
The National Cybersecurity Plan 2023–2028 serves as the official roadmap for cyber resilience planning. It outlines a whole-of-nation strategy – spanning government, the private sector, and civil society – to strengthen cyber defenses and meet key 2026 milestones, even as digital threats continue to grow across critical sectors.
Aligned with the Philippine Development Plan, the roadmap distributes shared responsibilities for creating a trusted digital environment. Tracking its implementation and deepening private sector engagement are essential to accelerating national protection efforts.
This blog analyzes the roadmap’s major milestones and how businesses can actively contribute and benefit as the Philippines works toward a safer, more resilient digital future.
Overview of National Cyber Resilience Roadmap Progress
Roadmap Foundation
Adopted through an Executive Order in 2024, the NCSP 2023–2028 serves as the Philippines’ updated master plan for cybersecurity. Building on earlier versions, it sharpens its focus on proactive risk management, critical infrastructure protection, and national capacity building.
Current Status
Measurable progress includes the establishment of Computer Emergency Response Teams (CERTs) across national government agencies, with adoption targeted to reach 75 percent by 2026. Alongside this, the Philippines continues to improve its Global Cybersecurity Index ranking and strengthen incident reporting mechanisms nationwide.
Policy Alignment
The plan links to broader goals in the Philippine Development Plan. It connects with emerging laws, which include the proposed Cybersecurity Act and Critical Information Infrastructure Protection Act.
Whole-of-Nation Approach
The NCSP marks a deliberate shift away from purely government-led efforts, embracing broader collaboration with the private sector, academia, and international partners to build a more inclusive and resilient cybersecurity ecosystem.
Strategic Importance
The roadmap is therefore essential to position the Philippines as a trusted digital hub within ASEAN, particularly as cloud computing, 5G, and AI continue to reshape the digital landscape.
Its impact is already visible. Government agencies are reporting incidents faster, while non-government partners are contributing fresh perspectives and resources. Regular updates ensure the plan stays relevant against evolving threats and technologies. Together, these elements build steady momentum towards a cybersecurity culture grounded in shared responsibility and real-world application.
Key Milestones & Progress Areas
Critical Infrastructure Protection: Progress is advancing through the systematic onboarding of Critical Information Infrastructure (CII) assets, the rollout of mandatory vulnerability scanning, and the development of responsible disclosure frameworks.
Capacity and Workforce Development: The plan tracks measurable growth in certified cybersecurity professionals, supported by expanding training programs and increased higher education offerings. Together, these initiatives target the development of thousands of new experts by 2028.
Incident Response and Intelligence Sharing: Response times are improving alongside the establishment of a national cybersecurity intelligence network. Bi-directional information flow between government and private entities is increasing simultaneously.
Legislative and Regulatory Advances: The regulatory landscape is rapidly evolving towards new laws that incentivize security research and enforce risk-based compliance.
Measurement and Benchmarks: Clear targets for 2026 and beyond keep progress accountable. These cover 75 percent of CERT coverage across NGAs, an improved Global Cybersecurity Index ranking, and stronger contributions to e-commerce security.
Each of the aforementioned areas build on the last, with the government closely monitoring results and private sector partners joining assessments early. This combined effort lifts overall cyber readiness step by step, ensuring the plan remains both actionable and well-scheduled.
Private Sector’s Role & Contribution Strategies
The private sector is an active force in national cybersecurity. Private operators bring the scale, speed, and innovation that government efforts alone cannot match.
Information Sharing and Incident Reporting: Secure and timely incident disclosure strengthens collective defense. By participating in national CERT networks, private organizations contribute to real-time threat intelligence.
Critical Infrastructure Collaboration: Private operators of Critical Information Infrastructure have a direct responsibility to adopt roadmap standards and engage in joint public-private exercises, including drills conducted at least twice a year, to test and sharpen coordinated response capabilities.
Investment in Skills and Technology: Organizations are encouraged to expand staff training on emerging tools, accelerate zero-trust adoption, and deploy advanced solutions such as automated monitoring systems – keeping teams prepared on a monthly basis.
Innovation and Responsible Disclosure: A thriving cybersecurity ecosystem depends on safe spaces for research. Supporting security researchers strengthens the country’s overall threat awareness and defensive posture.
Alignment with Roadmap Goals: Integrating NCSP principles into corporate strategies is a foundation for seamless compliance and long-term resilience. Firms that do, contribute directly to a unified and coherent cybersecurity posture.
Together, these contributions bridge organizational resilience with national security. Organizations gain stronger protection for their own operations while helping move the Philippines towards a more secure and resilient digital future.
Benefits and Impact on the Philippines’ Growth
The NCSP’s implementation carries far-reaching benefits for individual organizations, key industries, and the archipelago as a whole.
Enhanced Security: Stronger cybersecurity lowers the risk of breaches, improves incident response capabilities, and safeguards sensitive data across critical industries.
