THE annual corporate governance training of directors and officers of publicly listed companies (PLCs) associated with the Lopez Group held online on Oct. 28 covered cybersecurity and agentic artificial intelligence (AI). Resource persons were provided by SGV & Co.
SGV consulting partner Alvin Manuel discussed how to address cyber threats with AI, ransomware defense and zero trust as companies journey on the road toward cyber resilience.
Rapid digitalization has expanded the capabilities of organizations and simplified some processes as seen in the boom of digital payment transactions, which increased by 57.4% in the Philippines.
However, this has also led to an increase in financially motivated cyberattacks as evidenced by the over 10,000 complaints recorded by the Cybercrime Investigation and Coordinating Center mostly about online scams, identity theft and authorized access.
‘Cyber inequity’
Manuel warned about “cyber inequity” which refers to the disparity in cybersecurity capabilities between larger, well-resourced organizations and smaller, less-resourced ones that may be providing products and services to the bigger companies.
“Hackers target weaker companies that support larger enterprises and exploit vulnerabilities to gain access to more significant targets…Threat actors are taking the path of least resistance, so they’re targeting less secure industries,”
he said. Manuel recommended the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) as a primary way to assess and improve any organization’s ability to prevent, detect and respond to cybersecurity risks and a zero trust mindset in cyber governance.
The NIST CSF provides a policy framework for defending, surviving and overcoming a cyberattack by establishing prevention, detection, response and recovery controls. Zero trust is anchored on three principles: 1) assuming that a breach has occurred; 2) explicit verification if anything seems abnormal; and 3) limiting user and device access to only what is necessary for each function.
SGV consulting principal Lee Carlo Abadia explained that agentic AI is focused on “agents” or digital entities that have some level of autonomy and execution continuity to complete a specific task and flexibly pursue goals.
An agent can also work with other agents to achieve a bigger goal. The Philippine Information Technology-Business Process Management sector has led the adoption of AI in business with 11% of firms having already fully implemented agentic AI and 56% actively implementing AI initiatives in 2024.
AI Governance model
Abadia said using AI technologies provides organizations with tools to increase revenues by uncovering data trends, coming up with new products and hyper-personalized customer experiences, and identifying risks; decrease costs by reducing manual steps, producing better insights and tracking risks better; and increase engagement by providing employees with opportunities for continuous learning, critical thinking and upgrading digital skills.
Abadia suggested Ernst & Young’s AI governance model for organizations as a framework to first assess their AI capabilities, establish a governance model and then formulate a strategy for AI adoption. Such a framework provides clear direction for the information technology development required by AI programs.
“Make sure you continuously get feedback on what the AI output is giving, and having a right portfolio that aligns to the strategic level, so that you’re not wasting and having misplaced energy,” he said.
The continuing education of professional directors and officers of listed companies is required by the Securities and Exchange Commission. Participants came from ABS-CBN Corporation, ABS-CBN Holdings Corporation, First Gen Corporation, First Philippine Holdings Corporation, Lopez Holdings Corporation and Rockwell Land Corporation. Joining them were directors and officers of Energy Development Corporation, Lopez Inc. and some of its subsidiaries. (CPS)
