Organisations in the Philippines are among the least prepared in the region when it comes to managing cyber risks from third-party vendors, according to new research by global cybersecurity firm BlueVoyant.
BlueVoyant’s 2025 State of Supply Chain Defence Report shows that only 23 percent of Philippine organisations have well-established or optimised third-party cyber risk management (TPRM) programmes. This is below the Asia-Pacific average of 32 percent and the lowest level recorded globally in the study.
The findings come as cyber threats linked to supply chains continue to grow. In 2025, all Philippine organisations surveyed reported suffering negative impacts from at least one supply chain–related cyber breach, up from 84.5 percent the year before. Four in 10 said they experienced between two and five breaches through third parties in the past year alone.
The report highlights several barriers slowing improvement, including resistance to change within organisations and difficulties coordinating across internal teams. Many companies also struggle to get accurate risk information from suppliers or to complete vendor risk assessments.
Despite these challenges, there are signs of progress. Nearly all Philippine organisations increased spending on third-party cyber risk management over the past year, and many are outsourcing tasks such as remediation, reporting, and monitoring. Adoption of artificial intelligence is also accelerating, with more than half planning to use AI to support continuous monitoring and manage risk questionnaires.
Most organisations also expect their third-party ecosystems to keep expanding, increasing the urgency to strengthen cyber risk controls. While many firms take a collaborative, relationship-driven approach to fixing cybersecurity issues with vendors, the report warns that this alone may leave gaps as supply chains become more complex.
BlueVoyant’s Asia Pacific head, William Oh, said the research shows Philippine organisations still need to strengthen the foundations of their cyber risk programmes and improve executive alignment as the country’s digital economy grows. BlueVoyant’s global head of third-party risk management, Joel Molinoff, added that the biggest improvements come when cyber risk is built into everyday business decisions rather than treated as a compliance exercise.
The study surveyed 1,800 senior executives worldwide, including 100 from the Philippines, all from organisations with more than 1,000 employees.