Economic Advantages: A more secure digital environment reduces cybercrime-related losses, attracts foreign investment, and strengthens the competitiveness of high-value sectors such as BPO, fintech, and digital services exports.
Operational Resilience: Organizations gain the confidence to innovate safely within cloud and hybrid environments, supported by robust frameworks that ensure business continuity remains uninterrupted even amid threats.
National Contribution: Private and public efforts combined help achieve NCSP targets; further advancing the national Digital Transformation Strategy, and positioning the Philippines as a credible leader within the regional digital economy.
Trust and Competitiveness: Meeting international cybersecurity standards builds customer confidence and opens new opportunities in cybersecurity services.
Future Outlook: Looking ahead, sustained implementation is expected to drive stronger overall resilience, foster inclusive digital economy growth, and elevate the Philippines’ standing in global cybersecurity rankings by 2030.
Enhanced Security: Lower breach risks mean fewer costly disruptions, which keeps operations running smoothly and data protected from theft or loss. This stability draws investors seeking secure and consistent environments to grow their business.
Economic Advantages: BPO and fintech sectors accelerate when security meets global standards, further driving export growth. As Philippine providers prove their reliability, cybercrime losses decline and free up funds that can instead be redirected towards expansion and innovation.
Operational Resilience: Safe cloud adoption allows firms to test new ideas without fear of exposure, while stronger business continuity planning ensures steady service delivery even during active threats. The broader economy therefore enjoys stability when businesses operate without interruption.
National Contribution: Consistent progress brings the Philippines closer to its digital transformation goals. Higher global rankings open doors to new partnerships, investments, and collaborative opportunities.
Trust and Competitiveness: Customer trust deepens as systems prove reliable and international standards become routine practice. New cybersecurity service firms emerge to meet rising demand, turning security maturity into a thriving industry in its own right.
Together, these benefits prove that the Philippines’ digital ambitions are only as strong as its ability to secure them – and that both the private and public sector sit at the centre of that effort.
Philippines-Specific Opportunities & Strategies
The NCSP is a practical toolkit that organizations of every size can act on today, with key opportunities and strategies outlined as follows.
Leveraging National Frameworks: Aligning with NCSP targets opens access to DICT-led programs covering training, funding, and public-private pilot initiatives. Organizations that engage early gain a structural advantage in both compliance and capability.
Sector-Specific Action: Different sectors face different risks. BFSI, BPO, and SMEs each benefit from tailored resilience measures, with BFSI firms encouraged to join sector CERTs first and SMEs positioned to apply for training grants early to build foundational security capacity.
Partnership Building: Collaboration through NCIAC sector CERTs and industry alliances creates consistent channels for intelligence sharing and the exchange of best practices.
Incentive Utilization: Government grants, tax benefits, and certification support are available to accelerate adoption. These incentives extend to tool upgrades and workforce development, lowering the barrier for organizations looking to invest in stronger security infrastructure.
Regional Leadership The private sector’s active participation positions the Philippines as an ASEAN model for collaborative cybersecurity. Private input into regional conversations helps shape standards that reflect local realities and ambitions.
Together, these pathways turn policy into practice. Whether a large enterprise or a growing SME, every organization has a clear and actionable entry point into the national cybersecurity effort.
Strengthen National Cyber Resilience at PhilSec
Across industries, leaders are asking the same questions: how do we ensure resilience in the face of evolving risks, protect critical infrastructure, how to strengthen public private cybersecurity collaboration, and align cybersecurity strategies with national priorities?
PhilSec provides the platform to answer those questions.
Returning for its sixth edition on 30 June – 1 July 2026 at the prestigious Manila Marriott Hotel, this flagship cybersecurity summit will convene over a thousand key cybersecurity leaders, stakeholders, government representatives, and technology innovators driving cyber resilience and strategic security transformation across the Philippines, and advancing cybersecurity governance in the Philippines.
Attendee Profile
- CISOs, Heads of Information Security, Risk, Compliance, Forensics, and Cyber Law
- Senior decision-makers from banking, BPO, healthcare, telecom, and government
- Representatives from both public and private enterprises across the country
Agenda Highlights
- AI-powered threats and how organizations are responding in real time
- Cloud and IoT security across hybrid environments
- Digital forensics and incident response
- Regulatory alignment with the National Cybersecurity Plan 2023–2028
- Data privacy, compliance, and governance under Philippine law
Additionally, discover cutting-edge solutions on the exhibition floor, where leading technology providers showcase the latest innovations in threat detection, cloud security, identity management, and resilience frameworks.
Engage directly with solution experts, explore live demonstrations, and evaluate tools designed to address real-world security challenges. Moreover, connect with peers and industry leaders through meaningful conversations that go beyond surface-level networking.
For more information about the event, visit: https://www.philsecsummit.com/
Register today!