CEBU CITY – Top listed companies operating critical information infrastructure (CII) may lose PHP6.15 billion in revenues per day due to cyber attacks, an information and communications technology (ICT) advocacy group estimated.
In a media seminar hosted by the United States Embassy here, Secure Connections ICT policy analyst Mary Grace Mirandilla-Santos said the number is based on the assumption that these CII companies are compromised at the same time.
“It's unlikely, but who knows. [There are] so many things are possible in these days,” she told reporters on the sidelines of the event.
Largest losses per day are in the energy sector with potential daily losses of PHP2.8 billion, followed by banks at PHP1.5 billion, telecommunications at PHP1.06 billion, transportation at PHP631 million, water at PHP115 million and healthcare at PHP40 million.
Aside from these sectors, CII operators are also in business process outsourcing (BPO), broadcast media, emergency services and disaster response and government.
Mirandilla-Santos said this figure is only a fraction of the potential damage to the economy due to cyber attacks, as the number only counted firms listed with the Philippine Stock Exchange (PSE).
She said cybersecurity incidents have cascading effects that also compromise and cause damages to other sectors depending on CII operators.
"If there is no alternative to critical infrastructure, then it makes the cost much bigger," she added.
Mirandilla-Santos cited some gaps in protecting CIIs in the country, including the lack of a national directive mandating government agencies with jurisdiction over critical infrastructure to promote information security, the poor awareness and adoption of minimum information security standards and the lack of clarity in institutional arrangements on cybersecurity.
To address these challenges, Secure Connections is urging the Office of the President to issue an executive order mandating information security standards for CIIs.
To address cyber threats on CIIs in the long-term, the group is pushing for the Critical Information Infrastructure Protection Act (CIIPA).
Five Senate bills and three House bills were already filed in the Congress on CIIPA. (PNA)