Philippine gov’t to centralise cybercrime fight amidst rising scams
The CICC plans to house key agencies in a single facility.
The Philippines plans to centralise cybercrime operations by bringing key agencies into a single facility and expanding real-time threat monitoring.
“We intend to have a building that houses every agency that has a stake in the fight against cybercrimes,” said Robert Paguia, division chief of international cooperation on cybercrime and data protection officer at the Cybercrime Investigation and Coordinating Center (CICC).
Key agencies include the Philippine National Police, the National Bureau of Investigation, and the Department of Justice, he said during the GovMedia Summit 2026 at Makati Shangri-La.
The move comes as such threats grow more sophisticated, particularly scams that target individuals through email, text, and phone calls.
One of the most common types of attacks is phishing, according to Paguia, where over 3.4 billion spam emails are sent every day.
“These attacks are responsible for a large majority of data breaches,” he said.
Many of these attacks utilise ‘social engineering,’ where victims are tricked into giving away personal information. “What makes this dangerous is that it relies on human error.”
“What makes social engineering very dangerous is that it relies on human error,” he said.
Paguia also flagged the use of tools like international mobile subscriber identity (IMSI) catchers, which can be used to send messages that appear to come from legitimate institutions like banks, telcos, or government agencies.
To support enforcement, the CICC operates a cybercrime complaint centre that receives reports from the public and forwards them to relevant authorities. It also runs a 24/7 hotline and a response centre that assists law enforcement in ongoing cases.
Meanwhile, Paguia said the agency is also expanding its threat monitoring centre, which tracks cyber risks and issues alerts. “We want to graduate from being reactive to proactive.”
However, he pointed out the need to update operating systems and software, citing gaps in current practices, including a 2023 data breach at PhilHealth that was linked to outdated systems.
He further urged organisations and individuals to adopt basic safeguards such as updating software, using strong passwords, and avoiding suspicious links.
“We often ignore cybersecurity until it becomes the most expensive lesson,” he said. “What we need is a whole-of-society approach—a collaboration between the private and the public sectors.”
