As artificial intelligence (AI) becomes deeply embedded in industry operations, cyber risks are no longer treated as occasional crises but as a constant threat, according to a top executive of global cybersecurity firm Fortinet.

In a forum in Taguig City, Rashish Pandey, vice president of marketing and communications for Asia and ANZ (Australia and New Zealand) at Fortinet, said the cybersecurity landscape is evolving from episodic emergencies to a state of ongoing exposure.

“Organizations in the Philippines are increasingly vulnerable to threats that operate in the shadows,” he said, citing ransomware as the most reported threat at 66 percent. This was followed by software supply chain attacks (62 percent), cloud vulnerabilities (58 percent), insider threats (56 percent), and phishing (50 percent).

“The most disruptive threats are no longer the most obvious,” Pandey said. “These threats are particularly damaging because they often go undetected by traditional defenses, exploiting internal weaknesses and visibility gaps.”

While phishing and malware threats are still growing at a rate of 10 percent, the increase is modest due to mature defenses like endpoint protection and user awareness training, he said.

In contrast, the fastest-rising threats include supply chain attacks (16 percent), IoT/OT attacks (14 percent), cloud vulnerabilities and insider threats (12 percent each), and unpatched/zero-day exploits (10 percent).

“These threats are scaling rapidly because they exploit gaps in governance, visibility, and system complexity,” Pandey noted, “making them harder to detect and more damaging when successful.”

The impact of cyberattacks has expanded beyond mere downtime. The top consequences include loss of customer trust (62 percent), regulatory penalties (56 percent), data theft and privacy violations (54 percent), and operational disruption (42 percent). Financial losses are also widespread, with 46 percent of breaches causing monetary damage — one in four costing over $500,000.

In the Philippines, AI-driven threats include deepfake impersonation in business email compromise, AI-enabled social engineering, adversarial AI and data poisoning, automated reconnaissance, and polymorphic malware.

Yet only 9 percent of organizations feel very confident in defending against AI-driven threats. Another 27 percent say such threats outpace their detection capabilities, while 19 percent admit they cannot track them at all.

Pandey also highlighted a severe talent shortage. “On average, only 7 percent of an organization’s workforce is in IT, and just 13 percent of that is focused on cybersecurity,” he said. That equates to fewer than one full-time cybersecurity expert per 100 employees.

Only 15 percent of organizations have a standalone chief information security officer, while 63 percent assign cybersecurity duties to broader IT roles. Just 6 percent have specialized teams for functions like threat hunting.

“These lean teams face mounting pressure,” Pandey said. “Top challenges include overwhelming threat volume (54 percent), difficulty retaining cybersecurity talent (52 percent), and tool complexity (44 percent), all contributing to burnout and operational fragmentation.”