IN the world of online safety, the acronym “CERT” — Computer Emergency Response Team — might sound like high-tech jargon. In plain language, a CERT is simply a professional team trained to spot, manage, and fix cyberattacks. Think of them as a digital fire department. Just as a city fire station has the specialized tools and training to put out a blaze before it consumes a whole neighborhood, a CERT has the skills to stop a data breach or a virus before it destroys a company.
But these teams do more than just put out fires. They also work to prevent them. A modern CERT acts as a central hub where information about new threats is collected and shared. While a single company might have its own security guards, a “sectoral CERT” acts as a guard for an entire industry. This ensures that when one business is attacked, the lessons learned are immediately shared to protect everyone else in that same line of work.
The Philippines is currently setting up a four-tier national system to organize these defenses. According to the National Cybersecurity Plan (NCSP) 2023-2028 and recent rules from the Department of Information and Communications Technology (DICT), the structure is clear: Tier 1 is the National CERT (CERT-PH), which looks at the whole country; Tier 2 covers government agencies; and Tier 3, the most important for our daily economy, is the sectoral CERT. These are meant to be led by the private sector and run by business groups like the Bankers Association of the Philippines, the Makati Business Club, or the Philippine Chamber of Commerce and Industry.
This idea of organizing by industry is not a local experiment; it is a proven strategy used by the world’s most secure economies. In the United States, for example, the government relies heavily on what they call information sharing and analysis centers, or ISACs. These are industry-specific hubs where sectors like aviation, energy, and finance talk to each other about threats. It allows them to collaborate with the federal government while keeping their individual business secrets private. In Europe, the “NIS2 Directive” now requires countries to have similar sectoral teams for health care and digital infrastructure. These international models prove a simple point: while the government provides the big-picture policy, the industries themselves must provide the actual “boots on the ground” expertise.
We see this same logic working across borders with the recent launch of the Asean Regional CERT. This regional team was officially set up with a physical office in Singapore in late 2024 because members of the Association of Southeast Asian Nations (Asean) realized a fundamental truth: hackers do not care about national borders, so our defense shouldn’t either. The Asean CERT was born out of a study that showed that transboundary threats — those that jump from one country to another — require a coordinated response. By mid-2025, this Asean team began sharing live threat information among member-countries. This regional cooperation serves as a powerful blueprint for the country. If different nations can agree to share sensitive data to protect regional trade, surely our own domestic industries can find common ground to protect our national economy.
The need for this in our country is urgent. In 2024, eight out of 10 Philippine organizations reported being hacked more than once. The banking and finance sector alone lost P5.82 billion. For many of these companies, a single attack cost more than P50 million ($1 million). Clearly, trying to fight these criminals alone is no longer working. Cybercriminals today act like organized gangs or “cartels” that share tools and targets; our defense must be just as organized and collective.
Setting up these sectoral CERTs also protects our “Critical Information Infrastructure” — the digital backbone of our country. In our modern world, everything is connected. A successful attack on a power company or a cellular phone network doesn’t just hurt that one company. It can stop bank withdrawals, disrupt hospital equipment, paralyze transport, and even cut off emergency services. A sectoral CERT has the specific “insider” knowledge to understand how these systems work and how they depend on each other — knowledge that a general government office might not have.
Furthermore, this model helps our small and medium enterprises. Most Filipino businesses are small and cannot afford expensive security software or full-time tech experts. By joining an industry-led CERT, a small shop or local supplier gets the same early warnings and expert help used by the biggest corporations. It is a way for the “big brothers” of industry to help shield their smaller partners, ensuring that the entire supply chain remains unbroken.
The DICT has already built the framework, and the national CERT is ready to act as the anchor for these efforts. We also see new laws being proposed in Congress, such as the National Cybersecurity and Critical Information Infrastructure Protection Act, to make these roles permanent. But industry leaders should not wait for the ink to dry on a new law or for a government mandate to tell them to protect their own house.
We are now in an era where cyberattacks are fast, automated, and often driven by artificial intelligence. We can no longer treat computer security as just another minor office expense or a “discretionary” IT item. It is a basic requirement to keep a business running and our country safe. By taking the lead and forming these sectoral CERTs, our business associations can show the world that the Philippines is a trusted and secure destination for global digital trade. In the digital age, we are only as strong as our weakest link. The best way to protect ourselves is to look out for one another. Resilience is no longer an individual task; it is a team sport.
