The Philippines is facing a wave of increasingly complex cyberattacks in 2025, with HR departments emerging as both prime targets and critical defence lines.

Threat actors are taking advantage of rising geopolitical tensions, rapid digitalisation, and an expanding attack surface to compromise networks and exploit people. Among the top targets of these attacks are HR departments that manage vast amounts of sensitive employee information.

Cyberint’s latest Philippine Threat Landscape Report showed that malware, phishing, social engineering, and social media impersonations are the most common types of cyberattacks. Social impersonations have become more common as of late with the use of “deep fake” AI technology.

The report also found that Telegram-based underground marketplaces linked to the Philippines have seen a 100% year-on-year increase in cybercrime activity. These platforms are trading everything, from full personal data sets to elaborate exploitation kits and fake documents.

While ransomware incidents in the Philippines dropped slightly in 2024, the country still ranks 12th in ransomware cases across the Asia Pacific region. These attacks often employ “double extortion” methods – locking data while threatening to leak it – putting HR-held employee records directly at risk.

With the number of cyberattacks continuously rising, the role of HR in data protection is becoming increasingly critical. HR leaders must now consider cybersecurity literacy as a non-negotiable skill to protect employee data, ensure compliance, and safeguard organisational resilience.

Read: Firm almost lost $500K to deepfake scam

Why HR is a high-value target of cyber attacks

HR departments are treasure troves of personally identifiable information (PII): names, bank details, tax IDs, medical histories, and performance evaluations. Unlike IT systems hardened by firewalls and endpoint protection, HR interfaces – such as email, cloud-based HRIS platforms, and recruitment portals – are more exposed to social engineering tactics.

HR’s responsibilities, including onboarding, offboarding, and background checks, make it a gatekeeper of access control, yet many HR professionals lack the cybersecurity awareness to execute this role securely. One compromised login or lax offboarding process can open the door to wider breaches.

In the case of the 2023 PhilHealth data breach, attackers accessed the PII of millions of Filipinos, highlighting the impact of insufficient control and weak data storage practices. Incidents like these have legal consequences under the Data Privacy Act (DPA) of 2012, but they also cause lasting damage to employee trust and brand reputation.

Furthermore, insider threats – whether negligent or malicious – are now a major concern. Unlike external hackers, insiders often have legitimate access to data, making them harder to detect.

HR is in a unique position to manage this risk through proactive vetting, continuous training, and structured offboarding. However, organisations still treat these as administrative tasks rather than security functions.

Read: Hacked? Your password still needs upgrade

Bridging the cybersecurity knowledge gap

Cybersecurity has long been the domain of IT departments, but that mindset is no longer sustainable. HR leaders don’t need to become technical experts, but they do need foundational knowledge in threat awareness, secure data handling, and compliance.

Some of the learning areas of HR practitioners include:

Phishing detection: Recognising suspicious sender details, urgent tone, unexpected attachments, and odd requests for information

DPA compliance: Ensuring transparency, legitimate purpose, and proportionality in data collection and usage

Access control: Enforcing the principle of least privilege, role-based access, and multi-factor authentication (MFA) for HR systems

Secure data management: Encrypting files, implementing retention schedules, and securely disposing of records

Insider threat mitigation: Developing policies and awareness training to reduce careless or malicious internal actions

Practical upskilling pathways are accessible online. Some can be found in government resources, mainly from the National Privacy Commission and the Department of Information and Communications Technology.

There are also beginner-friendly online courses via LinkedIn Learning or Coursera.

From vulnerability to asset: HR’s role in cyber resilience

When HR professionals understand cybersecurity, they become a powerful ally in organisational defence. Cyber-aware HR departments can contribute in four key ways:

1) Improved personnel risk management

By integrating security checks into hiring, onboarding, and offboarding, HR reduces the risk of unauthorised access and insider leaks.

2) Strengthened policy enforcement

HR plays a central role in crafting, communicating, and enforcing policies around acceptable use, remote work security, and data handling.

3) Effective security awareness programmes

With their training expertise, HR can co-lead initiatives that engage staff, tailor content to roles, and measure impact.

4) Incident response collaboration

In a breach scenario, HR supports investigations, manages employee communications, and helps coordinate a calm, compliant recovery.

Moreover, HR can foster a security-first culture. When policies are reinforced during onboarding and revisited regularly through awareness campaigns, cybersecurity stops being an IT-only issue and becomes part of everyday behaviour. That cultural shift is what makes long-term resilience possible.

Leaders and practitioners of HR in the Philippines are now living in one of the most complex threat environments in Southeast Asia. With attacks escalating in frequency and precision, especially against human-facing roles such as HR, cybersecurity competence becomes a necessity.

HR must evolve to become a cybersecurity stakeholder, not just a data custodian. Those who adapt now will be best positioned to lead secure, compliant, and trusted workplaces.