Palo Alto Networks, a global leader in AI-driven cybersecurity, has today released its “2025 Cybersecurity Resilience in Mid-Market Organizations” benchmark study. This first-of-its-kind report offers valuable insights into how mid-market organizations across Asia-Pacific and Japan (APJ), including the Philippines, are evolving their cybersecurity capabilities. The Palo Alto Networks APJ Cybersecurity Study comes at a time of growing cyber threats and accelerating digital transformation.
While the study indicates that mid-market organizations in the APJ region are making tangible progress in strengthening their cybersecurity posture, significant challenges remain. For instance, many organizations are still in the early stages of operationalizing AI within their security workflows. Moreover, gaps persist in crucial areas such as incident recovery and overall cyber resilience. The complexity of managing multiple tools and fragmented environments also continues to hinder efficiency. Therefore, addressing these issues effectively will require a more unified, platform-based approach. Such an approach should integrate AI-driven capabilities to enhance performance, streamline operations, and strengthen protection across the board.
Cybersecurity is no longer just an IT issue; it’s a fundamental business priority,” stated Michelle Saw, Vice President, Ecosystems, Asia-Pacific and Japan at Palo Alto Networks. “As threats grow more sophisticated and AI reshapes the threat landscape, our benchmark study reveals that many mid-market organizations are still catching up. This study helps these organizations see where they stand and take the necessary steps to achieve stronger security outcomes. Importantly, it also highlights the growing importance of partners. These partners must now evolve their offerings to focus more deeply on education, integration, AI adoption, and advanced technical expertise to better support customer needs.
Key Findings from the APJ Cybersecurity Benchmark Study
The comprehensive Palo Alto Networks APJ Cybersecurity Study highlights several critical trends:
- Partners Matter More Than Ever: A significant 79% of companies anticipate relying on partners for cybersecurity support within two years, a notable increase from 53% today.
- Cyber Budgets Are Rising: Encouragingly, 57% of organisations plan to increase cybersecurity spending over the next 12 months. Cyber initiatives now account for 13.6% of total IT budgets, up from just 6% in 2019.
- AI Adoption Lags Investment: Despite growing awareness, organisations cited AI-related capabilities as one of the lowest-performing areas in their current cybersecurity programs.
- Cloud Security, IAM, and SIEM Top Priorities: Over the next 24 months, these areas are the most cited for new or increased investment.
- Framework Implementation is Inconsistent: Adoption of crucial frameworks like the NIST Cybersecurity Framework (specifically NIST 2.0) received the lowest score among the five benchmark categories. This underscores a need for clearer guidance and support. Sectors leading in framework adoption include financial services, telecommunications, and utility companies.
Focus on the Philippines: Local Insights
The Palo Alto Networks APJ Cybersecurity Study also provides specific insights for the Philippines:
- Increased Cybersecurity Budgets: Budgets for cybersecurity in the Philippines now account for an impressive 13.3% of revenue. The biggest increases are projected in security software (47.09%), network security hardware (38.35%), and data protection and privacy (37.86%).
- Accelerating Partner Support: Currently, 61% of Philippine companies rely on partners for cybersecurity. This figure is expected to rise sharply to 79% in two years. Managed Security Service Providers (MSSPs) are the most preferred partner type (40%), followed by MSPs and systems integrators.
- Robust Safeguards but Gaps in Governance & Response: Under the NIST framework, the Philippines scores 3.95 in Govern, 3.06 in Identify, 4.05 in Protect, 4.05 in Detect, and 3.07 in Respond. While protection and detection are strong, these scores reveal areas needing improvement, particularly in governance, identification, and response capabilities.
- Drivers for Partner Selection: Technical expertise (35.9%), resiliency capabilities, and knowledge transfer primarily drive partner selection. However, poor solution performance (43%), major breaches, and supply chain issues remain top reasons for switching partners.
- Top Deployed Solutions: Application and data security, Security Operations Center (SOC) operations, and network security are currently the most deployed cyber solutions in the country.
“It’s encouraging to see the Philippines taking meaningful steps to elevate its cybersecurity efforts,” commented Steven Scheurmann, Regional Vice-President of ASEAN at Palo Alto Networks. “The approval of the National Cybersecurity Plan, for example, is a critical move to safeguard institutions, infrastructure, and citizens amid growing threats. With the Philippine digital economy valued at PhP2.25 trillion in 2024, accounting for 8.5% of the country’s GDP, cybersecurity is no longer optional. Consequently, the increased budgets among mid-market organisations reflect a deeper understanding that protecting digital assets is essential to sustaining business growth and national progress. This is precisely why partnerships are crucial to improving threat detection and response, enabling the adaptive, intelligent security needed for the digital future.”
Tim Dillon, Founder, Director, and Principal Analyst End User at Tech Research Asia (TRA), added, “The research indicates that mid-market organisations in the region have made notable advancements in strengthening their cybersecurity posture. However, there remains substantial opportunity for partners to support continued progress, particularly in the areas of workforce education and training, identity and access management, and application and data security.” Tech Research Asia, who conducted the study, is a respected analyst firm in the region. You can learn more about their work at the Tech Research Asia website.
About the Study
The “Cybersecurity Benchmark for Asia-Pacific and Japan” was developed in collaboration with Tech Research Asia. It surveyed over 2,800 mid-sized organisations across 12 countries and a range of industries. The study offers a snapshot of the region’s cybersecurity maturity. Furthermore, it provides practical guidance for improvement by evaluating performance across five key areas: strategy execution, business integration, operational capabilities, solution maturity, and NIST 2.0 framework adoption. The average score was 19.01 out of 25. While this indicates a moderate level of maturity, the findings reveal clear opportunities to strengthen AI readiness, boost ransomware resilience, and advance framework implementation. This Tech Research Asia Insights Report was commissioned by Palo Alto Networks and completed in April 2025.
For more information on the “2025 Cybersecurity Resilience in Mid-Market Organisations Study,” visit the official page: https://www.paloaltonetworks.com/industry/japac-mid-market-solutions
