Manila, Philippines – Philippine organisations continue to face elevated cyber exposure from third-party ecosystems, according to the latest report from BlueVoyant, which highlights structural weaknesses in third-party risk management across the APAC region.
The Philippines recorded the lowest level of third-party risk management maturity among surveyed markets, with only 23% of organisations reporting that their programmes are established or optimised. This compares unfavourably with more mature markets in the region and reflects limited adoption of formalised tools and processes. In practice, 64% of Philippine respondents mentioned they rarely or only sometimes use dedicated platforms to manage third-party cyber risk, constraining visibility across supplier networks.
Supply chain-related cyber incidents also remain widespread. All surveyed organisations in the Philippines reported experiencing negative impacts from at least one third-party-related breach in 2025. Nearly 40% indicated they had been affected by between two and five such incidents over the past year, underscoring the frequency of indirect cyber disruptions linked to vendors and partners.
“As the Philippines increasingly recognises cybersecurity as central to the economy’s digitalisation, third-party cyber risk management is emerging as a crucial aspect in organisational resilience,” William Oh, head of Asia Pacific at BlueVoyant, shared.
He added, “Our research shows that Philippine organisations still have work to do to strengthen program foundations and executive alignment to address persistent threats within the third-party ecosystem.”
Progress in strengthening programmes is being hindered by both organisational and operational barriers. Internal resistance to change and challenges in cross-stakeholder collaboration were each cited by 25% of respondents as leading organisational obstacles to maturing third-party risk management. On the operational side, 18% reported difficulty getting suppliers to complete risk questionnaires, while 16% said they struggle to obtain accurate and reliable risk insights from third parties, limiting effective assessment and prioritisation.
Despite low programme maturity, collaboration with suppliers remains a notable feature of the Philippine market. Around 63% of organisations reported they work with third parties to remediate cybersecurity issues once identified, with 23% collaborating directly with vendors throughout the remediation process. While this relationship-driven approach can support faster issue resolution, the report indicates that expanding ecosystems may expose blind spots if collaboration is not supported by scalable monitoring and governance frameworks.
“Organisations worldwide continue to face the pressing challenge of managing supply chain and third-party cyber risks,” Joel Molinoff, global head of third-party risk management at BlueVoyant, commented.
“Increased investment and growing AI adoption are positive steps, but the biggest gains come when third-party cyber risk is embedded into everyday business decisions and not treated as just a compliance exercise.”
On the other hand, investment in third-party risk management is also increasing sharply. Nearly all Philippine organisations, 98%, reported higher spending on these programmes over the past 12 months, up from 90% in the previous year. At the same time, outsourcing is becoming more common, with 38% relying on external providers for remediation, 37% for reporting, and 34% for ongoing monitoring of third-party risk.
Overall, almost all surveyed Philippine organisations at 97% expect their third-party ecosystems to grow further, with 41% anticipating an increase. As reliance on external vendors deepens, the findings suggest that strengthening foundational capabilities in third-party cyber risk management will be essential to reducing persistent supply chain vulnerabilities.
