AI-driven cybersecurity firm Palo Alto Networks has unveiled the 2025 Cybersecurity Resilience in Mid-Market Organisations report, delivering an unprecedented look at how mid-sized companies across Asia-Pacific and Japan—including the Philippines—are evolving their defenses amid escalating cyber threats and digital acceleration.
The findings are both encouraging and cautionary. Across the region, mid-market businesses are taking meaningful steps to enhance their cybersecurity readiness. Yet, critical gaps remain. While AI is top of mind, many companies are still in the early phases of embedding it into their security operations. Fragmented environments, a patchwork of tools, and inconsistent recovery practices are slowing progress. A shift to a more integrated, platform-driven approach—powered by AI—will be essential to keep pace with increasingly complex threat landscapes.
“Cybersecurity has grown beyond the confines of IT departments—it’s now a core business priority,” said Michelle Saw, Vice President of Ecosystems, Asia-Pacific and Japan at Palo Alto Networks. “Our study shows that mid-sized businesses are still racing to catch up with the sophistication of today’s threats. This benchmark is a wake-up call and a roadmap, pointing out where improvements are needed and how partners can help—through smarter integration, deeper education, and advanced technical support.”
Some standout findings from the study paint a clear picture of shifting priorities. Nearly four out of five companies (79%) say they’ll depend more heavily on external partners for cybersecurity within two years—a sharp rise from just over half today. Budgets are following suit, with 57% of businesses planning to increase cybersecurity spending in the next 12 months. On average, cybersecurity now consumes 13.6% of total IT budgets—more than double the figure from 2019.
Still, investment doesn’t always mean impact. Despite rising interest in AI, its implementation remains one of the weakest areas in many cybersecurity programs. Meanwhile, organisations are prioritising investments in cloud security, identity and access management (IAM), and security information and event management (SIEM) systems over the next two years. Yet when it comes to implementing industry frameworks like NIST 2.0, the study found widespread inconsistency. Financial services, telecom, and utility sectors are ahead of the curve, but overall adoption lags behind, highlighting the need for clearer guidance and support.
Zooming in on the Philippines, the report reveals that local companies are making progress—but still face familiar hurdles. Cybersecurity budgets have grown to represent 13.3% of company revenue. The largest spikes in spending are focused on security software (47.09%), network security hardware (38.35%), and data protection and privacy (37.86%).
Local businesses are also leaning more heavily on partners. Currently, 61% rely on external cybersecurity support—a number expected to jump to 79% in two years. Managed Security Service Providers (MSSPs) are the preferred partner type, followed by Managed Service Providers (MSPs) and system integrators. Technical expertise, resilience, and knowledge transfer are the top factors driving partner selection. However, underperformance, major breaches, and supply chain issues remain the most common reasons companies switch partners.
When assessed under the NIST framework, the Philippines shows strength in protection and detection, but governance, identification, and response still need work. The country’s scores were: Govern (3.95), Identify (3.06), Protect (4.05), Detect (4.05), and Respond (3.07). Application and data security, SOC operations, and network security are currently the most widely deployed solutions.
“It’s promising to see the Philippines stepping up its cybersecurity strategy, especially following the recent approval of the National Cybersecurity Plan,” said Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks. “With the country’s digital economy now valued at ₱2.25 trillion, or 8.5% of GDP, cybersecurity is no longer a luxury—it’s a necessity. These budget increases reflect a growing awareness that digital protection is central to business resilience and national progress.”
Tim Dillon, Founder and Principal Analyst at Tech Research Asia, echoed this sentiment. “There’s been real progress in the region, but plenty of room for growth—especially in workforce training, identity management, and securing applications and data. Partners will be essential in moving the needle.”
The Cybersecurity Benchmark for Asia-Pacific and Japan, created in collaboration with Tech Research Asia, surveyed over 2,800 mid-sized organisations across 12 countries and multiple industries. The report evaluates cybersecurity maturity across five key dimensions: strategy execution, business integration, operational capability, solution maturity, and NIST 2.0 framework implementation. With an average score of 19.01 out of 25, the region shows moderate maturity but significant opportunity to bolster AI readiness, ransomware resilience, and framework adoption.
To read the full 2025 Cybersecurity Resilience in Mid-Market Organisations Study, visit:
https://www.paloaltonetworks.com/industry/japac-mid-market-solutions