Introduction
The Philippines, like many other nations, is witnessing a dramatic increase in cyber threats, fueled by the rapid adoption of digital technologies and the proliferation of sophisticated cybercriminals. This article examines the evolution of cyber threats in the Philippines, with a focus on phishing, email security and the risks posed by agentic AI. It also highlights the inadequacy of legacy security systems in addressing these challenges and explores the role of KnowBe4's innovative tools, namely Agent Risk Manager (ARM), Collaboration Security and Security Awareness Training , in enhancing cybersecurity preparedness.
Evolution of Cyber Threats in the Philippines
Past Trends
Historically, cyber threats in the Philippines were largely unsophisticated, comprising basic malware, rudimentary phishing schemes and website defacements. These attacks primarily targeted individuals and small businesses, capitalizing on a general lack of awareness and inadequate security measures.
In the past 20 years, the Philippines stands as the second most affected country in Southeast Asia, with 151.3 million user accounts breached since 2004. This high ranking is driven by rapid digital adoption, which has outpaced the development of robust security infrastructure, high rates of social engineering, and a persistent shortage of cybersecurity skills. According to Broadsheet, on average, each Filipino has been impacted by a data breach at least once, marking the country’s exposure rate as among the highest in the region.
Current Trends
Today, the landscape has evolved significantly. Phishing remains a predominant threat, with attackers employing more sophisticated tactics to deceive users. According to data from the Whoscall 2025 Philippines Scam Report, phishing or link-based attacks are now the fastest-growing digital threat in the Philippines. The rise of agentic AI has further complicated the threat landscape, enabling cybercriminals to automate and enhance the effectiveness of their attacks.
Email security vulnerabilities have also become a critical concern. The transition to remote work has increased reliance on email communication, making it a prime target for cyberattacks. Cyberint published a recent report stating how phishing attacks have long been a favored method for cyber criminals, but with the advent of artificial intelligence (AI), these attacks are set to become much more advanced. Threat actors will leverage AI to craft highly personalized phishing emails, texts, or social media messages tailored to individual targets by analyzing publicly available data. These AI-driven phishing campaigns will be challenging to detect due to their human-like language, dynamic content creation, and ability to evade traditional filters.
In 2024, Statista reported that phishing was the number one most frequent fraud scheme targeting consumers in the Philippines. Report shown below:
Another notable report from Cybercover highlighted how social engineering became the biggest threat in the Philippines in 2025, accounting for more than three-quarters of all financial fraud in 2025.
Check Point published its Philippine Threat Landscape Report 2025, outlining a sharp rise in cyber risks across the country. It specifically stated that phishing jumped an astronomical 423% from 2024 to 2025. Research indicates that this was due to industrialized, AI-driven scams targeting a mobile-first population. Criminals shifted to high-volume smishing (SMS-based phishing) to bypass security, exploiting rapid, unsecured cloud adoption and high-pressure brand impersonation.
Malicious email attacks rose sharply in 2025, with global cybersecurity firm Kaspersky reporting a 15% increase in harmful and potentially unwanted email attachments compared to 2024 - a trend that experts say should alarm both businesses and everyday internet users in the Philippines. In addition, according to Context.ph, the Asia-Pacific region recorded the highest share of email antivirus detections at 30%, underscoring the region’s vulnerability to cyber threats.
In the cyber threat realm of AI, Business Mirror stated that the Philippines recorded over 52 million exposed credentials in just three months as cyberattacks surged 49% during the third quarter of 2025, with AI and deepfake technology enabling a new generation of digital threats that are faster, more deceptive, and harder to detect than ever before.
Future Trends
Today we realize that legacy security systems, while once effective, are no longer sufficient to combat today's dynamic and sophisticated cyber threats. These systems often lack the capability to adapt to new attack vectors and fail to provide comprehensive protection against evolving threats.
Looking ahead, cyber threats are expected to become even more advanced, with AI-driven attacks becoming more prevalent. Cybercriminals will continue to exploit technological advancements to bypass traditional security measures. The need for a proactive and adaptive cybersecurity approach is more critical than ever.
KnowBe4's Innovative Solutions
Agent Risk Manager (ARM)
ARM is designed to identify and mitigate risks associated with agentic AI. ARM leverages AI technology to continuously analyze and assess potential threats, providing organizations with a real-time understanding of their risk landscape. By integrating ARM, organizations in the Philippines can proactively address AI-related risks and enhance their overall cybersecurity posture.
Collaboration Security
KnowBe4 Collaboration Security uses AI-driven behavioral analysis and contextual machine learning to detect the full spectrum of threats—both inbound attacks and outbound data loss. The tool uses a specialized machine learning model that continuously learns from millions of user-reported emails to categorize and prioritize messages for SOC review.
Security Awareness Training
KnowBe4 Security Awareness Training offers comprehensive training modules that educate employees on recognizing and responding to phishing attacks and other cyber threats. By enhancing employee awareness and vigilance, organizations can significantly reduce their vulnerability to cyberattacks.
Conclusion
Work has changed. Employees and AI agents now operate side by side in today’s modern, digital workforce. KnowBe4 is the only cybersecurity company built to protect this hybrid reality - securing humans and agents with the same rigor, the same intelligence, and the same proven track record.
Over 70,000 organizations worldwide have trusted KnowBe4 for more than 15 years. The KnowBe4 Platform combines advanced technical defenses with continuous risk intelligence and a Risk Score to quantify where you are. We help organizations secure their entire digital workforce of humans and agents, defending against phishing, deepfakes, and emerging social engineering and prompt injection threats.
The rise of cyber threats and AI in the Philippines necessitates a shift away from legacy security systems towards more adaptive and proactive solutions. KnowBe4's ARM, Collaboration Security and Security Awareness Training provide organizations with the tools needed to effectively combat current and future cyber threats. By leveraging these services and offerings, organizations in the Philippines can enhance their cybersecurity resilience and protect themselves against the ever-evolving cyber landscape.
This article aims to provide a comprehensive analysis of the current state and future trends of cyber threats in the Philippines, emphasizing the importance of adopting innovative solutions to address these challenges.
