Why The BPO Sector in The Philippines Should Focus on Their Cybersecurity

Philippine Market Structure of Business Process Outsourcing (BPO)

For many years, the business outsourcing industry has been a key contribution to the Philippine economy. Accenture, Concentrix, Teleperformance, and Outsourced are just a few of the BPO businesses in the Philippines. These significant firms controlled a sizable market, resulting in fierce competition. These corporations wielded considerable market power, influencing prices, wages, and industry norms. This market structure revealed features of an oligopoly. The market is dominated by large corporations with strong market power. An oligopoly has barriers to entry and few close substitutes for the product, in addition to having only a few sellers or suppliers dominating the market.

Cybersecurity Training for BPO Employees

BPO industries are required to conduct regular and comprehensive cybersecurity employee training programs to be able to defend cyber threats and to not become the system’s weakest link. It is recommended to cover certain topics such as:
Discussing the value and importance of cybersecurity in the competitive BPO industry.
Enhancing employees’ knowledge about the most common types of cyber threats and how to prevent them before reaching your system.
Most effective data protection, privacy, and security procedures and policies.
Explaining the key responsibilities and qualifications of proper cybersecurity.
Proper way of reporting cyber attacks and issues.

Why is Cybersecurity Crucial in BPO?

Business Process Outsourcing (BPO) is an industry in the Philippines that offers diverse business services to foreign corporations and organizations. In the Philippines, BPO companies employ competent employees who perform these services on their client’s behalf. BPO generates significant foreign exchange revenues for the Philippines and creates employment in customer service, IT support, finance, and human resources sectors. Clients expect that their sensitive data are safe with BPO. Hence, clients expect strong cybersecurity that assures them that their data will not become part of cyber threats and that third-party service providers can be trusted.

Importance of Practicing Cybersecurity Hygiene in the BPO Industry

In summary, the BPO industry has to practice proper cybersecurity hygiene as they are responsible in keeping the confidentiality of their client’s sensitive data, while working closely with third-party telecommunication providers. Therefore, BPO industries are required to strictly adhere to data protection as well as privacy regulations. The Data Privacy Act of 2012 (DPA) stands as a cornerstone, mandating organizations to handle personal data in a professional and secure way. The purpose of DPA in the BPO industry is to prevent data breaches that may cause reputational damage to the company, due to the leakage of the client’s data. Including data encryption, access control, and employee training is a step towards preventing data breach. BPO has to take care of their employees and carefully discuss the policies at work, employment contracts, and following the minimum number of five workers, as stated by the Department of Labor and Employment (DOLE). In addition, cyber threats are being addressed by the Cybercrime Prevention Act of 2012, which focuses on understanding the importance of incorporating the need of the BPO sector to work on their cybersecurity. Lastly, the BPO sector is able to protect their reputation while simultaneously working on their risk mitigation and safeguarding client’s data.

Incidents involving BPO 

Cybersecurity Posture of Philippine BPO Industries:A Six-Month Performance Analysis

Comparative Analysis of 4 leading BPO in the Philippines, as of November 20, 2024

The security ratings are scored based on these 10 factors:

More info about the metrics: https://securityscorecard.com/wp-content/uploads/2024/01/EBOOK-MethodologyDeepDive-3.0_v2-1.pdf 

In a competitive industry, tracking performance trends is essential to understanding who leads, who lags, and who stays steady. Here's a closer look at how seven notable BPO companies performed over the past six months with grades from A (strong) to F (weak), highlighting their strengths and areas for improvement.

• Overall Trends:
• The purpose of this chart is to understand the overall performance of Sixeleven bpo, Cloudstaff, Alorica, Concentrix, Teleperformance, Outsourced, and Accenture over the past six months (June to November).
• Among all seven BPO industries, Outsourced is the only company that faced a drastic drop during these six months.
• Top Performers:
• Accenture (Pink): The best and consistent performer over the six-month period. (Remains in the A-range)
• Concentrix (Brown): Stable performance with no big fluctuations, being a big competition for Accenture. (Remains in the A-range)
• Mid-Performers:
• Sixelevenbpo (Blue): Solid consistent with no major changes that effectively ranges in B-range.
• Cloudstaff (Purple): Only remains in the B-range as there are some minor fluctuations throughout the period. (B-range)
• Alorica (Teal): Faces a slight drop during the six month period, but still remains strong in the B-range.
• Consistent Lower Scores:
• Outsourced (Cyan): The weakest performer out of all sevecn companies, ranging an F-scoring due to the starting decline in June and drastic drop in July. Since then, there are no signs of recovery.
• Teleperformance (Magenta): Consistent fluctuation and faces a trend drop in July and August. Was able to stabilize back to the B-range, however, no recovery is seen.

Monthly Variations:

While companies like Accenture and Concentrix saw only upward trends, likely driven by strategic initiatives or favorable market conditions, others like Teleperformance and Alorica experienced sudden dips. Outsourced stood out for all the wrong reasons, being the only company to show a sustained decline.

These variations highlight the importance of agility and resilience in maintaining competitive standing in the BPO industry. Companies with stable, upward trajectories not only gain trust but also position themselves as leaders in a challenging landscape.

Importance of Practicing Cybersecurity Hygiene in the BPO Industry

The BPO industry has to practice proper cybersecurity hygiene as they are responsible in keeping the confidentiality of their client’s sensitive data, while working closely with third-party telecommunication providers. Therefore, BPO industries are required to strictly adhere to data protection as well as privacy regulations. The Data Privacy Act of 2012 (DPA) stands as a cornerstone, mandating organizations to handle personal data in a professional and secure way. The purpose of DPA in the BPO industry is to prevent data breaches that may cause reputational damage to the company, due to the leakage of the client’s data. Including data encryption, access control, and employee training is a step towards preventing data breach. BPO has to take care of their employees and carefully discuss the policies at work, employment contracts, and following the minimum number of five workers, as stated by the Department of Labor and Employment (DOLE). In addition, cyber threats are being addressed by the Cybercrime Prevention Act of 2012, which focuses on understanding the importance of incorporating the need of the BPO sector to work on their cybersecurity. Lastly, the BPO sector is able to protect their reputation while simultaneously working on their risk mitigation and safeguarding client’s data.