PHILIPPINE COMPANIES must ramp up investments to comply with governance, risk, and compliance (GRC) strategies for data protection as cyberattacks become more advanced, according to cybersecurity firm Ampcus Cyber.
“GRC makes sure that all of the data that these big companies are using — let’s say a bank, a BPO (business process outsourcing), a service provider — stay protected,” Deep Chanda, chief executive officer at Ampcus Cyber, told BusinessWorld on the sidelines of an event last month.
“Let’s say you go to a hospital. You need to give your confidential health details. These are very confidential information, and you do not want your personal data to go out for companies, large organizations to misuse those,” he added.
Companies are working to establish and follow their own GRC frameworks amid rising cyber threats, increased regulatory compliance requirements, complexity of digital ecosystems, and data privacy concerns, Ampcus Cyber said.
For its part, CIS Bayad Center, Inc. is looking to invest in compliance tools and increasing awareness about cyber threats, according to its president and CEO Lawrence Y. Ferrer.
“We have to allocate more resources and budget to be able to support the ever-growing need to protect our customers, as well as to be able to provide operational resiliency, and last, regulatory compliance,” he said on the sidelines of the same event.
“This includes investing on AI (artificial intelligence) as well as compliance tools that our team can use to know our customers, identify threats, and provide the necessary protection.”
Carlos Tengkiat, chief information security officer at Rizal Commercial Banking Corp., said the lender wants to focus on compliance with security standards.
“Our main focus here is first, regulatory compliance, but this time, how about standards compliance? So, we’ve been doing self-assessments, but [we thought,] ‘Let’s formalize it into a system.’”
Marlon Sorongon, chief information security officer at Maybank Philippines, said they are also working to boost compliance with evolving data and AI regulations.
“There are also some regulations that will continue to shape compliance — areas like data privacy, AI frameworks — so those are the things that have to focus on as a bank,” he said. — Beatriz Marie D. Cruz
