under the NIST framework, the study shows weaker scores in “Govern,” “Identify,” and “Respond” areas, highlighting the need for stronger governance and incident response capabilities.
NIST, or the National Institute of Standards and Technology, is a non-regulatory agency under the US Department of Commerce that promotes US innovation and industrial competitiveness by advancing measurement science, standards, and technology. They provide a framework for cybersecurity, known as the Cybersecurity Framework (CSF), to help organizations understand, manage, and reduce cybersecurity risks.
“Cybersecurity is no longer just an IT issue, it’s a business priority. As threats grow more sophisticated and AI reshapes the threat landscape, our benchmark study reveals that many mid-market organizations are still catching up,” said Michelle Saw, Vice President, Ecosystems, Asia-Pacific and Japan at Palo Alto Networks.
Notably, poor solution performance (43%), major breaches, and supply chain issues remain the top reasons for switching cybersecurity partners in the country.
The findings also point to a gap in AI adoption, with AI-related capabilities cited as among the lowest-performing areas in existing cybersecurity programs.
“The research indicates that mid-market organizations in the region have made notable advancements in strengthening their cybersecurity posture,” said Tim Dillon, Founder, Director, and Principal Analyst at Tech Research Asia.
“However, there remains substantial opportunity for partners to support continued progress, particularly in workforce education and training, identity and access management, and application and data security,” Dillon added.
For more insights, visit Palo Alto Networks’ report.
